Scan your site now

Security Report Summary
A
Site:
Scanned Site(s):
1
IP Address:
185.146.2.236
Report Time:
28 Feb 2021 15:25:56 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* PLEASE DO NOT COPY AND PASTE THIS CODE. */[https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit]
  • /*! * jQuery JavaScript Library v2.1.3 * http://jquery.com/ * * Includes Sizzle.js * http://sizzlejs.com/ * * Copyright 2005, 2014 jQuery Foundation, Inc. and other contributors * Released under the MIT license * http://jquery.org/license * * Date: 2014-12-18T15:11Z */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /*! * Sizzle CSS Selector Engine v2.2.0-pre * http://sizzlejs.com/ * * Copyright 2008, 2014 jQuery Foundation, Inc. and other contributors * Released under the MIT license * http://jquery.org/license * * Date: 2014-12-16 */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Create key-value caches of limited size * @returns {Function(string, Object)} Returns the Object data after storing it on itself with * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) * deleting the oldest entry */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Mark a function for special use by Sizzle * @param {Function} fn The function to mark */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Support testing using an element * @param {Function} fn Passed the created div and expects a boolean result */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Adds the same handler for all of the specified attrs * @param {String} attrs Pipe-separated list of attributes * @param {Function} handler The method that will be applied */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Checks document order of two siblings * @param {Element} a * @param {Element} b * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Returns a function to use in pseudos for input types * @param {String} type */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Returns a function to use in pseudos for buttons * @param {String} type */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Returns a function to use in pseudos for positionals * @param {Function} fn */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Checks a node for validity as a Sizzle context * @param {Element|Object=} context * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Detects XML nodes * @param {Element|Object} elem An element or a document * @returns {Boolean} True iff elem is a non-HTML XML node */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Sets document-related variables once based on the current document * @param {Element|Object} [doc] An element or document object to use to set the document * @returns {Object} Returns the current document */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Support tests ---------------------------------------------------------------------- */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Attributes ---------------------------------------------------------------------- */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* getElement(s)By* ---------------------------------------------------------------------- */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* QSA/matchesSelector ---------------------------------------------------------------------- */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Contains ---------------------------------------------------------------------- */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Sorting ---------------------------------------------------------------------- */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Document sorting and removing duplicates * @param {ArrayLike} results */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Utility function for retrieving the text value of an array of DOM nodes * @param {Array|Element} elem */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* matches from matchExpr["CHILD"] 1 type (only|nth|...) 2 what (child|of-type) 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) 4 xn-component of xn+y argument ([+-]?\d*n|) 5 sign of xn-component 6 x of xn-component 7 sign of y-component 8 y of y-component */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Internal Use Only */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * A low-level selection function that works with Sizzle's compiled * selector functions * @param {String|Function} selector A selector or a pre-compiled * selector function built with Sizzle.compile * @param {Element} context * @param {Array} [results] * @param {Array} [seed] A set of elements to match against */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* jshint -W018 */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* * Create a callback list using the following parameters: * * options: an optional list of space-separated options that will change how * the callback list behaves or a more traditional option object * * By default a callback list will act like an event callback list and can be * "fired" multiple times. * * Possible options: * * once: will ensure the callback list can only be fired once (like a Deferred) * * memory: will keep track of previous values and will call any callback added * after the list has been fired right away with the latest "memorized" * values (like a Deferred) * * unique: will ensure a callback can only be added once (no duplicate in the list) * * stopOnFalse: interrupt callings when a callback returns false * */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* fnDone, fnFail, fnProgress */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* , ..., subordinateN */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * The ready event handler and self cleanup method */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Determines whether an object can have data */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* jshint -W018 */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* * Helper functions for managing events -- not part of the public interface. * Props to Dean Edwards' addEvent library for many of the ideas. */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /*INTERNAL*/[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Internal Use Only */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Retrieve the actual display of a element * @param {String} name nodeName of the element * @param {Object} doc Document object */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Try to determine the default display value of an element * @param {String} nodeName */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* jshint validthis: true */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Prefilters * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) * 2) These are called: * - BEFORE asking for a transport * - AFTER param serialization (s.data is a string if s.processData is true) * 3) key is the dataType * 4) the catchall symbol "*" can be used * 5) execution will start with transport dataType and THEN continue down to "*" if needed */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Transports bindings * 1) key is the dataType * 2) the catchall symbol "*" can be used * 3) selection will start with transport dataType and THEN go to "*" if needed */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Handles responses to an ajax request: * - finds the right dataType (mediates between content-type and expected dataType) * - returns the corresponding response */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* Chain conversions given the request and the original response * Also sets the responseXXX fields on the jqXHR instance */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /* timeout: 0, data: null, dataType: null, username: null, password: null, cache: null, throws: false, traditional: false, headers: {}, */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Load a url into a page */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
  • /** * Gets a window from an element */[http://vh350.timeweb.ru/js/jquery-2.1.3.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Домен припаркован в Timeweb