Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: whyllama.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 10 Apr 2015 18:38:13 GMT
Server: Apache
Content-Length: 7437
Content-Type: text/html
Last-Modified: Tue, 16 Dec 2014 23:18:39 GMT
...7437 bytes of data.
GET / HTTP/1.1
Host: whyllama.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 10 Apr 2015 18:38:13 GMT
Server: Apache
Content-Length: 7437
Content-Type: text/html
Last-Modified: Tue, 16 Dec 2014 23:18:39 GMT
...7437 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: whyllama.com
Referer: http://www.google.com/search?q=whyllama.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: whyllama.com
Referer: http://www.google.com/search?q=whyllama.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://whyllama.com/ | 200 OK Content-Length: 7437 Content-Type: text/html | clean |
http://whyllama.com/css/css.js | 200 OK Content-Length: 625 Content-Type: application/javascript | clean |
http://whyllama.com/javascripts.js | 200 OK Content-Length: 84 Content-Type: application/javascript | clean |
http://whyllama.com/pop-closeup.js | 200 OK Content-Length: 2291 Content-Type: application/javascript | clean |
http://whyllama.com/header.js | 200 OK Content-Length: 2351 Content-Type: application/javascript | clean |
http://whyllama.com/menu.js | 200 OK Content-Length: 2899 Content-Type: application/javascript | clean |
http://whyllama.com/sidebar-right.js | 200 OK Content-Length: 1661 Content-Type: application/javascript | clean |
http://whyllama.com/copyright.js | 200 OK Content-Length: 453 Content-Type: application/javascript | clean |
http://whyllama.com/copyright-aw.js | 200 OK Content-Length: 483 Content-Type: application/javascript | clean |
https://count.carrierzone.com/app/count_server/count.js | 200 OK Content-Length: 36029 Content-Type: text/javascript | clean |
http://whyllama.com/about_llamas.htm | 200 OK Content-Length: 16659 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19973 Content-Type: text/javascript | clean |
http://whyllama.com/Llama_Wool.htm | 200 OK Content-Length: 32981 Content-Type: text/html | clean |
http://whyllama.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://whyllama.com/GuardLlamas.htm | 200 OK Content-Length: 35031 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=whyllama.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://whyllama.com/
Result: whyllama.com is not infected or malware details are not published yet.
Result: whyllama.com is not infected or malware details are not published yet.