Only blacklisted or other issues also?

See: https://www.virustotal.com/nl/url/24e1a0af3c9b58d5d5736c77d21b1d2c2d2ba060ff4b6fcdb5b9bcd337076b2b/analysis/1411817613/
Blacklisted by Quttera’s.

Not so happy findings 9 see: https://securityheaders.com/test-http-headers.php

am15.net Header Analysis
The HTTP headers we saw when we visited am15.net
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 27 Sep 2014 11:41:30 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.4.15-1~dotdeb.1

Summary
Number of Happy Findings: 1
Number of Not As Happy Findings: 9
Percentage Happy Findings: 10%X-Frame-Options

Uh oh! X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.

Strict-Transport-Security

Uh oh! Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.

Nosniff

Uh oh! nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.

X-XSS-Protection

Uh oh! We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.

Promiscuous CORS Support

Good news! Access-Control-Allow-Origin: * wasn’t found in the site’s HTTP header, so XHR Cross Object Resource Sharing requests are prohibited or should be tuned to am15.net’s desired settings.

Content Security Policy

Uh oh! We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.

UTF-8 Character Encoding

Uh oh! utf-8 doesn’t appear to be declared in this site’s HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site’s pages. We hope so.

Server Information

Uh oh! Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!

X-Powered-By

Uh oh! X-Powered-By was found in this site’s HTTP header, making it easier for attackers to know about potential vulnerabilities that may exist on your site!

Cross Domain Meta Policy

Uh oh! Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…

IP Badness history: https://www.virustotal.com/nl/ip-address/144.76.38.39/information/

polonus

The following site is flagged by MX VirusWatch as with "unknown_html_RFI_shell’.
And indeed flagged twice here: https://www.virustotal.com/nl/url/e46ca8a388c5963a69ea0633b8eec48f1a038d05c27e1f7e05f9757e47555770/analysis/1411819241/
SPAM activity seen from the IP http://knujon.com/ips/91.202.63.43.html
and additional risk on being blacklisted while 137 websites share one and the same IP:
http://sameid.net/ip/91.202.63.43/
of which several kick up malware or cause IDS alerts: http://urlquery.net/report.php?id=1411819750308
ET INFO HTTP Request to a *.ru.tf domain & Detected a Dynamic DNS URL
http://dnscheck.pingdom.com/?domain=all-game4.koronea.pp.ua&timestamp=1411820336&view=1
Outdated Web Server Nginx Found Vulnerabilities on nginx nginx/1.2.3
Warnings on X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.
Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.
nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.
We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.
Uh oh! We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.
utf-8 doesn’t appear to be declared in this site’s HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site’s pages. We hope so.
Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!

X-Powered-By was found in this site’s HTTP header, making it easier for attackers to know about potential vulnerabilities that may exist on your site!

Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…

Probably these reasons were enough to cause avast! webshield to block site as URL:Mal!

Good news: Access-Control-Allow-Origin: * wasn’t found in the site’s HTTP header, so XHR Cross Object Resource Sharing requests are prohibited or should be tuned to all-game4.koronea.pp.ua’s desired settings.

Code hickup: all-game4.koronea.pp dot ua/js/main.js benign
[nothing detected] (script) all-game4.koronea.pp dot ua/js/main.js
status: (referer=all-game4.koronea.pp dot ua/)saved 1810 bytes 66d953edfc5132e01fd25379d726536ab3ec5774
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined function $
suspicious:

Browser Difference Google etc.: Not identical

Google: 59468 bytes Firefox: 58458 bytes
Diff: 1010 bytes

First difference:

polonus

The following site is a known PHISH: https://www.virustotal.com/nl/url/6454e3b2b1afa3d8b7ae5e421f1c6ed1cdbba0fe163f0d5253b0d3148abd0c0c/analysis/1411822289/
index.html
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details:
Threat dump MD5: E9F4E955494ECBE5FCDD14093FC3C13E
File size[byte]: 156
File type: HTML
Page/File MD5: 0138118F59D46F93E3CDC23F63F81276
Scan duration[sec]: 0.099000

iFrame malware on same IP domain: http://www.urlquery.net/report.php?id=1397594300524

This PHISH reported as being dead: http://support.clean-mx.de/clean-mx/phishing.php?id=4716198

listed at http://www.openphish.com/

9 security header vulnerabilities found: https://securityheaders.com/test-http-headers.php

polonus

Athena malbot URL not flagged, found on this list: http://www.crimeflare.com/domains/rba-rhe.html
Nothing here: http://urlquery.net/report.php?id=1411828474626
Flagged twice here: https://www.virustotal.com/nl/url/21a3e24f549489c60eeab8e457201d7fdca0a5f68b3a9b94c2e50c4dd2a7a29e/analysis/1411828181/
Nothing here: http://sitecheck.sucuri.net/results/jmodz.com

8 security header issues detected. X-Frame-Options does not appear to be found in the site’s HTTP header, increasing the likelihood of successful clickjacking attacks.
Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.
nosniff does not appear to be found in the site’s HTTP header, allowing Internet Explorer the opportunity to deliver malicious content via data that it has incorrectly identified to be of a certain MIME type.
We didn’t detect any mention of X-XSS-Protection in headers anywhere, so there’s likely room to improve if we want to be as secure as possible against cross site scripting.
We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.
utf-8 doesn’t appear to be declared in this site’s HTTP header, increasing the likelihood that malicious character conversion could happen. Maybe it is declared in the actual HTML on the site’s pages. We hope so.
Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site! → Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ?
Permitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files…

The following code was blocked by Bitdefender’s TrafficLight as malware, re: http://jsunpack.jeek.org/?report=663dfcf8072d7f1813fce2d36d921644a969e5fe

About Athena malbot → http://blogs.mcafee.com/mcafee-labs/athena-botnet-shows-windows-xp-still-widely-used
Link article author = Umesh Wanve

pol