The main domain and www-subdomain may not be malicious as such,
but that site has alerts for cloaking, which is often not a good sign.
It further has spammy looking links and iFrame (hopefully same origin).
htxp://secure.newegg.com is contradictory (http versus https?). Warning:
Root installed on the server.
For best practices, remove the self-signed root from the server.
So not the strongest server configuration newegg server:
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Not Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Not Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
A fileview scan sees potential problems: The scan has detected some potential problems in these files. First scroll down through the code listed out after the list of links, this is the code returned by the request for the URL you entered and check for any problems. Next, these link(s) will open the individual URL(s) in this tool, check through the code that is returned, compare the code being returned to a known clean copy, etc.
1 -> images10.newegg.com/WebResource/Scripts/USA/Common/PageDisplayLib.v1.w.12809.5.js
2 -> images10.newegg.com/WebResource/Scripts/USA/Common/BizCommon.v1.w.13375.5.e0.js
3 -> images10.newegg.com/WebResource/Scripts/USA/WWW/Product.v1.w.13225.0.js
In the source code we point at line 60 with ]if(top.location!=
self.location ) etc.
HttpOnly cookie alert: Result
It looks like 2 cookies are being set without the "HttpOnly" flag being set (name : value):
NV%5FCONFIGURATION : #5%7b%22Sites%22%3a%7b%22USA%22%3a%7b%22Values%22%3a%7b%22w57%22%3a%22USA%22%2c%22w58%22%3a%22USD%22%2c%22w44%22%3a%22-1%22%2c%22w45%22%3a%22-1%22%2c%22wd%22%3a%220%22%7d%2c%22Exp%22%3a%221563362944%22%7d%7d%7d
NV%5FDVINFO : #5%7b%22Sites%22%3a%7b%22USA%22%3a%7b%22Values%22%3a%7b%22w19%22%3a%22Y%22%7d%2c%22Exp%22%3a%221477049344%22%7d%7d%7d
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack + Clickjacking Warning.
Meagre F results here:
https://observatory.mozilla.org/analyze.html?host=www.newegg.comRetirable code: -http://www.newegg.com
Detected libraries:
jquery - 1.10.2 : (active1) -http://images10.newegg.com/WebResource/Scripts/USA/TP_jQueryPlugin/jquery-1.10.2.min.js?purge=1
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/jquery-migrate - 1.2.1 : -http://images10.newegg.com/WebResource/Scripts/USA/TP_jQueryPlugin/jquery-migrate-1.2.1.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290http://research.insecurelabs.org/jquery/test/jquery - 1.6.4 :
http://d3v27wwd40f0xu.cloudfront.net/js/newegg_bootstrap.jsInfo: Severity: medium
http://bugs.jquery.com/ticket/11290http://research.insecurelabs.org/jquery/test/Info: Severity: medium
https://github.com/jquery/jquery/issues/2432http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/(active) - the library was also found to be active by running code
3 vulnerable libraries detected
DOM XSS vuln.: Results from scanning URL: hxtp://images10.newegg.com/WebResource/Scripts/USA/TP_Cretio/criteo_ld.js
Number of sources found: 11
Number of sinks found: 3
Stiil vuln. to Criteo Flash exploit? - earlier angler exploit vuln.
Just like HonzaZ says, website may not be malicious per se at this moment,
but if I could give away points for it's security status it would only get a meagre 38 out on a scale of 100.
Ask newegg web administration to do a better job of it!
polonus (volunteer website security analyst and website error-hunter)
