Report - fndynqh.com/user?ofid=62&tbc=0393c8&a_aid=ccsbr&a_bid=4cc71e91&x_agent=ORANGE081&chan=ORANGE081&x_clickid=108868236&sitekey=889a8a927bbedbd6&rtr=1&rtid=4122191099

Report Overview

Visited public
2023-11-22 20:59:46
Tags
URL
fndynqh.com/user?ofid=62&tbc=0393c8&a_aid=ccsbr&a_bid=4cc71e91&x_agent=ORANGE081&chan=ORANGE081&x_clickid=108868236&sitekey=889a8a927bbedbd6&rtr=1&rtid=4122191099
Finishing URL
fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ka-p.fontawesome.com	4489	2012-10-18	2019-12-16 21:35:53	2023-11-22 05:14:00	1.5 kB	62 kB	104.18.40.68
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-22 07:50:40	1.6 kB	68 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-22 07:41:56	435 B	1.2 kB	142.250.74.106
fndynqh.com	unknown	2023-10-12	2023-10-16 20:09:38	2023-11-19 14:48:22	6.7 kB	89 kB	188.114.97.1
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-11-22 07:51:46	454 B	32 kB	142.250.74.106
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-22 07:46:49	1.3 kB	196 kB	142.250.74.168
ajax.aspnetcdn.com	693	2010-10-12	2012-05-24 15:35:31	2023-11-22 05:13:36	903 B	132 kB	152.199.19.160
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-11-22 05:13:59	899 B	13 kB	104.18.40.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed
2023-11-22	medium	fndynqh.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	127 B	2023-03-07	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen16 Hash f92940178528cff899349c6b3bc8f6b5 71946185435cc4ee489eed6d3b8cb89c9e482857 1c176f72b1e82fdcc2b59f3161850788a57e77e4e9df64f1147a6d8a5228552b Loading...

	www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL	ScriptElement	115 kB	2023-11-22	2023-11-22
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 21:59 Last Seen2023-11-22 21:59 Times Seen1 Hash c9a0d08018bc0088f458f86dd95de412 8c0263c1f58cc4f103a9bfcda1eac1fa0cfad3c6 07ea57eb9a4fd41f98e1213596d7773bdbe6525caa4ebcb987a850c4ba0800b4 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-09
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 08:48 Times Seen340603 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c	ScriptElement	229 kB	2023-11-22	2023-11-22
Pretty URL www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 21:59 Last Seen2023-11-22 21:59 Times Seen1 Hash 7d70728552d9a49304bb2bb006d645dd 643d5ea90112207147de521d103dab6fb2f6055a 45f1eddbc54d3b611c631defda402d094ece0f628a24ae5cb4b1514ffa213483 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 08:47 Times Seen68098 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	fndynqh.com/common_tpls/js/validate_form_v2.js?jsv=35	ScriptElement	26 kB	2023-11-12	2024-08-20
Pretty URL fndynqh.com/common_tpls/js/validate_form_v2.js?jsv=35 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen24 Hash 44bf7e2fb58e77a3ab76bb6191b1a862 f6516881e1c2b17e923ca1a651de92a22c4ccaa7 b3f9ad8a6b5ee12a78a32d898be23898f6d340765e340873e0253feb3b0e8825 Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	391 B	2023-11-12	2024-08-20
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 18:19 Last Seen2024-08-20 19:51 Times Seen6 Hash 6ad29f62c91623b91b6ee31ae79351f0 4df1603346f9519e3506f625d1695e5778e7a095 dcdeb8a1a35452c114257a3c7b98df47e3a83c3779dcc1ebadf908999b703b76 Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	264 B	2023-03-07	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 07:54 Times Seen22 Hash 50b8d257c149e4c89eb8fcd42cbb90bd ec36a40fb37b6fcca17ac892e3b274ecff9c5164 04b5d8be7fc682489a5060b6832c7a14ebe5480a284f3f9d55f0a0407aeff7b0 Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	166 B	2023-03-07	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 08:25 Times Seen35 Hash 30fbeedd3ef42ed4b3c0cedc516b2f71 dff25b928dad51d1d769285bf2a302d2be531927 1a9018c8172241d8aade74fd982307b0171e6b21ce2b4a470342852d92a99ed0 Loading...

	www.googletagmanager.com/gtag/js?id=UA-208173773-2	ScriptElement	190 kB	2023-11-22	2023-11-22
Pretty URL www.googletagmanager.com/gtag/js?id=UA-208173773-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-22 21:59 Last Seen2023-11-22 21:59 Times Seen1 Hash a50f01ede4b0ded278694b66a47fffee 00db34865af67465ce215df0086fbde804c0ebfb 6c8849b52508cbfb477e40c5e2a5423082d474d48e9970de9522e3180b2287c8 Loading...

	ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-05-09
Pretty URL ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js IP 152.199.19.160 ASN #15133 EDGECAST Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 08:38 Times Seen27454 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	fndynqh.com/common_tpls/js/iframeResizer.contentWindow.min.js	ScriptElement	13 kB	2023-03-07	2025-04-17
Pretty URL fndynqh.com/common_tpls/js/iframeResizer.contentWindow.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-04-17 05:46 Times Seen84 Hash 2cf9df789476bc39b9906030f639660d de708b4a0fe32f3d77505675eb119b671327a6b4 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b Loading...

	kit.fontawesome.com/b314bdf1b3.js	ScriptElement	12 kB	2023-06-20	2023-11-22
Pretty URL kit.fontawesome.com/b314bdf1b3.js IP 104.18.40.68 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-20 05:08 Last Seen2023-11-22 21:59 Times Seen16 Hash 4fc6cefe553c0690d16534ebf9d89181 aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f 8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb Loading...

	fndynqh.com/common_tpls/js/form_support.js?v=1101202201	ScriptElement	3.8 kB	2023-03-08	2024-08-21
Pretty URL fndynqh.com/common_tpls/js/form_support.js?v=1101202201 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25 Last Seen2024-08-21 08:25 Times Seen40 Hash 4ffa5d12f2aa2394aa284438d9ab1658 66a6678dc24eae37e35b8ee571e78f6e8af796da a35efd7238a1ef4c6581aadc6d001e8554adf949dc6cde5650c2235483f19bf0 Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	528 B	2023-03-07	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27 Last Seen2024-08-21 08:11 Times Seen24 Hash 10dd1b2ab36045f6dd30390708c046c8 5ea106d1b689de5bda25b576ae36d26160ed6795 6d5167f39f1f849ab2050bb2429f122ed1e62a41d7bdcf18a9ec09438f087e88 Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	500 B	2023-06-20	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-20 05:08 Last Seen2024-08-21 08:25 Times Seen30 Hash b3a1b315d6288a561818ce4d5253d7f6 2ce9c680b598f3cc1e3962a44ef82ae5fa4494fd 91fd13dbb2b63dbb6392347bd6b26447b1e7aa12711de8bd71979cd981ff1cb4 Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	2.5 kB	2023-03-12	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 21:04 Last Seen2024-08-21 07:54 Times Seen14 Hash ac428da6c58b59908e1e32ae534c701f 6762e6723215e67f3bc59d70921dff1c31cf340f 99f03e720b2056ee9fe812f4e55e01df1e9ff78e25b193457cfea0e9bf452cce Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	154 B	2023-03-08	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 12:25 Last Seen2024-08-21 05:13 Times Seen16 Hash dc4c63848f107674326b8a0a96341bc9 5d248cb3bf93f521d169b6bad32476850a605b12 07efc655541b0925fd8e283a50d37b7eb16785091a5e304f2e6485eaaf93538d Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	341 B	2023-03-08	2024-08-21
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 12:25 Last Seen2024-08-21 05:13 Times Seen16 Hash 1a58b34370509f63981cc45d340f1d57 075e95758b3f8f503e2a73afea9dd289368622df e173425383a257827382039e598338898d2206eeb509092c25bec541d8efd01b Loading...

	fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112	ScriptElement	61 B	2024-08-20	2024-08-20
Pretty URL fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:15 Last Seen2024-08-20 18:15 Times Seen1 Hash 43d78d0e694c2000586d0d42eeb252d8 8d07380f69f69525d77114e3356d4202ffd130d1 f3c8d528ac7fe6b855bc61dd90abacb662c6dee33d63039e17a649e085b4f1a1 Loading...

	fndynqh.com/sandbox%20eval%20code		147 B	2023-04-11	2025-05-09
Pretty URL fndynqh.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-09 08:48 Times Seen341404 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

HTTP Transactions (27)

URL IP Response Size

fndynqh.com/common_tpls/images/ajax-loader.gif

188.114.97.1

200 OK

3.2 kB

URL GET HTTP/3
fndynqh.com/common_tpls/images/ajax-loader.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
GIF image data, version 89a, 32 x 32\012- data
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/ajax-loader.gif HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: image/gif
content-length: 3208
last-modified: Mon, 07 Oct 2013 22:49:23 GMT
etag: "52533a73-c88"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2653
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UcKWCkCb2IRo%2FahIKY0IWI%2FpYiTzAqTmoV3iqJGY4Qm1pPSi7QrFYLZk61Z70ltToMZy8IvM4%2B761CrBp7bJfRnUNGFRgatrRiLOtN9XwjDKXc207pImF%2F7gb22X6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3dcf656a2-OSL
alt-svc: h3=":443"; ma=86400

fndynqh.com/common_tpls/images/icons/email.png

188.114.97.1

200 OK

1.3 kB

URL GET HTTP/3
fndynqh.com/common_tpls/images/icons/email.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.3 kB (1254 bytes)
Hash
a86d99b9176d82a211cfa29b2f0b353f
62947ddfd87e3a21869818885e4bfa4e55ad0c11
f8e82194c97e2a11a8c77fcd55d1ded51a1943b78eefac8475890f665dc620f1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/email.png HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: image/png
content-length: 1254
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-4e6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2653
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5MxkbTUA1g%2Bj6EC%2FKpIUmhZHS1vDEL3B3Hd9NGX0n1ghEtBPQSIzYVF%2F34%2FXTObYMRER81cPbY00qF2ttMN7hQGTXiGelu%2B6%2ByymQHYNb93qUfG0YEu6NA%2FmzlZBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3ecfc56a2-OSL
alt-svc: h3=":443"; ma=86400

fndynqh.com/user?ofid=62&tbc=0393c8&a_aid=ccsbr&a_bid=4cc71e91&x_agent=ORANGE081&chan=ORANGE081&x_clickid=108868236&sitekey=889a8a927bbedbd6&rtr=1&rtid=4122191099

188.114.97.1

2.0 kB

URL
fndynqh.com/user?ofid=62&tbc=0393c8&a_aid=ccsbr&a_bid=4cc71e91&x_agent=ORANGE081&chan=ORANGE081&x_clickid=108868236&sitekey=889a8a927bbedbd6&rtr=1&rtid=4122191099
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
2.0 kB (2041 bytes)
Hash
8a05dc4edd32d796999b8316d7569061
31a6a902098a3d790de75b5b9a372051c85629dd
3ffb1d500120fe7a53ce34039a9f637b5d9d2ed7023dac74e4ad7c14c6fa0d48

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user?ofid=62&tbc=0393c8&a_aid=ccsbr&a_bid=4cc71e91&x_agent=ORANGE081&chan=ORANGE081&x_clickid=108868236&sitekey=889a8a927bbedbd6&rtr=1&rtid=4122191099 HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Nov 2023 20:59:28 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2BS9BBhTep4mIoCoKN1rVNaPHdYENrAvT9%2FtADuRmqNnVwM2d0eNKA3RiVn9IzADZoIUFagE4MtK4a3SFO8809BbRYWCYQVNiDJz0n6dPZFLSJKdPBxS94%2FJDdLKow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82a418a90fd056c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fndynqh.com/common_tpls/compactML/css/wideBaseML.css

