Re: http://killmalware.com/gxllcy.com/#
500 Can’t connect to -gxllcy.com:80
Content-Length: 185
Content-Type: text/plain → http://toolbar.netcraft.com/site_report?url=http://gxllcy.com
6 other sites hosted on server: https://whois.domaintools.com/gxllcy.com
Warnings: http://www.dnsinspect.com/gxllcy.com/1453742019
Server: Microsoft-HTTPAPI/2.0 → http://toolbar.netcraft.com/site_report?url=http://117.141.114.112
MikroTik router ftpd 2.9.27 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) Windows Device Router
Google Analytics. 33% of the trackers on this site could be protecting you from NSA snooping. Tell to fix it.
Unique IDs about your web browsing habits have been insecurely sent to third parties.
d5fb79cb40414a3091d42xxxxxxxxxx1a1445965753
At least 2 third parties know you are on this webpage.
ssl.google-analytics.com Google
Requested URL: http://117.141.114.112/ | Response URL: http://117.141.114.112/ | Page title: Not Found | HTTP status code: 404 (Not found) | Response size: 315 bytes | Duration: 582 ms
Overview
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An “X-Frame-Options” header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.
Result
It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.
polonus (volunteer website security analyst and website error-hunter)