Scanned pages/files
Request | Server response | Status |
http://wowlotto.co.kr/ | 200 OK Content-Length: 8313 Content-Type: text/html | clean |
http://wowlotto.co.kr/jscss/jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: application/x-javascript | clean |
http://wowlotto.co.kr/jscss/script.js | 200 OK Content-Length: 10321 Content-Type: application/x-javascript | clean |
http://wowlotto.co.kr/jscss/flash.js | 200 OK Content-Length: 885 Content-Type: application/x-javascript | clean |
http://wowlotto.co.kr/vip/vip_unse.htm | 200 OK Content-Length: 7131 Content-Type: text/html | clean |
http://wowlotto.co.kr/vip/vip_cartoon.htm | 200 OK Content-Length: 7134 Content-Type: text/html | clean |
http://wowlotto.co.kr/index.htm | 200 OK Content-Length: 27763 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://goo.gl/fc9js <iframe src="http://goo.gl/fc9js" name="pwb2" width="0" height="0" scrolling="no" frameborder="no"> Hidden iFrame found. size: 0x0 src: http://goo.gl/95wku <iframe src="http://goo.gl/95wku" name="pwb1" width="0" height="0" scrolling="no" frameborder="no"> | ||
http://wowlotto.co.kr/vip/creator_vip.htm | 200 OK Content-Length: 12124 Content-Type: text/html | clean |
http://wowlotto.co.kr/combination/ | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 11:40:04 GMT Location: creator_perfect.htm Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.0 Content-Length: 0 Content-Type: text/html X-Pad: avoid browser bug X-Powered-By: PHP/5.2.0 | clean |
http://wowlotto.co.kr/combination/creator_perfect.htm | 200 OK Content-Length: 11916 Content-Type: text/html | clean |
http://wowlotto.co.kr/analysis/ | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 11:40:06 GMT Location: case1.htm Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.0 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.0 | clean |
http://wowlotto.co.kr/analysis/case1.htm | 200 OK Content-Length: 289034 Content-Type: text/html | clean |
http://wowlotto.co.kr/board/ | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 11:40:12 GMT Location: list.htm?board_seq=2&category_seq=3 Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.0 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.0 | clean |
http://wowlotto.co.kr/board/list.htm?board_seq=2&category_seq=3 | 200 OK Content-Length: 25557 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://goo.gl/fc9js <iframe src="http://goo.gl/fc9js" name="pwb2" width="0" height="0" scrolling="no" frameborder="no"> Hidden iFrame found. size: 0x0 src: http://goo.gl/95wku <iframe src="http://goo.gl/95wku" name="pwb1" width="0" height="0" scrolling="no" frameborder="no"> | ||
http://wowlotto.co.kr/commonsense/ | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 11:40:17 GMT Location: page1.htm Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.0 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.0 | clean |
http://wowlotto.co.kr/commonsense/page1.htm | 200 OK Content-Length: 28825 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://goo.gl/95wku <iframe src="http://goo.gl/95wku" name="pwb1" width="0" height="0" scrolling="no" frameborder="no"> Hidden iFrame found. size: 0x0 src: http://goo.gl/fc9js <iframe src="http://goo.gl/fc9js" name="pwb2" width="0" height="0" scrolling="no" frameborder="no"> | ||
http://wowlotto.co.kr/customer/ | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 11:40:19 GMT Location: main.htm Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.0 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.0 | clean |
http://wowlotto.co.kr/customer/main.htm | 200 OK Content-Length: 19210 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://goo.gl/95wku <iframe src="http://goo.gl/95wku" name="pwb1" width="0" height="0" scrolling="no" frameborder="no"> Hidden iFrame found. size: 0x0 src: http://goo.gl/fc9js <iframe src="http://goo.gl/fc9js" name="pwb2" width="0" height="0" scrolling="no" frameborder="no"> | ||
http://wowlotto.co.kr/customer/find_id.htm | 200 OK Content-Length: 19508 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://goo.gl/fc9js <iframe src="http://goo.gl/fc9js" name="pwb2" width="0" height="0" scrolling="no" frameborder="no"> Hidden iFrame found. size: 0x0 src: http://goo.gl/95wku <iframe src="http://goo.gl/95wku" name="pwb1" width="0" height="0" scrolling="no" frameborder="no"> | ||
http://wowlotto.co.kr/customer/find_pw.htm | 200 OK Content-Length: 20223 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://goo.gl/95wku <iframe src="http://goo.gl/95wku" name="pwb1" width="0" height="0" scrolling="no" frameborder="no"> Hidden iFrame found. size: 0x0 src: http://goo.gl/fc9js <iframe src="http://goo.gl/fc9js" name="pwb2" width="0" height="0" scrolling="no" frameborder="no"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wowlotto.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 11:39:47 GMT
Pragma: no-cache
Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.0
Content-Type: text/html; charset=euc-kr
Expires: Mon, 26 Jul 2008 05:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 11:39:47 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE"
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.2.0
GET / HTTP/1.1
Host: wowlotto.co.kr
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 11:39:47 GMT
Pragma: no-cache
Server: Apache/2.2.2 (Unix) mod_ssl/2.2.2 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.0
Content-Type: text/html; charset=euc-kr
Expires: Mon, 26 Jul 2008 05:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 11:39:47 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE"
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.2.0
Second query (visit from search engine):
GET / HTTP/1.1
Host: wowlotto.co.kr
Referer: http://www.google.com/search?q=wowlotto.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wowlotto.co.kr
Referer: http://www.google.com/search?q=wowlotto.co.kr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wowlotto.co.kr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wowlotto.co.kr/
Result: wowlotto.co.kr is not infected or malware details are not published yet.
Result: wowlotto.co.kr is not infected or malware details are not published yet.