Scanned pages/files
Request | Server response | Status |
http://mail.nutek-us.com/ | HTTP/1.1 302 Found Cache-Control: no-cache, private Connection: close Date: Mon, 07 Apr 2014 22:00:00 GMT Location: http://redir001.biz.mail.ne1.yahoo.com/rd/rd.php?rdsc=1&srchost=mail.nutek-us.com&rand=397064789 Vary: Accept-Encoding Content-Length: 71 Content-Type: text/html; charset=UTF-8 Expires: -1 P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: BX=1h2ecp19k67v0&b=3&s=tu; expires=Thu, 07-Apr-2016 22:00:00 GMT; path=/; domain=.nutek-us.com | clean |
http://redir001.biz.mail.ne1.yahoo.com/rd/rd.php?rdsc=1&srchost=mail.nutek-us.com&rand=397064789 | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Mon, 07 Apr 2014 22:00:01 GMT Location: https://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.ne1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.nutek-us.com%26rand%3d397064789 Vary: Accept-Encoding Content-Length: 3475 Content-Type: text/html P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" | clean |
https://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.ne1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.nutek-us.com%26rand%3d397064789 | 200 OK Content-Length: 145323 Content-Type: text/html | clean |
https://s.yimg.com/zz/combo?kx/yucs/uh3/uh/js/49/ai-ssl-min.js | 200 OK Content-Length: 5787 Content-Type: application/x-javascript | clean |
https://s.yimg.com/zz/combo?yui:2.8.2/build/yahoo-dom-event/yahoo-dom-event.js | 200 OK Content-Length: 36977 Content-Type: application/javascript | clean |
https://s.yimg.com/zz/combo?yui:2.8.2/build/yahoo-dom-event/yahoo-dom-event.js&yui:2.8.2/build/animation/animation-min.js&yui:2.8.2/build/connection/connection_core-min.js&sf/l/2.6.66/j/centerIframe-min.js&sf/l/2.6.65/j/capslock_ui-min.js&sf/l/2.6.65/j/login_md5-min.js | 200 OK Content-Length: 67058 Content-Type: application/javascript | clean |
https://s.yimg.com/lq/lib/reg/js/yahoo_container-min_json-min_connection_main-min-new.js | 200 OK Content-Length: 132448 Content-Type: application/javascript | clean |
https://s.yimg.com/rq/darla/2-7-4/js/g-r-min.js | 200 OK Content-Length: 113293 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. ...[509 bytes skipped]... X_VALUE)||2147483647,aB=(T*aZ),aq=2048,e=60000,g=/^(http\:|https\:|file\:|ftp\:)(?:\/)+([-\w\.]+)(\:\d+)?(([^\s\?#]*)(\?\S[^#]*)*(#\S*)*)/,X=/http\:|https\:|file\:|ftp:\:/gi,S=/^(\.\.\/|\.\/|\/)/,n=/\S[^\?#]*/,af=/(^\.\.\/)/,ac=/(^\.\/)/,am=/(^\/)/,a3=/\:/g,j=0,aW=aS,au=0,aa=0,ap=aA,m=aA,ah=aA,t=aC&&aC.navigator,ae=(t&&t.userAgent)||aS,J=Object[al].hasOwnProperty,C={img:{end:0,type:0},script:{end:1,type:1},style:{end:1,type:2},iframe:{end:1,type:3},object:{end:1,type:4},embed:{end:1,type:5},param:{end:0,type:6},video:{end:1,type:7},audio:{end:1,type:8},track:{end:0,type:9},source:{end:0,type:10},applet:{end:1,type:11},base:{end:0,type:12},link:{end:0,type:13},meta:{end:0,type:14},title:{end:1,type:15},html:{end:1,type:16},head:{end:1,type:17},body:{end:1,type:18},frameset:{end:1,type:19},frame:{end:0,type:20},doctype:{end:0,type:21},noscript:{end:1,type:22}},o="((?:\\s+[\\:\\-A-Za-z0-9_]+(?:\\s*=\\s*(?:(?:\\\"[^\\ ...[119261 bytes skipped]... Decoded script: function C(D) { aE(aU[a6][bh], aU[a6], aR, ba, aw, W); aE(aU[a6][bh], aU[a6], aR, "pageshow", C, W); a(aU, "load", C); g = ay; } function a(w) { f.listen(t, d, j); b.detach(d, "unload", a); d = s; } function bp() { R(); G(x); cp = ah(bc, C); } function d5() { R(); G(x); cp = ah(bc, C); } function cQ(D, F) { ...[876 bytes skipped]... | ||
http://mail.nutek-us.com/test404page.js | HTTP/1.1 302 Found Cache-Control: no-cache, private Connection: close Date: Mon, 07 Apr 2014 22:00:14 GMT Location: http://redir001.biz.mail.ne1.yahoo.com/rd/rd.php?rdsc=1&srchost=mail.nutek-us.com&rand=1809361935 Vary: Accept-Encoding Content-Length: 71 Content-Type: text/html; charset=UTF-8 Expires: -1 P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" Set-Cookie: BX=cpe2ed19k67ve&b=3&s=td; expires=Thu, 07-Apr-2016 22:00:14 GMT; path=/; domain=.nutek-us.com | clean |
http://redir001.biz.mail.ne1.yahoo.com/rd/rd.php?rdsc=1&srchost=mail.nutek-us.com&rand=1809361935 | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Mon, 07 Apr 2014 22:00:14 GMT Location: https://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.ne1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.nutek-us.com%26rand%3d1809361935 Vary: Accept-Encoding Content-Length: 3476 Content-Type: text/html P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV" | clean |
