Report - www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=

Report Overview

Visited public
2023-09-24 20:14:35
Tags
dyndns
URL
www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Finishing URL
www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
IP / ASN
23.106.53.137
#0
Title
Bussines AdsManager
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-09-24 00:15:11	463 B	1.7 kB	142.250.74.106
www.unhappy-satisfy.duckdns.org	unknown	2013-04-12	2023-09-24 19:55:24	2023-09-24 19:55:24	4.2 kB	194 kB	23.106.53.137
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-23 18:12:07	666 B	1.4 kB	142.250.74.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-24 20:14:18	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:18	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:18	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:18	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:18	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:18	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:19	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:19	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:19	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:19	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:19	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:19	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:19	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:19	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:19	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:19	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:20	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-24 20:14:20	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-24 20:14:20	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.
2023-09-24	medium	www.unhappy-satisfy.duckdns.org/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed
2023-09-24	medium	unhappy-satisfy.duckdns.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	www.unhappy-satisfy.duckdns.org/bootstrap/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-10
Pretty URL www.unhappy-satisfy.duckdns.org/bootstrap/jquery.min.js IP 23.106.53.137 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10 Last Seen2025-05-10 18:08 Times Seen59051 Hash a46fb81762396b7bf2020774a2fb4d9e fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7 d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d Loading...

	www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/= IP 23.106.53.137 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 02:16 Times Seen4650236 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (11)

URL IP Response Size

www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=

23.106.53.137

200 OK

1.1 kB

URL User Request GET HTTP/2
www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
IP
23.106.53.137:443
ASN
#0

Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.1 kB (1131 bytes)
Hash
a43355ae47d9cd2aa9fb3071906ef48c
3bcf4edc5b5d808758a87ae624ff362ac2d0dc33
cd663f802574f58bbd1de0dabf996b20037da3ab799f00fb8865439c42f87ce4

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/= HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
last-modified: Fri, 22 Sep 2023 22:20:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 1131
date: Sun, 24 Sep 2023 20:14:18 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

www.unhappy-satisfy.duckdns.org/bootstrap/styles.css

23.106.53.137

200 OK

933 B

URL GET HTTP/2
www.unhappy-satisfy.duckdns.org/bootstrap/styles.css
IP
23.106.53.137:443
ASN
#0

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
ASCII text, with CRLF line terminators
Size
933 B (933 bytes)
Hash
31aace7a60ba95b7f1d3fffa1e1a9ada
9d7c5325db64af68c3d61ddec3e644ec0be22489
afe4c5f18226a93c0cbd0c8b79b359b71945a3e7f61a6dfeaed974cc02820416

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap/styles.css HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 01 Oct 2023 20:14:18 GMT
content-type: text/css
last-modified: Fri, 22 Sep 2023 22:01:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 933
date: Sun, 24 Sep 2023 20:14:18 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.unhappy-satisfy.duckdns.org/bootstrap/main.chunk.css

23.106.53.137

200 OK

60 kB

URL GET HTTP/2
www.unhappy-satisfy.duckdns.org/bootstrap/main.chunk.css
IP
23.106.53.137:443
ASN
#0

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
60 kB (59663 bytes)
Hash
5e83f03746e1b922c0576dc8202f7d05
3711cbcb8ffc098a4a76831cfdd70b6447e991c6
86c9b59f01d02c72fae32ff6a07d2e3093833ec2a59ae85c1a705bc0d542fe17

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap/main.chunk.css HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 01 Oct 2023 20:14:18 GMT
content-type: text/css
last-modified: Fri, 22 Sep 2023 22:02:58 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 59663
date: Sun, 24 Sep 2023 20:14:18 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.unhappy-satisfy.duckdns.org/bootstrap/jquery.min.js

23.106.53.137

200 OK

30 kB

URL GET HTTP/2
www.unhappy-satisfy.duckdns.org/bootstrap/jquery.min.js
IP
23.106.53.137:443
ASN
#0

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
30 kB (29658 bytes)
Hash
a46fb81762396b7bf2020774a2fb4d9e
fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bootstrap/jquery.min.js HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 01 Oct 2023 20:14:18 GMT
content-type: application/javascript
last-modified: Fri, 22 Sep 2023 22:03:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding,User-Agent
content-length: 29658
date: Sun, 24 Sep 2023 20:14:18 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 24 Sep 2023 20:14:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
99734170fcdad2d52884412f61321bf8
25163901dbdc047070a12d8afadcaa7009d8b595
f2a2590ac5fa2bcc9db8c46b3b4ad45f0a03b03193f601a2636e900fe851cf59

