4 detect: https://www.virustotal.com/nl/url/d142a80ba92ffae2238c6f27e848ffb6aafc1826f9f275c27bc2981cb4e72a7b/analysis/1451215072/
Dangerous: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=www.xyrwen.com
Infested with malware: https://sitecheck.sucuri.net/results/www.xyrwen.com#sitecheck-details
-http://www.xyrwen.com
Detected libraries:
jquery - 1.4.2 : (active1) -http://www.xyrwen.com/statics/js/hits/jquery-1.4.2.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.8.0 : -http://www.xyrwen.com/statics/js/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
Custom errors: Fail
Requested URL: http://www.xyrwen.com/trace.axd | Response URL: http://www.xyrwen.com/trace.axd | Page title: 跟踪错误 | HTTP status code: 403 (Forbidden) | Response size: 1,997 bytes | Duration: 3,998 ms
Overview
Custom errors are used to ensure that internal error messages are not exposed to end users. Instead, a custom error message should be returned which provides a friendlier user experience and keeps potentially sensitive internal implementation information away from public view.
Result
It looks like custom errors are not correctly configured as the requested URL contains the heading “Server Error in”.
Custom errors are easy to enable, just configure the web.config to ensure the mode is either “On” or “RemoteOnly” and ensure there is a valid “defaultRedirect” defined for a custom error page as follows:
Warning: The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Clickjacking-Warning.
polonus