Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: capitaltourist.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 05 Jul 2014 20:43:11 GMT
Location: http://www.capitaltourist.ru/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 237
Content-Type: text/html; charset=iso-8859-1
...237 bytes of data.
GET / HTTP/1.1
Host: capitaltourist.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 05 Jul 2014 20:43:11 GMT
Location: http://www.capitaltourist.ru/
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 237
Content-Type: text/html; charset=iso-8859-1
...237 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: capitaltourist.ru
Referer: http://www.google.com/search?q=capitaltourist.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: capitaltourist.ru
Referer: http://www.google.com/search?q=capitaltourist.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://capitaltourist.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 05 Jul 2014 20:43:11 GMT Location: http://www.capitaltourist.ru/ Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.capitaltourist.ru/ | 200 OK Content-Length: 21400 Content-Type: text/html | clean |
http://www.capitaltourist.ru/_js/date.js | 200 OK Content-Length: 434 Content-Type: application/javascript | clean |
http://bs.yandex.ru/resource/watch.js | 200 OK Content-Length: 58188 Content-Type: application/x-javascript | clean |
http://capitaltourist.ru/index.php?content=intro | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 05 Jul 2014 20:43:13 GMT Location: http://www.capitaltourist.ru/index.php?content=intro Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 260 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.capitaltourist.ru/index.php?content=intro | 200 OK Content-Length: 21995 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=main | 200 OK Content-Length: 12868 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=we | 200 OK Content-Length: 15602 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=guiding | 200 OK Content-Length: 15607 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=calc | 200 OK Content-Length: 25582 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=transfer | 200 OK Content-Length: 11383 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=accommodation | 200 OK Content-Length: 19027 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=trip | 200 OK Content-Length: 11965 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=payment | 200 OK Content-Length: 14597 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=savings | 200 OK Content-Length: 12116 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=visa | 200 OK Content-Length: 51472 Content-Type: text/html | clean |
http://www.capitaltourist.ru/index.php?content=vacancy | 200 OK Content-Length: 13510 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=capitaltourist.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://capitaltourist.ru/
Result: capitaltourist.ru is not infected or malware details are not published yet.
Result: capitaltourist.ru is not infected or malware details are not published yet.