Scanned pages/files
Request | Server response | Status |
http://lookslike.ch/ | 200 OK Content-Length: 6196 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Abdellah Elmaghribi <html> <head> <title>Hacked by Abdellah Elmaghribi</title> <meta charset='UTF-8'> </head> <link rel="icon" type="image/png" href="http://im84.gulfup.com/5EHjXO.png" /> <link href='http://fonts.googleapis.com/css?family=Electrolize' rel='stylesheet' type='text/css'> <style> body { font-family: 'Electrolize', sans-serif; font-size: 16px; background-image:url('http://i.imgur.com/21mAb4R.gif'); font-col ...[6932 bytes skipped]... | ||
http://lookslike.ch/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Mon, 28 Sep 2015 04:05:22 GMT Pragma: no-cache Location: http://www.lookslike.ch/test404page.js Server: Apache/2.2.31 (FreeBSD) Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://www.lookslike.ch/n/xmlrpc.php | clean |
http://www.lookslike.ch/test404page.js | 404 Not Found Content-Length: 23161 Content-Type: text/html | clean |
http://www.lookslike.ch/n/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-content/plugins/wp-slimbox2/javascript/slimbox2.js?ver=2.04 | 200 OK Content-Length: 3777 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-content/plugins/wp-slimbox2/javascript/slimbox2_autoload.js?ver=1.0.4b | 200 OK Content-Length: 3027 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-content/themes/platformproN/sections/nav/superfish.js?ver=1.0 | 200 OK Content-Length: 3708 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-content/themes/platformproN/sections/nav/jquery.bgiframe.min.js?ver=1.0 | 200 OK Content-Length: 1517 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-content/themes/platformproN/sections/features/jquery.cycle.js?ver=2.99 | 200 OK Content-Length: 32046 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.50.0-2014.02.05 | 200 OK Content-Length: 16305 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8.1 | 200 OK Content-Length: 9630 Content-Type: application/javascript | clean |
http://www.lookslike.ch/n/wp-includes/js/comment-reply.min.js?ver=3.9.9 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lookslike.ch
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 28 Sep 2015 04:05:22 GMT
Accept-Ranges: bytes
ETag: "39072f2-1834-520bdbb872c43"
Server: Apache/2.2.31 (FreeBSD)
Content-Length: 6196
Content-Type: text/html
Last-Modified: Sun, 27 Sep 2015 17:15:50 GMT
X-Pad: avoid browser bug
...6196 bytes of data.
GET / HTTP/1.1
Host: lookslike.ch
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 28 Sep 2015 04:05:22 GMT
Accept-Ranges: bytes
ETag: "39072f2-1834-520bdbb872c43"
Server: Apache/2.2.31 (FreeBSD)
Content-Length: 6196
Content-Type: text/html
Last-Modified: Sun, 27 Sep 2015 17:15:50 GMT
X-Pad: avoid browser bug
...6196 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lookslike.ch
Referer: http://www.google.com/search?q=lookslike.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lookslike.ch
Referer: http://www.google.com/search?q=lookslike.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lookslike.ch
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lookslike.ch/
Result: lookslike.ch is not infected or malware details are not published yet.
Result: lookslike.ch is not infected or malware details are not published yet.