Scan your site now

Security Report Summary
E
Site:
Scanned Site(s):
1
IP Address:
34.98.77.41
Report Time:
03 Jul 2020 22:43:56 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Security Issues
Window Referrer
  • window.open(b.landingPage,"_blank");[https://cdn.stat-rock.com/player.js]
  • window.open(a,"_blank");[https://cdn.stat-rock.com/player.js]
  • window.open(b)};this.onAdError=function(a,d){a=a||"";d&&d.message&&(a=a+" | "+d.message);[https://cdn.stat-rock.com/player.js]
  • window.open(d,"_blank")}}}function e(){r=function(b){void 0===q?w.off("expandedAd",r):(0<~~a.expandedWidth&&(v.width=b?a.expandedWidth:a.width,q.style.width=b?a.expandedWidth:a.width),0<~~a.expandedHeight&&(v.height=b?a.expandedHeight:a.height))};w.on("fullscreenChange",r)}function g(){q.appendChild(G);[https://cdn.stat-rock.com/player.js]
  • window.open(a,"_blank")});[https://cdn.stat-rock.com/player.js]
  • window.open(this.frameData[this.state.slideIterator.curIndex()].cta.url,"_blank")}},{key:"resetSlideTimer",value:function(){this.config.autoSlideTimeoutID&&clearTimeout(this.config.autoSlideTimeoutID)}},{key:"startSlideTimer",value:function(){this.config.autoAdvance&&(this.resetSlideTimer(),this.state.slideIterator.atEnd()?this.state.complete=!0:this.config.autoSlideTimeoutID=setTimeout(this.navigateNext.bind(this),this.config.autoSlideDuration))}}])&&ge(t.prototype,n),i&&ge(t,i),e}();[http://s.ntv.io/serve/load.js]
  • window.open('"+n+"','_blank')<\/script>";ntv.Tracking.Record(i)}else event&&(event.preventDefault(),event.stopImmediatePropagation()),t.target?window.open(n,t.target):Xt((function(){window.top.location=n}),g.isMobile()?500:100)}function $t(e,t,n,i){var a=this.topWindow.ntvToutAds[i],o=(n.attributes["sync-tracking"]||{}).value,s=a?a.toutClick3rdPartyTracking:[],l=event||top.event,c=l.type;if(o){if(n.isClicked)return;"_blank"!=n.target&&n.addEventListener("click",(function(e){e.preventDefault(),e.stopPropagation()}));[http://s.ntv.io/serve/load.js]
  • window.open('"+p(4,n.clickUrl)+"','_blank'"+r+');[http://s.ntv.io/serve/load.js]
  • window.open(n.href,n.target)}},d=function(){function t(){return"object"==gi(e.MRAID)}function n(e,t){var n=t||this;s.isAutoPlay(n)&&n.state.autoPlayOn&&(e.data&&g.is("b",e.data)?(n.state.isVideoInView=!0,n.state.firstClick||u.play(n),n.state.autoPlayStopWatch.resume()):(n.state.isPlaying||n.player.playing)&&(n.state.autoPlayStopWatch.reset(),n.state.isVideoInView=!1,s.onPlayerOutOfScreen(n)))}function i(e){(function(e){var n=e.executePlayerCommand("isFullscreen");[http://s.ntv.io/serve/load.js]
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */[http://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js]
  • /* prebid.js v2.10.0Updated : 2019-04-11 */[https://1111210941.rsc.cdn77.org/common/js/common/prebid_sb_2019.js]
  • /*basic in-view styles (ivm \x3d in-view mode) */[https://cdn.stat-rock.com/player.js]
  • /*in-view player positioning:*/[https://cdn.stat-rock.com/player.js]
  • /*top*/[https://cdn.stat-rock.com/player.js]
  • /*mid*/[https://cdn.stat-rock.com/player.js]
  • /*bottom*/[https://cdn.stat-rock.com/player.js]
  • /*hidden in-view player*/[https://cdn.stat-rock.com/player.js]
  • /*hidden in-page player*/[https://cdn.stat-rock.com/player.js]
  • /* rewarded type (based on in-view type) */[https://cdn.stat-rock.com/player.js]
  • /*XS screen styles*/[https://cdn.stat-rock.com/player.js]
  • /*copy styles for default banner */[https://cdn.stat-rock.com/player.js]
  • /*iPhone 4-5 screen styles*/[https://cdn.stat-rock.com/player.js]
  • /*vertical align helper*/[https://cdn.stat-rock.com/player.js]
  • /*min-width: 280px;*/[https://cdn.stat-rock.com/player.js]
  • /*display: inline-block;*/[https://cdn.stat-rock.com/player.js]
  • /*line-height: 1px;*/[https://cdn.stat-rock.com/player.js]
  • /*min-width: 280px;*/[https://cdn.stat-rock.com/player.js]
  • /*for wrapper*/[https://cdn.stat-rock.com/player.js]
  • /*loading spinner*/[https://cdn.stat-rock.com/player.js]
  • /*----MS IE11 CSS----*/[https://cdn.stat-rock.com/player.js]
  • /*----MS Edge CSS----*/[https://cdn.stat-rock.com/player.js]
  • /*mobile styles*/[https://cdn.stat-rock.com/player.js]
  • /*round close*/[https://cdn.stat-rock.com/player.js]
  • /*outstream player block*/[https://cdn.stat-rock.com/player.js]
  • /*yt, fb, ig, tt, sc, tw, ok, vk*/[https://cdn.stat-rock.com/player.js]
  • /*IE10-11 hack*/[https://cdn.stat-rock.com/player.js]
  • /*Edge hack*/[https://cdn.stat-rock.com/player.js]
  • /*XS screen styles*/[https://cdn.stat-rock.com/player.js]
  • /*RSS styles*/[https://cdn.stat-rock.com/player.js]
