Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: concordtravel.ge
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 09 Apr 2014 07:35:21 GMT
Server: Microsoft-IIS/7.5
Content-Length: 151745
Content-Type: text/html; charset=utf-8
Set-Cookie: Esperantus_Language_concordtravel=en; path=/
Set-Cookie: PortalAlias=concordtravel; path=/
Set-Cookie: Rainbow_WinMgmt=b31b0480-4ad8-492f-a461-9227a2d1c56e; expires=Wed, 09-Apr-2014 08:00:20 GMT; path=/
Set-Cookie: ASP.NET_SessionId=bvdmld55ooqxhz55zmyvez55; path=/; HttpOnly
Set-Cookie: RainbowSecurity=875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@350CED6F-6739-43F3-8BF1-1D95187CA0BF@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@350CED6F-6739-43F3-8BF1-1D95187CA0BF@; expires=Wed, 09-Apr-2014 09:35:20 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...151745 bytes of data.
GET / HTTP/1.1
Host: concordtravel.ge
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 09 Apr 2014 07:35:21 GMT
Server: Microsoft-IIS/7.5
Content-Length: 151745
Content-Type: text/html; charset=utf-8
Set-Cookie: Esperantus_Language_concordtravel=en; path=/
Set-Cookie: PortalAlias=concordtravel; path=/
Set-Cookie: Rainbow_WinMgmt=b31b0480-4ad8-492f-a461-9227a2d1c56e; expires=Wed, 09-Apr-2014 08:00:20 GMT; path=/
Set-Cookie: ASP.NET_SessionId=bvdmld55ooqxhz55zmyvez55; path=/; HttpOnly
Set-Cookie: RainbowSecurity=875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@350CED6F-6739-43F3-8BF1-1D95187CA0BF@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@875254B7-2471-491F-BAF8-4AFC261CC224@350CED6F-6739-43F3-8BF1-1D95187CA0BF@; expires=Wed, 09-Apr-2014 09:35:20 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...151745 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: concordtravel.ge
Referer: http://www.google.com/search?q=concordtravel.ge
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: concordtravel.ge
Referer: http://www.google.com/search?q=concordtravel.ge
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://concordtravel.ge/ | 200 OK Content-Length: 151745 Content-Type: text/html | clean |
http://concordtravel.ge/WebResource.axd?d=P5mw9GD59KxpB0stsnhiEDNOSO5Ta97CYpqDK1lP_9ZTeCW47Nhg7h5EgFMoSKLYtIZUIhw6MJ9Y38pmu5DQCGv_X2U1&t=634258850654344891 | 200 OK Content-Length: 20794 Content-Type: application/x-javascript | clean |
http://concordtravel.ge/ScriptResource.axd?d=zVBpE82zGeXET8TXt27UfjTbd29n_yYzMYyag75vHqQjPfqH7ZWEHTgRPW_OPBWXFughBZnPWUP-THarJM02sxpgGtapjfVdjHOf5tN8b0XHQMVd9gyOKtY1BHSl7ZHichtS7Q2&t=634198160260000000 | 200 OK Content-Length: 84019 Content-Type: application/x-javascript | clean |
http://concordtravel.ge/ScriptResource.axd?d=i3EuT7MkhvAURcLSp_MR7HfhyQv3DMBUpwK3s2lf314YrE2sahaESFmywNrA2pzhMc1M8WdkNahtC_RKPLepyVi3UlE26zZwCd-sQIv2Q2znGdv5mSGtGr7G5jokx5N-bOWqXw2&t=634198160260000000 | 200 OK Content-Length: 29523 Content-Type: application/x-javascript | clean |
http://concordtravel.ge/DesktopModules/ImageViewerJS/ImageResizer.js | 200 OK Content-Length: 2598 Content-Type: application/x-javascript | clean |
http://concordtravel.ge/Design/DesktopLayouts/ConcordTravel/img/ieupdate.js | 200 OK Content-Length: 301 Content-Type: application/x-javascript | clean |
http://concordtravel.ge/aspnet_client/DUEMETRI_UI_WebControls_HWMenu/1_0_0_0/menu_com.js | 200 OK Content-Length: 36609 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 22002 Content-Type: text/javascript | clean |
http://counter.top.ge/cgi-bin/cod?100+16491 | 200 OK Content-Length: 371 Content-Type: application/x-javascript | clean |
http://concordtravel.ge/portal/alias__concordtravel/lang__en/tabid__1456/default.aspx | 200 OK Content-Length: 58550 Content-Type: text/html | clean |
http://concordtravel.ge/DesktopModules/ImageViewerJS/highslide-with-gallery.js | 200 OK Content-Length: 67458 Content-Type: application/x-javascript | clean |
http://concordtravel.ge/DesktopModules/ImageViewerJS/swfobject_modified.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://concordtravel.ge/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://concordtravel.ge/portal/alias__concordtravel/tabid__4369/default.aspx | 200 OK Content-Length: 69233 Content-Type: text/html | clean |
http://concordtravel.ge/portal/Gourmet-Tour-Georgia-Caucasus/alias__concordtravel/lang__en/tabid__4434/Gourmet-tour.aspx | 200 OK Content-Length: 66647 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=concordtravel.ge
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://concordtravel.ge/
Result: concordtravel.ge is not infected or malware details are not published yet.
Result: concordtravel.ge is not infected or malware details are not published yet.