Domain > www.goodlook.sg

This indicator is referenced in AlienVault OTX pulse ""

Reports

https://foxitsecurity.files.wordpress.com/2016/06/...

https://github.com/fox-it/mofang

https://foxitsecurity.files.wordpress.com/2016/06/...

Files that talk to www.goodlook.sg

Whois

Property	Value
Name	PAVELOW
NameServer	NS2.DESIGN21ST.COM.SG (119.31.234.201)
Created	2013-01-22 14:13:53
Changed	2015-04-12 17:01:08
Expires	2017-01-22 14:13:53
Registrar	WEB COMMERCE COMMUNI

DNS Resolutions

Date	IP Address
2015-08-10	119.31.234.200 (ClassC)
2016-02-10	103.15.232.104 (ClassC)
2025-05-31	23.106.127.1 (ClassC)

Port 80

HTTP/1.1 200 OKDate: Sat, 06 Jan 2024 04:27:41 GMTServer: ApacheUpgrade: h2Connection: UpgradeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charsetUTF-8

!DOCTYPE HTML>html>head>meta http-equivContent-Type contenttext/html; charsetutf-8>link hrefstyle/style.css relstylesheet typetext/css />!--if IE>!endif-->title>/title>meta namekeywords content/>meta namedescription content/>/head>body>div idwrapper>	div idinner_wrap>   	  div idcontent_holder>       	div idheader>        	a hrefindex.php idlogo>img srcimages/logo.png altGoodlook>/a>            div classnav-holder>                        div classdefault>a href classfloat-right facebook-icon>img srcimages/facebook.png altFacebook />/a>/div>            div idnav classdefault>            	ul>                !-- li>a hrefabout.php >About GoodLook/a>/li> -->            	li>a hrefproduct.php >Products/a>/li>            	li>a hrefgallery.php >Advertisement Gallery/a>/li>            	li>a hrefcontact.php >Contact Us/a>/li>            	li>a hrefhttps://waycobeauty.com/>Wayco Beauty/a>/li>                /ul>            /div>            /div>        /div>                div idbanner>img srcadmin/banner/b51xy0baj69xheader-img.jpg>/div>        article idcontainer>        	div classleft-panel>            	            /div>            div classright-panel>            	div classright-panel-inner>                	a hrefhttp://www.waycobeauty.com/sg target_blank>img srcadmin/banner/buy5.png>/a>/p>                /div>                div classright-panel-inner>a hrefproduct.php>img srcadmin/banner/53lbzf4xpbwmclick-here.jpg>/a>/div>            /div>        /article>        div idfooter>Copyright © 2013 WAY Company. All Rights Reserved. Designed by Pavelow/div>        /div>    /div>/div>/body>/html>

Port 443

HTTP/1.1 200 OKDate: Sat, 06 Jan 2024 04:27:42 GMTServer: ApacheUpgrade: h2Connection: UpgradeVary: Accept-EncodingTransfer-Encoding: chunkedContent-Type: text/html; charsetUTF-8

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

MD5	A/V
df36190fc42fb987f3bc4845b928d21c	[TrojanDropper.Dapato.r4] [Artemis!DF36190FC42F] [Trojan.FakeDoc] [Dropper.Dapato.Win32.20917] [Trojan.DR.Dapato!zLHYJtaowbA] [Win32/FakeDoc_i] [Trojan-Dropper.Win32.Dapato.dzsr] [Trojan.Win32.Dapato.cxqkwk] [Win32.Trojan-dropper.Dapato.Wtdm] [UnclassifiedMalware] [Trojan.Click3.1485] [BehavesLike.Win32.Dropper.dh] [TR/Spy.221184.424] [HackTool[Hoax]/Win32.ArchSMS] [Trojan.Win32.Dropper.dzsr] [PE:Malware.FakeDOC@CV!1.9C3B] [Trojan.Win32.Spy] [W32/Dapato.DZSR!tr] [Win32/DH{ADWBEoETfnluCYERJyiBEA}] [Trj/CI.A]