See: https://www.virustotal.com/nl/url/24e1a0af3c9b58d5d5736c77d21b1d2c2d2ba060ff4b6fcdb5b9bcd337076b2b/analysis/1411817613/
Blacklisted by Quttera’s.
Not so happy findings 9 see: https://securityheaders.com/test-http-headers.php
am15.net Header Analysis
The HTTP headers we saw when we visited am15.net…
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 27 Sep 2014 11:41:30 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.4.15-1~dotdeb.1
Summary
Number of Happy Findings: 1
Number of Not As Happy Findings: 9
Percentage Happy Findings: 10%X-Frame-Options
Uh oh! X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.
Strict-Transport-Security
Uh oh! Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.
Nosniff
Uh oh! nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.
X-XSS-Protection
Uh oh! We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.
Promiscuous CORS Support
Good news! Access-Control-Allow-Origin: * wasn’t found in the site’s HTTP header, so XHR Cross Object Resource Sharing requests are prohibited or should be tuned to am15.net’s desired settings.
Content Security Policy
Uh oh! We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.
UTF-8 Character Encoding
Uh oh! utf-8 doesn’t appear to be declared in this site’s HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site’s pages. We hope so.
Server Information
Uh oh! Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!
X-Powered-By
Uh oh! X-Powered-By was found in this site’s HTTP header, making it easier for attackers to know about potential vulnerabilities that may exist on your site!
Cross Domain Meta Policy
Uh oh! Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…
IP Badness history: https://www.virustotal.com/nl/ip-address/144.76.38.39/information/
polonus