Www.old-mobile.bet9ja.com /aspx -

| Action | Why | How | |--------|-----|-----| | for bet9ja.com and its sub‑domains. | Prevents DNS hijacking of legacy endpoints. | Enable DNSSEC at the registrar (GoDaddy) and coordinate with the authoritative name server provider. | | Deactivate or remove the old-mobile sub‑domain if not needed. | Eliminates an unnecessary attack surface. | Add a DNS CNAME or A record pointing to a “null” destination (e.g., 127.0.0.1 ) and return a 410 Gone HTTP status. | | If retention is required, serve a 410 Gone response instead of a generic 404. | Explicitly tells browsers and crawlers that the resource is permanently removed, reducing SEO spam and confusion. | Update the web server configuration ( web.config for IIS) to map /aspx (and any other legacy paths) to a 410 response. | | Add a Content Security Policy (CSP) on the redirect page. | Hardens the page against any inadvertent script injection. | Content-Security-Policy: default-src 'self'; script-src 'self' https://trusted‑analytics.com; | | Enable HTTP Strict Transport Security (HSTS) preload for the entire bet9ja.com zone. | Guarantees browsers will only use HTTPS for any future sub‑domains, including legacy ones. | Submit to the HSTS preload list after meeting the requirements. | | Conduct regular security audits of legacy code repositories used for the mobile site. | Ensures any dormant ASPX files are free of known vulnerabilities. | Schedule quarterly code reviews; use static analysis tools for .NET. | | Monitor DNS and certificate transparency logs for unexpected changes to old-mobile.bet9ja.com . | Early detection of hijacking attempts. | Set up alerts via services like SecurityTrails, crt.sh, or a SIEM. | | User‑Education Campaign – inform customers that Bet9ja now uses m.bet9ja.com for mobile access and that any old-mobile.bet9ja.com links are obsolete. | Reduces phishing success rates. | Email newsletters, in‑app notifications, and website banners. |

| Resource | Link | |----------|------| | WHOIS lookup (GoDaddy) | https://whois.godaddy.com/whois?domain=bet9ja.com | | DNS record lookup (DNSDumpster) | https://dnsdumpster.com/ (search for bet9ja.com ) | | SSL Labs assessment (latest) | https://www.ssllabs.com/ssltest/analyze.html?d=bet9ja.com | | IP WHOIS (ARIN/RIPE) | https://whois.arin.net/rest/ip/196.10.11.225 | | Bet9ja official site (for context) | https://www.bet9ja.com | | Nigerian gambling licence information | https://www.nigerianlottery.com/ (search for Bet9ja) | www.old-mobile.bet9ja.com /aspx

If you don't have an account:

Overall, the sub‑domain appears to be a rather than an actively maintained service. No obvious malicious activity is evident, but the existence of an old, unmaintained endpoint can be leveraged for social‑engineering or phishing attempts if not properly monitored. | Action | Why | How | |--------|-----|-----| | for bet9ja

| Scenario | Description | Likelihood | Impact | |----------|-------------|------------|--------| | – an attacker hijacks old-mobile.bet9ja.com and points it to a malicious server. | Users who click on an old bookmark or a phishing email could be served a fake login page collecting credentials. | Low–Medium (Bet9ja likely monitors DNS changes, but no DNSSEC). | High (credential theft, brand damage). | | Re‑activation of Legacy ASPX Pages – old code containing insecure components (e.g., outdated .NET libraries, hard‑coded credentials) is unintentionally re‑enabled. | Could lead to server‑side injection or information disclosure. | Low (no active pages). | Medium–High (if triggered). | | Search Engine Indexing of 404 Page – despite robots.txt, some crawlers may index the 404 page, creating a “dead link” that could be repurposed for SEO spam. | Minor SEO impact; could be used for link farms. | Low | Low. | | Social‑Engineering Use – attackers reference the “old‑mobile” URL in emails to convince victims they are using a “legacy” version of the service. | Phishing attempts that redirect to a malicious site. | Medium | Medium–High (depends on user awareness). | | Supply‑Chain Attack – attacker compromises a third‑party script that is still loaded on the redirect page (e.g., an ad network). | Could inject malicious JS into users who are redirected. | Low | Medium. | | | Deactivate or remove the old-mobile sub‑domain

| Test | Result | Comments | |------|--------|----------| | | 196.10.11.225 (owned by MainOne – a Nigerian ISP & data‑center provider). | Same IP as the primary Bet9ja site; no dedicated hosting for the sub‑domain. | | Geolocation | Lagos, Nigeria (based on IP). | Consistent with Bet9ja’s business location. | | HTTP Headers (sample) | Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SAMEORIGIN | Indicates the site runs on Windows/IIS with ASP.NET – consistent with the “.aspx” suffix. | | Response to /aspx | HTTP 404 Not Found (or a generic redirect to the modern mobile site). | No executable ASPX page exists at that path. | | Robots.txt | User-agent: * Disallow: / (on the main site). The sub‑domain inherits the same rule. | Search engines are blocked from indexing the legacy mobile site. | | Sitemap | None found for the sub‑domain. | Again, reflects the de‑prioritisation of the legacy site. | | Open Ports (via public scans) | 80 (HTTP) – redirects to HTTPS. 443 (HTTPS) – active. | No unusual services exposed. | | Third‑Party Scripts | None detected on the 404 page; the redirect page loads only standard Bet9ja analytics and advertising tags. | No suspicious third‑party code. | | Cookie Usage | None set when hitting the 404 endpoint. | No tracking on the dead page. |

. It offers full access to sports betting, including soccer and tennis, while prioritizing low data usage compared to the modern platform. Explore the platform directly at Bet9ja Old Mobile . AI can make mistakes, so double-check responses Copy Creating a public link... You can now share this thread with others Good response Bad response 3 sites Bet9ja Old Mobile vs New Mobile: Which is right for you? Sep 18, 2024 —