  • /** * bxSlider v4.2.12 * Copyright 2013-2015 Steven Wanderski * Written while drinking Belgian ales and listening to jazz * Licensed under MIT (http://opensource.org/licenses/MIT) */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * =================================================================================== * = PRIVATE FUNCTIONS * =================================================================================== */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Initializes namespace settings to be used throughout plugin */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Performs all DOM and CSS modifications */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Start the slider */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns the calculated height of the viewport, used to determine either adaptiveHeight or the maxHeight value */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns the calculated width to be used for the outer wrapper / viewport */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns the calculated width to be applied to each slide */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns the number of slides currently visible in the viewport (includes partially visible slides) */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns the number of pages (one full viewport of slides is one "page") */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns the number of individual slides by which to shift the slider */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Sets the slider's (el) left or top position */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Sets the el's animating property position (which in turn will sometimes animate el). * If using CSS, sets the transform property. If not using CSS, sets the top / left property. * * @param value (int) * - the animating property's value * * @param type (string) 'slide', 'reset', 'ticker' * - the type of instance for which the function is being * * @param duration (int) * - the amount of time (in ms) the transition should occupy * * @param params (array) optional * - an optional parameter containing any variables that need to be passed in */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Populates the pager with proper amount of pages */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Appends the pager to the controls element */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Appends prev / next controls to the controls element */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Appends start / stop auto controls to the controls element */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Appends image captions to the DOM */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Click next binding * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Click prev binding * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Click start binding * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Click stop binding * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Click pager binding * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Updates the pager links with an active class * * @param slideIndex (int) * - index of slide to make active */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Performs needed actions after a slide transition */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Updates the auto controls state (either active, or combined switch) * * @param state (string) "start", "stop" * - the new state of the auto show */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Updates the direction controls (checks if either should be hidden) */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Initializes the auto process */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Initializes the ticker process */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Runs a continuous loop, news ticker-style */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Check if el is on screen */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Initializes keyboard events */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Initializes touch events */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Event handler for "touchstart" * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /* if (slider.viewport.get(0).setPointerCapture) { slider.pointerId = orig.pointerId; slider.viewport.get(0).setPointerCapture(slider.pointerId); } */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Cancel Pointer for Windows Phone * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /* onPointerCancel handler is needed to deal with situations when a touchend doesn't fire after a touchstart (this happens on windows phones only) */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Event handler for "touchmove" * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Event handler for "touchend" * * @param e (event) * - DOM event object */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Window resize event callback */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Adds an aria-hidden=true attribute to each element * * @param startVisibleIndex (int) * - the first visible element's index */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns index according to present page range * * @param slideOndex (int) * - the desired slide index */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * =================================================================================== * = PUBLIC