188.114.97.1

200 OK

4.0 kB

URL GET HTTP/3
fndynqh.com/common_tpls/compactML/css/wideBaseML.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
ASCII text, with very long lines (22986), with no line terminators
Size
4.0 kB (3960 bytes)
Hash
5ede9814b7457a64e5c8ee8aa036c3f0
0b05378651df8ed45fb3c40ec99dd98aa1c2d7fd
c776450a0b93289511851e3e32db4e620b99121990869c2f377ce61a5defdfe7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/compactML/css/wideBaseML.css HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: text/css
last-modified: Mon, 08 May 2023 14:48:38 GMT
etag: W/"64590bc6-59ca"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j8pgjZrXwBxL%2F5Abh461lAzXG6Pwer4qd8NfZ42CfU%2FPyHZGABftWBr9Lv86Z58BApyzrTP9QwNL%2BCBaCWhR%2FsuHtbX1Fcw3Weq6mgxfeITLa%2FKfvfeeFy5wbMIufw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3dcdf56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.106

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 19 Nov 2023 21:54:55 GMT
expires: Mon, 18 Nov 2024 21:54:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 255874
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-208173773-2

142.250.74.168

200 OK

69 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-208173773-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
69 kB (68661 bytes)
Hash
a50f01ede4b0ded278694b66a47fffee
00db34865af67465ce215df0086fbde804c0ebfb
6c8849b52508cbfb477e40c5e2a5423082d474d48e9970de9522e3180b2287c8

HTTP Headers

GET /gtag/js?id=UA-208173773-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 22 Nov 2023 20:59:29 GMT
expires: Wed, 22 Nov 2023 20:59:29 GMT
cache-control: private, max-age=900
last-modified: Wed, 22 Nov 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 68661
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js

152.199.19.160

200 OK

9.8 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9839 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /ajax/bootstrap/3.3.7/bootstrap.min.js HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 10783302
cache-control: public,max-age=31536000
content-type: application/javascript
date: Wed, 22 Nov 2023 20:59:29 GMT
etag: "80bdc1e6cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:09:59 GMT
server: ECAcc (ska/F6C5)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 9839
X-Firefox-Spdy: h2

fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112

188.114.97.1

200 OK

24 kB

URL User Request GET HTTP/3
fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (536)
Size
24 kB (24085 bytes)
Hash
9e5928d2fd623a91024947df725decd0
5b26e1ea97247cb4cd0b0a18f50ad32e18d94026
483c933661b02177f5f5d9acfd0a23953f974a7d59168439b9059e7b47d6e911

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user?SID=c706e23c98a42332db7aec1d74462112 HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?ofid=62&tbc=0393c8&a_aid=ccsbr&a_bid=4cc71e91&x_agent=ORANGE081&chan=ORANGE081&x_clickid=108868236&sitekey=889a8a927bbedbd6&rtr=1&rtid=4122191099
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112; path=/; secure; SameSite=None
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PITXyahBo2HcKeFxJnfj9KEcdpXfjQf%2BWkfNuA6CVoBiVGJLW4I4CDUYXy26bEh38SgpaKyu0H%2BbIr9%2Fey1zdE227XM131UHtzPQAJ1jGPhwXg6WSdxCPh3ER1e4tA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82a418ae9b6456a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css

