Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ns1.psin.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ns1.psin.org/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://ns1.psin.org/ | HTTP/1.1 200 OK Connection: close Date: Sun, 07 Sep 2014 21:37:14 GMT Accept-Ranges: bytes ETag: "24e0dd-6f-4e8dc4c5" Server: Apache/1.3.42 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a Content-Length: 111 Content-Type: text/html Last-Modified: Thu, 06 Oct 2011 15:09:57 GMT | clean |
http://ns1.psin.org/cgi-sys/defaultwebpage.cgi | 200 OK Content-Length: 3476 Content-Type: text/html | clean |
http://ns1.psin.org/test404page.js | 404 Not Found Content-Length: 2068 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: server.psin.org ...[1645 bytes skipped]... ut what if its https:// or other protocol? SERVER_PORT_SECURE doesn't seem to be used SERVER_PORT logic would break if they use alternate ports --> <h1>404 Not Found</h1> <p>The server can not find the requested page:</p> <blockquote> ns1.psin.org/test404page.js (port 80) </blockquote> <p> Please forward this error screen to server.psin.org's <a href="mailto:com@atendimento.org?subject=Error message [404] 404 Not Found for ns1.psin.org/test404page.js port 80 on Sunday, 07-Sep-2014 18:37:15 BRT"> WebMaster</a>. </p> <hr /> <ADDRESS>Apache/1.3.42 Server at server.psin.org Port 80</ADDRESS> <!-- end content --> </div> </body> </html> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ns1.psin.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Sep 2014 21:37:14 GMT
Accept-Ranges: bytes
ETag: "24e0dd-6f-4e8dc4c5"
Server: Apache/1.3.42 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
Content-Length: 111
Content-Type: text/html
Last-Modified: Thu, 06 Oct 2011 15:09:57 GMT
...111 bytes of data.
GET / HTTP/1.1
Host: ns1.psin.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Sep 2014 21:37:14 GMT
Accept-Ranges: bytes
ETag: "24e0dd-6f-4e8dc4c5"
Server: Apache/1.3.42 (Unix) mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
Content-Length: 111
Content-Type: text/html
Last-Modified: Thu, 06 Oct 2011 15:09:57 GMT
...111 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ns1.psin.org
Referer: http://www.google.com/search?q=ns1.psin.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ns1.psin.org
Referer: http://www.google.com/search?q=ns1.psin.org
Result:
The result is similar to the first query. There are no suspicious redirects found.