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 24 Sep 2023 20:14:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.unhappy-satisfy.duckdns.org/images/sound-mobile.png

23.106.53.137

200 OK

27 kB

URL GET HTTP/2
www.unhappy-satisfy.duckdns.org/images/sound-mobile.png
IP
23.106.53.137:443
ASN
#0

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
PNG image data, 1919 x 962, 8-bit/color RGBA, non-interlaced\012- data
Size
27 kB (27377 bytes)
Hash
3e187b1de61fff546192389af72a250f
f739b1400c927ff3dd72643ea99eff37265471fa
c8955ad7eb23a8e478b1c82bd095de1b9e599f809982e1bc691388ae9634394c

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/sound-mobile.png HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 01 Oct 2023 20:14:18 GMT
content-type: image/png
last-modified: Fri, 22 Sep 2023 22:11:07 GMT
accept-ranges: bytes
content-length: 27377
date: Sun, 24 Sep 2023 20:14:18 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2

www.unhappy-satisfy.duckdns.org/images/825.png

23.106.53.137

200 OK

58 kB

URL GET HTTP/2
www.unhappy-satisfy.duckdns.org/images/825.png
IP
23.106.53.137:443
ASN
#0

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
PNG image data, 612 x 244, 8-bit/color RGBA, non-interlaced\012- data
Size
58 kB (58543 bytes)
Hash
f0317e2a4ebc3cca7c81f29c8ca3f6cf
44314a88d2ea068c7c030f8abcd3b910da46b741
f05dbe85aa72d010110763f9c5d1712024455358abf717fbc8b516c402cb4001

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/825.png HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sun, 01 Oct 2023 20:14:18 GMT
content-type: image/png
last-modified: Fri, 22 Sep 2023 22:04:39 GMT
accept-ranges: bytes
content-length: 58543
date: Sun, 24 Sep 2023 20:14:18 GMT
server: LiteSpeed
vary: User-Agent
X-Firefox-Spdy: h2

www.unhappy-satisfy.duckdns.org/images/settings032.png%22

23.106.53.137

404 Not Found

1.2 kB

URL GET HTTP/3
www.unhappy-satisfy.duckdns.org/images/settings032.png%22
IP
23.106.53.137:443
ASN
#0

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/settings032.png%22 HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sun, 24 Sep 2023 20:14:19 GMT
server: LiteSpeed
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

www.unhappy-satisfy.duckdns.org/images/settings032.png

23.106.53.137

200 OK

12 kB

URL GET HTTP/3
www.unhappy-satisfy.duckdns.org/images/settings032.png
IP
23.106.53.137:443
ASN
#0

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerLet's Encrypt
Subjectwww.unhappy-satisfy.duckdns.org
FingerprintBE:93:ED:09:06:AC:B9:E8:C4:AE:2F:18:48:90:5E:31:96:E1:B6:A4
ValiditySun, 24 Sep 2023 16:54:00 GMT - Sat, 23 Dec 2023 16:53:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
12 kB (12454 bytes)
Hash
f7ece99f73d501add836f65ad0cdddd4
893991c223048c87b496d48d8c5972bd59c51955
2cf7744e22776202803bca198768076c9455fe05cebff01c8e45bc6fe49257ec

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/settings032.png HTTP/1.1
Host: www.unhappy-satisfy.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sun, 01 Oct 2023 20:14:19 GMT
content-type: image/png
last-modified: Fri, 22 Sep 2023 22:00:34 GMT
accept-ranges: bytes
content-length: 12454
date: Sun, 24 Sep 2023 20:14:19 GMT
server: LiteSpeed
vary: User-Agent

fonts.googleapis.com/css?family=Khula&display=swap&.css

142.250.74.106

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Khula&display=swap&.css
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.unhappy-satisfy.duckdns.org/continue.html?nkbihfbeogaeaoehlefnkodbefgpgknn/=
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (1117), with no line terminators
Size
1.1 kB (1090 bytes)
Hash
294d0d648017501c5c4dae6aeb908933
a6592ba8e656a3086976c5044be40274178de10e
d2941ce6c3ea43ff9d51f2be763750b272c1c627f74c6168f9d1e53f53e77232

HTTP Headers

GET /css?family=Khula&display=swap&.css HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.unhappy-satisfy.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 24 Sep 2023 20:14:19 GMT
date: Sun, 24 Sep 2023 20:14:19 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash