Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nivut.org.il
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 10 Sep 2014 14:56:38 GMT
Server: Microsoft-IIS/7.0
Content-Length: 156931
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=wbkh2hrtcma5k3gthmecbqd0; domain=.nivut.org.il; path=/; HttpOnly
Set-Cookie: otmData=languagePref=en; domain=.nivut.org.il; expires=Wed, 01-Oct-2014 14:56:37 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
...156931 bytes of data.
GET / HTTP/1.1
Host: nivut.org.il
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 10 Sep 2014 14:56:38 GMT
Server: Microsoft-IIS/7.0
Content-Length: 156931
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=wbkh2hrtcma5k3gthmecbqd0; domain=.nivut.org.il; path=/; HttpOnly
Set-Cookie: otmData=languagePref=en; domain=.nivut.org.il; expires=Wed, 01-Oct-2014 14:56:37 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: UrlRewriter.NET 2.0.0
X-Powered-By: ASP.NET
...156931 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nivut.org.il
Referer: http://www.google.com/search?q=nivut.org.il
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nivut.org.il
Referer: http://www.google.com/search?q=nivut.org.il
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://nivut.org.il/ | 200 OK Content-Length: 156931 Content-Type: text/html | clean |
http://nivut.org.il/WebResource.axd?d=wsECL3VxqlNIQxBUJUv4Uy9FSEz0WVTN8-VUvBc2HVgzmJBk9VCL00JwNpz-jyve7scf6XGyfwziJf_u6DvkBdQ-ZV01&t=635217208340000000 | 200 OK Content-Length: 22346 Content-Type: application/x-javascript | clean |
http://nivut.org.il/ScriptResource.axd?d=sRico8dTWZYmSdppS_c79s2BrpAiTTpyY-mfq6IKNsG9ZkSDEQ8xMGTOHqRuM1rKFfWahbOq-2jvMsXZ3BlwpGzqvR1DJ5BE1kHlL3Rqn5cNfpfdOZy5q1vlJIMjlOBy5sqEEO37aYGkalNeR84sR9hyPWI1&t=6c3c7bd9 | 200 OK Content-Length: 26951 Content-Type: application/x-javascript | clean |
http://nivut.org.il/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=ctl00_RadScriptManager1_TSM&compress=1&_TSM_CombinedScripts_=%3b%3bSystem.Web.Extensions%2c+Version%3d4.0.0.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d31bf3856ad364e35%3aen-US%3ac9cbdec3-c810-4e87-846c-fb25a7c08002%3aea597d4b%3ab25378d2 | 200 OK Content-Length: 143745 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/Core.js | 200 OK Content-Length: 51389 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/jQuery.js | 200 OK Content-Length: 94984 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/jQueryInclude.js | 200 OK Content-Length: 112 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/FormDecorator/RadFormDecorator.js | 200 OK Content-Length: 38815 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/Popup/PopupScripts.js | 200 OK Content-Length: 28540 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/jQueryPlugins.js | 200 OK Content-Length: 8073 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/Scrolling/ScrollingScripts.js | 200 OK Content-Length: 3633 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/Navigation/NavigationScripts.js | 200 OK Content-Length: 39483 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/TabStrip/RadTabStripScripts.js | 200 OK Content-Length: 61867 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Notification/RadNotification.js | 200 OK Content-Length: 24388 Content-Type: application/x-javascript | clean |
http://aspnet-scripts.telerikstatic.com/ajax/2012.3.1308/Common/TouchScrollExtender.js | 200 OK Content-Length: 9216 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nivut.org.il
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nivut.org.il/
Result: nivut.org.il is not infected or malware details are not published yet.
Result: nivut.org.il is not infected or malware details are not published yet.