Scanned pages/files
| Request | Server response | Status |
http://casinoplays.nl/ | 200 OK Content-Length: 10230 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By ...[755 bytes skipped]... ;/head> <center><font style="color:white;font size:8px;text-align: center;font-family:Pirata One;text-shadow: 0 0 10px #000000, 0px 0px 10px #000000,0 0 10px #000000,0 0 10px #000000;"><font face="Pirata One" color=red size=5><center><br> <div class="dd-postmetadataheader"><h2 class="dd-postheader"> </title><font size="10" face="Keania One" color="red">Hacked By <font color="white">Security<font color="#38df21">Crewz</font> <center> <font size="4" face="Narkisim" color="red">If you're good <font color="white"> at Something Never<font color="38df21"> do it for Free!! ^^</font> <script language=JavaScript> </script> <!--Simply copy and paste to the <HEAD> section of your page.--> <!-- Color Skings CSS - ...[10430 bytes skipped]... | ||
http://shop4brides.ru/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://shop4brides.ru/wp-content/themes/irex-lite/SketchBoard/functions/sketch-background-gallery/inc/front/js/skebggallery.js?ver=4.0.1 | 200 OK Content-Length: 14297 Content-Type: application/x-javascript | clean |
http://casinoplays.nl/test404page.js | 404 Not Found Content-Length: 7883 Content-Type: text/html | clean |
http://casinoplays.nl/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://casinoplays.nl/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.4.5 | 200 OK Content-Length: 816 Content-Type: application/javascript | clean |
http://adserving.unibet.com/ad.aspx?pid=46385&bid=9225 | 200 OK Content-Length: 306 Content-Type: text/html | clean |
http://adserving.unibet.com/redirect.aspx?bid=9225&pid=46385&zid=0&pbg=0&cid=0&ctcid=0&mid=0&sid=0 | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 11 Dec 2015 09:36:36 GMT Location: https://www.unibet.eu/stan/campaign.do?cmpId=1018125&affiliateId=1&unibetTarget=/livecasino&bTag=81742412_45214D64933F4B019E7F0F083238FC58&affiliateId=1&pid=46385&bid=9225 Server: nginx Content-Length: 0 Content-Type: text/html P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies" Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a46385%2c%22BID%22%3a9225%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1449826596472)%5c%2f%22%2c%22CookieTag%22%3a%22922546385201921201C201512111036%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ Set-Cookie: NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222938705123%22%7d%5d; expires=Sun, 11-Dec-3014 09:36:36 GMT; path=/ X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
https://www.unibet.eu/stan/campaign.do?cmpid=1018125&affiliateid=1&unibettarget=/livecasino&btag=81742412_45214d64933f4b019e7f0f083238fc58&affiliateid=1&pid=46385&bid=9225 | HTTP/1.1 301 Moved Permanently Date: Fri, 11 Dec 2015 09:36:36 GMT Location: https://www.unibet.eu:443/stan/redirecttocampaign.do?cmpid=1018125&affiliateid=1&unibettarget=/livecasino&btag=81742412_45214d64933f4b019e7f0f083238fc58&affiliateid=1&pid=46385&bid=9225&landingPageUrl=https%3A%2F%2Fwww.unibet.eu%3A443%2Fregistration Server: GlassFish Content-Length: 0 Set-Cookie: ADRUM_BTa=R:0|g:2b6dfded-d79a-4b50-bc56-7fb9051c9520; Expires=Fri, 11-Dec-2015 09:37:06 GMT; Path=/; Secure Set-Cookie: ADRUM_BT1=R:0|i:3919; Expires=Fri, 11-Dec-2015 09:37:06 GMT; Path=/; Secure Set-Cookie: ADRUM_BT1=R:0|i:3919|e:9; Expires=Fri, 11-Dec-2015 09:37:06 GMT; Path=/; Secure Set-Cookie: JSESSIONID=066377e627bce2eb06ec59e06a1c; Path=/stan; Secure; HttpOnly Set-Cookie: __ucbt=066377e627bce2eb06ec59e06a1c; Domain=.unibet.eu; Expires=Mon, 11-Dec-2017 09:36:35 GMT; Path=/ Set-Cookie: UNIBET_REQUEST_URL=https%3A%2F%2Fwww.unibet.eu%2Fstan%2Fcampaign.do%3Fcmpid%3D1018125%26affiliateid%3D1%26unibettarget%3D%2Flivecasino%26btag%3D81742412_45214d64933f4b019e7f0f083238fc58%26affiliateid%3D1%26pid%3D46385%26bid%3D9225; Domain=.unibet.eu; Path=/ Set-Cookie: UNIBET_INTERNAL_CAMPAIGN_ID=""; Domain=.unibet.eu; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: campaignId=""; Domain=.unibet.eu; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: ADRUM_BTs=R:0|s:p; Expires=Fri, 11-Dec-2015 09:37:07 GMT; Path=/; Secure Set-Cookie: ADRUM_BT1=R:0|i:3919|e:9|d:959; Expires=Fri, 11-Dec-2015 09:37:07 GMT; Path=/; Secure X-Cnection: close X-Frame-Options: SAMEORIGIN X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Java/Oracle Corporation/1.7) | clean |
https://www.unibet.eu:443/stan/redirecttocampaign.do?cmpid=1018125&affiliateid=1&unibettarget=/livecasino&btag=81742412_45214d64933f4b019e7f0f083238fc58&affiliateid=1&pid=46385&bid=9225&landingpageurl=https%3a%2f%2fwww.unibet.eu%3a443%2fregistration | 500 Internal Server Error Content-Length: 1404 Content-Type: text/html | clean |
http://www.unibet.eu:443/test404page.js | 500 Server closed connection without sending any data back Content-Length: 117 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: casinoplays.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 Dec 2015 09:36:30 GMT
Accept-Ranges: bytes
ETag: "27f6-51bc8d8c8ca00"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 10230
Content-Type: text/html
Last-Modified: Sun, 26 Jul 2015 15:25:28 GMT
...10230 bytes of data.
GET / HTTP/1.1
Host: casinoplays.nl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 Dec 2015 09:36:30 GMT
Accept-Ranges: bytes
ETag: "27f6-51bc8d8c8ca00"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 10230
Content-Type: text/html
Last-Modified: Sun, 26 Jul 2015 15:25:28 GMT
...10230 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: casinoplays.nl
Referer: http://www.google.com/search?q=casinoplays.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: casinoplays.nl
Referer: http://www.google.com/search?q=casinoplays.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=casinoplays.nl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://casinoplays.nl/
Result: casinoplays.nl is not infected or malware details are not published yet.
Result: casinoplays.nl is not infected or malware details are not published yet.