FUNCTIONS * =================================================================================== */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Performs slide transition to the specified slide * * @param slideIndex (int) * - the destination slide's index (zero-based) * * @param direction (string) * - INTERNAL USE ONLY - the direction of travel ("prev" / "next") */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /* If the position doesn't exist * (e.g. if you destroy the slider on a next click), * it doesn't throw an error. */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Transitions to the next slide in the show */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Transitions to the prev slide in the show */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Starts the auto show * * @param preventControlUpdate (boolean) * - if true, auto controls state will not be updated */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Stops the auto show * * @param preventControlUpdate (boolean) * - if true, auto controls state will not be updated */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns current slide index (zero-based) */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns current slide element */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns a slide element * @param index (int) * - The index (zero-based) of the element you want returned. */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Returns number of slides in show */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Return slider.working variable */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Update all dynamic slider elements */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Destroy the current instance of the slider (revert everything back to original state) */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /** * Reload the slider (revert all DOM changes, and re-initialize) */[https://assetsorigin.techtimes.com/common/js/bxslider4.2.12/jquery.bxslider.js]
  • /*!sc*/[https://widget.newsbreak.com/script/d2d.js]
  • /*|*/[https://widget.newsbreak.com/script/d2d.js]
  • /*|*/[https://widget.newsbreak.com/script/d2d.js]
  • /*! For license information please see load.js.LICENSE */[http://s.ntv.io/serve/load.js]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log("Anura exid: "+response.getExId());[http://www.techtimes.com/]
  • console.log("Anura : "+_anuObj.result);[http://www.techtimes.com/]
  • console.log("Anura : Error");[http://www.techtimes.com/]
  • console.log("Anura exid: "+response.getExId());[http://www.techtimes.com/]
  • console.log('cfvbt ck:'+cfvbt);[http://www.techtimes.com/]
  • console.log('cfvbt:'+cfvbt);[http://www.techtimes.com/]
  • console.log(a)}catch(Q){}fa&&(c||(c=t("\x3cdiv class\x3d'logMobEl'\x3e\x3c/div\x3e"),t("body").append(c)),c.append(a+"\x3cbr/\x3e"))}};this.initError=function(b,c){var d={};b&&(d[pa]=t(b).attr("data-id")||b.id);[https://cdn.stat-rock.com/player.js]
  • console.log(w+"[Log]: "+t.join(" "))})},O.prototype.warn=function(){for(var t=[],e=0;e<arguments.length;e++)t[e]=arguments[e];this._enabled&&Object(m.c)(function(){_.console.warn(w+"[Warn]: "+t.join(" "))})},O.prototype.error=function(){for(var t=[],e=0;e<arguments.length;e++)t[e]=arguments[e];this._enabled&&Object(m.c)(function(){_.console.error(w+"[Error]: "+t.join(" "))})},O);[https://widget.newsbreak.com/script/d2d.js]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • eval("this")}catch(e){"object"==typeof window&&(sy=window)}qy.exports=sy},3:function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0}),n.d(t,"RANDOM",(function(){return a})),t.newConfig=c,n.d(t,"config",(function(){return u}));[https://1111210941.rsc.cdn77.org/common/js/common/prebid_sb_2019.js]
  • document.write(e),t.contentWindow.document.close()},t.insertUserSyncIframe=ce,t.createTrackPixelHtml=function(e){if(!e)return"";var t=encodeURI(e),n='<div style="position:absolute;left:0px;top:0px;visibility:hidden;">';return n+='<img src="'+t+'"></div>'},t.createTrackPixelIframeHtml=ue,t.getIframeDocument=function(e){if(!e)return;var t;try{t=e.contentWindow?e.contentWindow.document:e.contentDocument.document?e.contentDocument.document:e.contentDocument}catch(e){C.logError("Cannot get iframe document",e)}return t},t.getValueString=se,t.uniques=de,t.flatten=fe,t.getBidRequest=function(n,e){return n?(e.some((function(e){var t=c()(e.bids,(function(t){return["bidId","adId","bid_id"].some((function(e){return t[e]===n}))}));[https://1111210941.rsc.cdn77.org/common/js/common/prebid_sb_2019.js]
  • eval(b);[https://cdn.stat-rock.com/player.js]
  • document.write("\x3cspan\x3e\x3c/span\x3e");[https://cdn.stat-rock.com/player.js]
  • document.write('<head><script>document.domain=\\'"+g.getTopWindow().document.domain+"\\';<\/script></head><body></body>');[http://s.ntv.io/serve/load.js]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
Tech Times | Tech News, Science, Health, Reviews