Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://wwwliveroulette.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: wwwliveroulette.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Date: Fri, 29 Aug 2014 03:29:19 GMT Location: http://www.bestcasino.de Server: Apache Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 X-Powered-By: PHP/4.3.4 | malicious |
URL: http://www.bestcasino.de (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.bestcasino.de Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Date: Fri, 29 Aug 2014 03:29:28 GMT Location: http://ads.affiliateclub.com/redirect.aspx?pid=55132&bid=1434 Server: Apache Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 X-Powered-By: PHP/4.3.4 | suspicious |
URL: http://ads.affiliateclub.com/redirect.aspx?pid=55132&bid=1434 (imitation of visitor from search engine) GET /redirect.aspx?pid=55132&bid=1434 HTTP/1.1 Host: ads.affiliateclub.com Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 29 Aug 2014 03:29:32 GMT Location: http://tracking.netrefer.com/Tracking.svc/RecordTrackBack/9948BBF9-4C02-4ECE-A465-5C7DFFBB84E7/10027425584?redirecturl=http://www.travisserver.com/re.asp?name=1003&camp=11087_55132_1434&go=http://www.casinoclub.com&affiliateID=11087_55132_1434 Server: Microsoft-IIS/8.5 Content-Length: 0 Content-Type: text/html P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies" Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a55132%2c%22BID%22%3a1434%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1409282972797)%5c%2f%22%2c%22CookieTag%22%3a%221434551326221185187C2014829429%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | suspicious |
URL: http://tracking.netrefer.com/Tracking.svc/RecordTrackBack/9948BBF9-4C02-4ECE-A465-5C7DFFBB84E7/10027425584?redirecturl=http://www.travisserver.com/re.asp?name=1003&camp=11087_55132_1434&go=http://www.casinoclub.com&affiliateID=11087_55132_1434 (imitation of visitor from search engine) GET /Tracking.svc/RecordTrackBack/9948BBF9-4C02-4ECE-A465-5C7DFFBB84E7/10027425584?redirecturl=http://www.travisserver.com/re.asp?name=1003&camp=11087_55132_1434&go=http://www.casinoclub.com&affiliateID=11087_55132_1434 HTTP/1.1 Host: tracking.netrefer.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 29 Aug 2014 03:29:32 GMT Location: http://www.travisserver.com/re.asp?name=1003&camp=11087_55132_1434&go=http://www.casinoclub.com&affiliateID=11087_55132_1434 Server: Microsoft-IIS/8.5 Content-Length: 16 Content-Type: application/json; charset=utf-8 Set-Cookie: NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%222087556996%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; Path=/ X-Powered-By: ASP.NET | suspicious |
URL: http://www.travisserver.com/re.asp?name=1003&camp=11087%5F55132%5F1434&go=http%3A%2F%2Fwww%2Ecasinoclub%2Ecom&cust=&keep=False&asystem=&acode=&appendcamp=0&cookietest=completed (imitation of visitor from search engine) GET /re.asp?name=1003&camp=11087%5F55132%5F1434&go=http%3A%2F%2Fwww%2Ecasinoclub%2Ecom&cust=&keep=False&asystem=&acode=&appendcamp=0&cookietest=completed HTTP/1.1 Host: www.travisserver.com Referer: http://www.google.com/search?q=redirect+check5 | HTTP/1.1 301 Moved Cache-Control: private Cache-Control: no-cache Date: Fri, 29 Aug 2014 03:29:33 GMT Pragma: no-cache Location: http://www.casinoclub.com Server: Microsoft-IIS/6.0 Content-Length: 0 Content-Type: text/html Expires: Thu, 28 Aug 2014 03:29:32 GMT Set-Cookie: travis=ts=2014%2D08%2D29+03%3A29%3A33&name=1003&idvisitor=DFEA5A287B&version=2&e=no; expires=Sat, 29-Aug-2015 03:29:32 GMT; domain=travisserver.com; path=/ Set-Cookie: 1003=ts=2014%2D08%2D29+03%3A29%3A33&11087%5F55132%5F1434%5Fclick=1&camp=11087%5F55132%5F1434&enabled=1&version=2&e=no; expires=Sat, 29-Aug-2015 03:29:32 GMT; domain=travisserver.com; path=/ X-Powered-By: ASP.NET | suspicious |
Scanned pages/files
Request | Server response | Status |
http://wwwliveroulette.com/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://wwwliveroulette.com/test404page.js | 404 Not Found Content-Length: 1019 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wwwliveroulette.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wwwliveroulette.com/
Result: wwwliveroulette.com is not infected or malware details are not published yet.
Result: wwwliveroulette.com is not infected or malware details are not published yet.