Susceptible to man-in-the-middle attacks:
SSL expires soon
HTTP Strict Transport Security (HSTS) not enforced
HSTS header does not contain max-age
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Secure cookies not used
Vulnerable to cross-site attacks:
HttpOnly cookies not used
HttpOnly cookies not used
When HttpOnly cookies are not used, the cookies can be accessed on the client, which enables certain type of client-side attacks. The website configuration should be changed to enforce HttpOnly cookies.
EXPECTED:
[all set-cookie headers include 'httponly']
FOUND:
set-cookie (s): s HttpOnly;, set-cookie (dp1): dp1, set-cookie (ebay): ebay, set-cookie (nonsession): nonsession
Emails can be fraudulently sent: Lenient SPF filtering
Sender Policy Framework (SPF) record is too lenient as to which domains are allowed to send email on the domain's behalf. This record should definitely not contain (+all) or (?all) mechanisms, as these allow any domain to send email posing as this domain. This record should preferably not use the (~all) mechanism, as this will still allow emails flagged as being from an invalid domain, but will still allow the message to be delivered. Best practice is to use (-all).
EXPECTED:
contains -all
FOUND:
contains ~all
DNS is susceptible to man-in-the-middle attacks:
DNSSEC records prevent third parties from forging the records that guarantee a domain's identity. DNSSEC should be configured for this domain.
EXPECTED:
true
FOUND:
false
Not all is resolving:
https://urlquery.net/report/cb19788e-6e82-4cee-b17a-c348840f0aafOnly CLEANMX comes up with a detection for PHISHING.
Detection for
All Malicious or Suspicious Elements of Submission
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
-signin.ebay.com/ws/$$d$$ benign
-(embed) -signin.ebay.com/ws/$$d$$
status: (referer=-signin.ebay.com/ws/eBayISAPI.dll?SignIn&_trksid=m570.l1524)saved 16879 bytes 4bfa3749594a83d5f65fbe4a1d1d67db92ded0b6
info: [script] -secureir.ebaystatic.com/v4js/z/yy/aaa5p3nkya2onh2wvw0vhpasj.js
info: [script] -secureinclude.ebaystatic.com/js/e1057/us/v4_e10572us.js
info: [script] -secureinclude.ebaystatic.com/js/e1057/us/e10572us.js
info: [img] -ir.ebaystatic.com/rs/v/apstidvcvu5pxlbxkphrrdo5iqv.png
info: [img]- ir.ebaystatic.com/rs/v/fxxj3ttftm5ltcqnto1o4baovyl.png
info: [img] -ir.ebaystatic.com/cr/v/c1/66165_060618_BAU_VA_FLASH_COUPON_D150x30_R1.png
info: [script] -ir.ebaystatic.com/rs/v/qd3dhgal0203tnw1xo4kmgsjcmq.js
info: [img] -rover.ebay.com/roverimp/0/0/9?imp=1018649
file: 4bfa3749594a83d5f65fbe4a1d1d67db92ded0b6: 16879 bytes
/////////////////////
: [script] wXw.ebay.com/rdr/js/s/rrbundle-v1.0.2.js
info: [script] -secureinclude.ebaystatic.com/js/v/in/roverlv.js
info: [img] -ir.ebaystatic.com/rs/v/apstidvcvu5pxlbxkphrrdo5iqv.png
info: [img] -ir.ebaystatic.com/rs/v/fxxj3ttftm5ltcqnto1o4baovyl.png
info: [img] -rover.ebay.com/roversync/?site=0&stg=1&mpt=1528302877907
info: [img] -c.paypal.com/v1/r/d/b/ns?s=EBAY_SIGNIN&js=0&r=1&f=d5f33c851630ab112eb6b596ff94caa8
info: [iframe] wXw.ebay.com/n.html?id=usllpic0&id=d5f33cd31630ab112eb03b20fffbb256&suppressFlash=true
info: [script] -secureir.ebaystatic.com/v4js/z/yy/aaa5p3nkya2onh2wvw0vhpasj.js#SYS-ZAM_e1063_1_EUS
info: [script]- ir.ebaystatic.com/rs/v/dw5a31rmxmzjfazlcvx4wnwylmt.js
info: [embed] -signin.ebay.com/ws/$$d$$
info: [decodingLevel=0] found JavaScript
error: line:162: SyntaxError: missing ; before statement:
error: line:162: t.msg=msg;t.ajxUrl=msg.svcConfig.url;if(t.tkSp)t.tkSp.innerHTML="<input type="hidden" name=""+t.tkP4S+"" value=""+t.tkvalue+"">";},udtImgSrc:function(urlObj){var t=this,url=t.imUrl,p4S=t.tkP4S,value=t.tkvalue;if(urlObj){if(urlObj.url)t.imUrl=url=urlObj.ur
error: line:162: ................................................................^
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3: <!DOCTYPE html PUBLIC "-/W3C/DTD HTML 4.01 Transitional/EN" "-http:/www.w3.org/TR/html4/loose.dtd"><html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><script src="-https:/www.ebay.com/rdr/js/s/rrbundle-v1.0.2.js" t
error: line:3: ...............^
file: 56b5297e88f451e05e14a9687962420025555493: 176541 bytes
-www.ebay.com/rdr/js/s/rrbundle-v1.0.2.js suspicious
[suspicious:5] (ipaddr:23.209.177.108) (script) -www.ebay.com/rdr/js/s/rrbundle-v1.0.2.js
status: (referer=-signin.ebay.com/ws/eBayISAPI.dll?SignIn&_trksid=m570.l1524)saved 205496 bytes 5ad5129f9cef2979443f55661271399ed7db90cb
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [img] -www.ebay.com/rdr/js/s/
info: [decodingLevel=0] found JavaScript
error: undefined function document.querySelectorAll
error: undefined variable s9F
info: DecodedGenericCLSID detected CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA
suspicious: Warning detected /warning CVE-NO-MATCH Shellcode Engine Binary Threshold
info: DecodedMsg detected /info.ActiveXObject ShockwaveFlash.ShockwaveFlash
info: [decodingLevel=1] found JavaScript
info: file: saved -www.ebay.com/rdr/js/s/rrbundle-v1.0.2.js to (5ad5129f9cef2979443f55661271399ed7db90cb)
file: 5ad5129f9cef2979443f55661271399ed7db90cb: 205496 bytes
file: d897ae35cddc448eda57f3bc8898014a9c10fe74: 248 bytes
See sources in sinks in that code:
http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.ebay.com%2Frdr%2Fjs%2Fs%2Frrbundle-v1.0.2.jspolonus (volunteer website security analyst and website error-hunter)