See: https://asafaweb.com/Scan?Url=1128.me%2Fcn
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Apache/2.4.18 (Win32) OpenSSL/1.0.2e PHP/5.3.29
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
Also Clickjacking warning. Seen as green: http://isithacked.com/check/1128.me%2Fcn%2F
The script that runs there and where it lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs.users.51.la%2F18687674.js
Code errors
script
info: [decodingLevel=0] found JavaScript
error: undefined variable Image
error: ./pre.js:249: TypeError: Image is not a constructor
info: [var a7674src] URL=web2.51.la:82/go.asp?svid=4&id=18687674&tpages=1&ttimes=1&tzone=-7&tcolor=undefined&sSize=undefined,undefined&referrer=undefined&vpage=%5Bobject%20Object%5D&vvtime=1465081096313
info: [var newurl] URL=web2.51.la:82/go.asp?svid=4&id=18687674&tpages=1&ttimes=1&tzone=-7&tcolor=undefined&sSize=undefined,undefined&referrer=undefined&vpage=%5Bobject%20Object%5D&vvtime=1465081096313
info: [decodingLevel=1] found JavaScript
error: line:6: TypeError: Image is not a constructor
setting in form enctype=“multipart/form-data” has not been set. Info credits: Stackoverflow’s SantanuSahoo.
Also consider from that code
<a href="htxp://www.51.la/">ÎÒÒªÀ²Ãâ·Ñͳ¼Æ</a> WEB·þÎñÆ÷
ʱ¼ä¸ñʽ: 2016-6-5 7:18:38
·þÎñÆ÷IP: 117.21.224.131
³ÌÐò°æ±¾: 2014.8
·ÃÎÊÕßIP£º107.178.195.142
µØÖ·ÐÅÏ¢£ºÃÀ¹ú,¾³Íâ,¾³Íâ
UserAgent: AppEngine-Google; (+htxp://code.google.com/appengine; appid: s~domxssscanner-hrd)
²Ù×÷ϵͳ:
ä¯ÀÀÆ÷:
This is a so-called rule-breaker.
For the sub domain I get a
Error! Invalid domain name.→ Domain 1128.me in zone .me
Re: http://www.dnsinspect.com/me/1465081590 → Name servers software versions are exposed.
See: https://seomon.com/domain/1128.me/
polonus (volunteer website security analyst and website error-hunter)