Cross domain scan.

Created by: sunilkr

I was scanning an eCommerce app that has page that redirects to paypal.com and I noticed arachni scanning paypal.com. the sitemap include a link https://www.paypal.com/uk/cgi-bin/webscr? the healthmap has around 20 links of paypal mostly of 'Interesting Server Response' and 'CommonDirectories' type.

Follow subdomains option was disabled.

I tried the scan on different machines and the result was same.

I cannot provide you the application URL but can help you in investigation if you can tell me where to look for the 'DOMAIN RESTRICTION'.