Re: -http://epmzira3a.com.maroon.mysitehosted.com/
Detailed Error Information:
Module DirectoryListingModule
Notification ExecuteRequestHandler
Handler StaticFile
Error Code 0x00000000
Requested URL -http://epmzira3a.com.maroon.mysitehosted.com:80/
Physical Path E:\HostingSpaces\epmziraa\epmzira3a.com\wwwroot
Logon Method Anonymous
Logon User Anonymous
Two warnings: https://asafaweb.com/Scan?Url=epmzira3a.com.maroon.mysitehosted.com
Something not neatly configuered in Santa Rosa? Softlayer abusable?
Exposure has been mentioned here: https://social.technet.microsoft.com/Forums/forefront/en-US/407e5aab-9bea-479f-919c-3a7d08666533/uag-2010-exposing-detailed-error-information-40314-forbidden?forum=forefrontedgeiag
Presented as a feature:
The way UAG works is that the IIS web site representing the UAG trunk receives the HTTP requests from the internet, and then the UAG components running within the context of this web site create new HTTP requests and send them to their destination. In the case of requests that are destined to reach the InternalSite or the PortalHomePage, those too are re-sent by the trunk web site, and they are sent internally within the UAG server, to the Default Web Site, which listens on localhost:6001 (you can see this also in the screenshot that you posted here). And this is why the Default Web Site perceives these requests as local requests and provides detailed error descriptions.
80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
| http-methods: Potentially risky methods: TRACE
|See http://nmap.org/nsedoc/scripts/http-methods.html
|-http-title: stats.maroon.mysitehosted.com → ssl-cert: Subject: commonName=www.cogentportal.com
→ https://asafaweb.com/Scan?Url=https%3A%2F%2Fcogentportal.com%2FSecurity%2FSignIn.aspx%3Fmessage%3DInvalid%2Blogin%2Binformation.%2BPlease%2Benter%2Ba%2Bvalid%2Buser%2Bname%2Band%2Bpassword.%26UserName%3DAnonymous%26mode%3Dyes
(warnings and fail)… minor website risk status: http://toolbar.netcraft.com/site_report?url=https://cogentportal.com
NameServer Versions exposed and other issues: http://www.dnsinspect.com/cogentportal.com/1449946971
FAIL: We found blacklisted mail servers:
108.168.219.168
zen.spamhaus.org. → https://www.spamhaus.org/query/ip/108.168.219.168
polonus (volunteer website security analyst and website error-hunter)