DNS issues lead to blacklisting - script insecurity also!

See: https://asafaweb.com/Scan?Url=1128.me%2Fcn
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Server: Apache/2.4.18 (Win32) OpenSSL/1.0.2e PHP/5.3.29
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

Also Clickjacking warning. Seen as green: http://isithacked.com/check/1128.me%2Fcn%2F
The script that runs there and where it lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fjs.users.51.la%2F18687674.js
Code errors

script
     info: [decodingLevel=0] found JavaScript
     error: undefined variable Image
     error: ./pre.js:249: TypeError: Image is not a constructor
     info: [var a7674src] URL=web2.51.la:82/go.asp?svid=4&id=18687674&tpages=1&ttimes=1&tzone=-7&tcolor=undefined&sSize=undefined,undefined&referrer=undefined&vpage=%5Bobject%20Object%5D&vvtime=1465081096313
     info: [var newurl] URL=web2.51.la:82/go.asp?svid=4&id=18687674&tpages=1&ttimes=1&tzone=-7&tcolor=undefined&sSize=undefined,undefined&referrer=undefined&vpage=%5Bobject%20Object%5D&vvtime=1465081096313
     info: [decodingLevel=1] found JavaScript
     error: line:6: TypeError: Image is not a constructor

setting in form enctype=“multipart/form-data” has not been set. Info credits: Stackoverflow’s SantanuSahoo.

Also consider from that code


<a href="htxp://www.51.la/">ÎÒÒªÀ²Ãâ·Ñͳ¼Æ</a> WEB·þÎñÆ÷ 
 
ʱ¼ä¸ñʽ: 2016-6-5 7:18:38 
·þÎñÆ÷IP: 117.21.224.131 
³ÌÐò°æ±¾: 2014.8 
·ÃÎÊÕßIP£º107.178.195.142 
µØÖ·ÐÅÏ¢£ºÃÀ¹ú,¾³Íâ,¾³Íâ 
UserAgent: AppEngine-Google; (+htxp://code.google.com/appengine; appid: s~domxssscanner-hrd) 
²Ù×÷ϵͳ:  
ä¯ÀÀÆ÷:

This is a so-called rule-breaker.

For the sub domain I get a

Error! Invalid domain name.
→ Domain 1128.me in zone .me
Re: http://www.dnsinspect.com/me/1465081590 → Name servers software versions are exposed.

See: https://seomon.com/domain/1128.me/

polonus (volunteer website security analyst and website error-hunter)