https://login.yahoo.com/config/login_verify2?.intl=us&.done=http%3a%2f%2fredir001.biz.mail.ne1.yahoo.com%2frd%2frd.php%3frdsc%3d1%26srchost%3dmail.nutek-us.com%26rand%3d1809361935 | 200 OK Content-Length: 145335 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login_verify2%3f.intl=us%26.done=http%253a%252f%252fredir001.biz.mail.ne1.yahoo.com%252frd%252frd.php%253frdsc%253d1%2526srchost%253dmail.nutek-us.com%2526rand%253d1809361935 | 200 OK Content-Length: 145161 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login%3f.src=ymbr%26.intl=us%26.lang=en-US%26.done=https%3a//login.yahoo.com/config/login_verify2%253f.intl=us%2526.done=http%25253a%25252f%25252fredir001.biz.mail.ne1.yahoo.com%25252frd%25252frd.php%25253frdsc%25253d1%252526srchost%25253dmail.nutek-us.com%252526rand%25253d1809361935 | 200 OK Content-Length: 146726 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login%3f.src=ymbr%26.intl=us%26.lang=en-US%26.done=https%3a//login.yahoo.com/config/login%253f.src=ymbr%2526.intl=us%2526.lang=en-US%2526.done=https%253a//login.yahoo.com/config/login_verify2%25253f.intl=us%252526.done=http%2525253a%2525252f%2525252fredir001.biz.mail.ne1.yahoo.com%2525252frd%25 <span>...109 symbols skipped</span> | 200 OK Content-Length: 144332 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login%3f.src=ymbr%26.intl=us%26.lang=en-US%26.done=https%3a//login.yahoo.com/config/login%253f.src=ymbr%2526.intl=us%2526.lang=en-US%2526.done=https%253a//login.yahoo.com/config/login%25253f.src=ymbr%252526.intl=us%252526.lang=en-US%252526.done=https%25253a//login.yahoo.com/config/login_verify2 <span>...239 symbols skipped</span> | 200 OK Content-Length: 150217 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login%3f.src=ymbr%26.intl=us%26.lang=en-US%26.done=https%3a//login.yahoo.com/config/login%253f.src=ymbr%2526.intl=us%2526.lang=en-US%2526.done=https%253a//login.yahoo.com/config/login%25253f.src=ymbr%252526.intl=us%252526.lang=en-US%252526.done=https%25253a//login.yahoo.com/config/login%2525253 <span>...379 symbols skipped</span> | 200 OK Content-Length: 148101 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login%3f.src=ymbr%26.intl=us%26.lang=en-US%26.done=https%3a//login.yahoo.com/config/login%253f.src=ymbr%2526.intl=us%2526.lang=en-US%2526.done=https%253a//login.yahoo.com/config/login%25253f.src=ymbr%252526.intl=us%252526.lang=en-US%252526.done=https%25253a//login.yahoo.com/config/login%2525253 <span>...529 symbols skipped</span> | 200 OK Content-Length: 150168 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login%3f.src=ymbr%26.intl=us%26.lang=en-US%26.done=https%3a//login.yahoo.com/config/login%253f.src=ymbr%2526.intl=us%2526.lang=en-US%2526.done=https%253a//login.yahoo.com/config/login%25253f.src=ymbr%252526.intl=us%252526.lang=en-US%252526.done=https%25253a//login.yahoo.com/config/login%2525253 <span>...689 symbols skipped</span> | 200 OK Content-Length: 152376 Content-Type: text/html | clean |
https://login.yahoo.com/config/login?.src=ymbr&.intl=us&.lang=en-US&.done=https://login.yahoo.com/config/login%3f.src=ymbr%26.intl=us%26.lang=en-US%26.done=https%3a//login.yahoo.com/config/login%253f.src=ymbr%2526.intl=us%2526.lang=en-US%2526.done=https%253a//login.yahoo.com/config/login%25253f.src=ymbr%252526.intl=us%252526.lang=en-US%252526.done=https%25253a//login.yahoo.com/config/login%2525253 <span>...859 symbols skipped</span> | 200 OK Content-Length: 154712 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mail.nutek-us.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, private
Connection: close
Date: Mon, 07 Apr 2014 22:00:00 GMT
Location: http://redir001.biz.mail.ne1.yahoo.com/rd/rd.php?rdsc=1&srchost=mail.nutek-us.com&rand=397064789
Vary: Accept-Encoding
Content-Length: 71
Content-Type: text/html; charset=UTF-8
Expires: -1
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=1h2ecp19k67v0&b=3&s=tu; expires=Thu, 07-Apr-2016 22:00:00 GMT; path=/; domain=.nutek-us.com
...71 bytes of data.
GET / HTTP/1.1
Host: mail.nutek-us.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, private
Connection: close
Date: Mon, 07 Apr 2014 22:00:00 GMT
Location: http://redir001.biz.mail.ne1.yahoo.com/rd/rd.php?rdsc=1&srchost=mail.nutek-us.com&rand=397064789
Vary: Accept-Encoding
Content-Length: 71
Content-Type: text/html; charset=UTF-8
Expires: -1
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=1h2ecp19k67v0&b=3&s=tu; expires=Thu, 07-Apr-2016 22:00:00 GMT; path=/; domain=.nutek-us.com
...71 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mail.nutek-us.com
Referer: http://www.google.com/search?q=mail.nutek-us.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mail.nutek-us.com
Referer: http://www.google.com/search?q=mail.nutek-us.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mail.nutek-us.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mail.nutek-us.com/
Result: mail.nutek-us.com is not infected or malware details are not published yet.
Result: mail.nutek-us.com is not infected or malware details are not published yet.