104.18.40.68

200 OK

0 B

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3/110588222/kit-upload.css
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b314bdf1b3/110588222/kit-upload.css HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fndynqh.com/
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: text/css
content-length: 0
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926, public, must-revalidate
etag: 54af53b207eef226d6511e0a88e3038e
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F5eN1HPopEud40KYalvC
cf-cache-status: HIT
age: 703099
accept-ranges: bytes
server: cloudflare
cf-ray: 82a418b70b8c56cb-OSL
X-Firefox-Spdy: h2

fndynqh.com/common_tpls/images/icons/password.png

188.114.97.1

200 OK

1.5 kB

URL GET HTTP/3
fndynqh.com/common_tpls/images/icons/password.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1452 bytes)
Hash
6f100f1cdbdce928118ffa4c9293ca5b
6b1a3593e792d4c00187d60560dd03fb42df1156
8c1a6b9e0c63edc7fa86898148dc6493cd56113fabbf85d901f7af4c180fce74

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/password.png HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: image/png
content-length: 1452
last-modified: Tue, 22 Aug 2017 16:34:59 GMT
etag: "599c5d33-5ac"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dpv5XEQNHAkzVZxV0%2B5HCcWAHtaeJetGSQSuw2vqBAJwZ33lWfD%2B6rmdbZuJa8uJ9lOLxR3JtgnLn9hIxAnkRdNYNwpsuZK%2FWhGy2%2FbXg2CtRRTkpO2DSfPzyY2IBw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3ed0156a2-OSL
alt-svc: h3=":443"; ma=86400

fndynqh.com/common_tpls/images/icons/user.png

188.114.97.1

200 OK

1.5 kB

URL GET HTTP/3
fndynqh.com/common_tpls/images/icons/user.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced\012- data
Size
1.5 kB (1491 bytes)
Hash
d2ace1024969666b8ecfd48b0091a0fd
fb2988bb4203176476469b8ad12abc3cf8ce2113
a28165011050b8c217837b2ce4692f49413e27b7b259144cd128d0a9db9f63dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/images/icons/user.png HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: image/png
content-length: 1491
last-modified: Mon, 21 Aug 2017 19:32:05 GMT
etag: "599b3535-5d3"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbW%2Bt2%2FH4%2FAl7fmt2kBpd2xCxbDK%2BE4rTFdTrbOICmr1j62ISEi3gSDd59Uf9HZrEG%2BbJzJHSj7mR1OEworh%2Brwg9t48HOPMFlAZ2sDHw4YE4EAAvs51hS6pYiNKaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3ed0056a2-OSL
alt-svc: h3=":443"; ma=86400

ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3

104.18.40.68

200 OK

54 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=b314bdf1b3
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65397)
Size
54 kB (54194 bytes)
Hash
486b13730aafe2a39cdaf1666679fa5b
aa0f52f048688ada20d921fef78cf15684a25f04
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

HTTP Headers

GET /releases/v5.15.4/css/pro.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fndynqh.com/
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: text/css
content-length: 54194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-d3b2"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 703099
accept-ranges: bytes
server: cloudflare
cf-ray: 82a418b73bf556cb-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3

104.18.40.68

200 OK

4.2 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (26366)
Size
4.2 kB (4194 bytes)
Hash
715826d7cea0f100c00238e5e5dc92b4
ea2a076f73ed3826287a726f35ae5e54136f2cee
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-shims.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fndynqh.com/
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: text/css
content-length: 4194
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-1062"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 703099
accept-ranges: bytes
server: cloudflare
cf-ray: 82a418b73bf456cb-OSL
X-Firefox-Spdy: h2

ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3

104.18.40.68

200 OK

2.6 kB

URL GET HTTP/2
ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (27832)
Size
2.6 kB (2603 bytes)
Hash
1cb05a2f9541200e1fa0a2cd0abc7663
fdf3292a6db22945eb79e08d847834205b749c6f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

HTTP Headers

GET /releases/v5.15.4/css/pro-v4-font-face.min.css?token=b314bdf1b3 HTTP/1.1
Host: ka-p.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fndynqh.com/
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: text/css
content-length: 2603
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
etag: "610ae215-a2b"
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status: HIT
age: 703099
accept-ranges: bytes
server: cloudflare
cf-ray: 82a418b73bf156cb-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL

142.250.74.168

200 OK

44 kB

URL GET HTTP/3
www.googletagmanager.com/gtm.js?id=GTM-TZX6ZCL
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
44 kB (44355 bytes)
Hash
c9a0d08018bc0088f458f86dd95de412
8c0263c1f58cc4f103a9bfcda1eac1fa0cfad3c6
07ea57eb9a4fd41f98e1213596d7773bdbe6525caa4ebcb987a850c4ba0800b4

HTTP Headers

GET /gtm.js?id=GTM-TZX6ZCL HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 22 Nov 2023 20:59:29 GMT
expires: Wed, 22 Nov 2023 20:59:29 GMT
cache-control: private, max-age=900
last-modified: Wed, 22 Nov 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44355
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVc.ttf

216.58.207.227

200 OK

21 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVc.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Open Sans Project Authors (https://github.com/googlefonts/opensans)Open SansR\012- data
Size
21 kB (21006 bytes)
Hash
4e6feb3d0ab3cb546db1152394983bdb
8feb43afdb5a47fc1c8c03b53be6822c72f845b3
294ed1734fd63bdeca41e4ac6d668c513ea6932b0030ee10c605d09efba1900e

HTTP Headers

GET /s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVc.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21006
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 04:53:43 GMT
expires: Fri, 15 Nov 2024 04:53:43 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:14:44 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 576346
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCs16Hw5aX8.ttf

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCs16Hw5aX8.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2011 The Montserrat Project Authors (https://github.com/JulietaUla/Montserrat)Montserr\012- data
Size
16 kB (16454 bytes)
Hash
7537927902d147b33daa33bde3d17670
201f909e6a91b0f7af89c68c7c9683463f944ee3
c8861d4f88efa374f573575cb6063bf54ee05e7d65d83eb8668c531687d06c85

HTTP Headers

GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCs16Hw5aX8.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16454
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 05:03:08 GMT
expires: Fri, 15 Nov 2024 05:03:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 18:58:46 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 575781
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrQ.ttf

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrQ.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2010 The Raleway Project Authors (impallari@gmail.com), with Reserved Font Name "Ralew\012- data
Size
28 kB (27688 bytes)
Hash
bdebf93c5407fe68ebcf28ea8e7bf5cf
efea252ba989bdafdda75070b433706be9eb60c1
ccea64b644439db63b8dbe4e042401ceffbb0ba0ab7338e856aa7fb1f4d33e49

HTTP Headers

GET /s/raleway/v28/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrQ.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27688
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Nov 2023 04:54:05 GMT
expires: Fri, 15 Nov 2024 04:54:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:57:58 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 576324
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c

142.250.74.168

200 OK

81 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
81 kB (81043 bytes)
Hash
7d70728552d9a49304bb2bb006d645dd
643d5ea90112207147de521d103dab6fb2f6055a
45f1eddbc54d3b611c631defda402d094ece0f628a24ae5cb4b1514ffa213483

HTTP Headers

GET /gtag/js?id=G-MZ8S35MRED&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 22 Nov 2023 20:59:29 GMT
expires: Wed, 22 Nov 2023 20:59:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81043
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fndynqh.com/favicon.ico

188.114.97.1

404 Not Found

162 B

URL GET HTTP/3
fndynqh.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
162 B (162 bytes)
Hash
42b7c03ebcddafdb2aa3078e3a9ceb69
57570cf4712b36bce96f68228e6c72137c2156dd
a225bf8186e767cfb73fec2ac55678c083a3c2abd042bc1cf85f820bced5ec9f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 22 Nov 2023 20:59:30 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MLr2Z4ze%2FJRUeKE3d%2F997K3EJ3zTgWZ3HZiW5rnm7GEI0aHg66NesT0%2BjerwmoXGlaGHNae%2BZDk0xxL4cn%2F2TFS9uVD4S5ApuzFn1u166pZwzXEkKndQQQEZxiYew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b8adb756a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fndynqh.com/user/trk/?rtid=4122191099

188.114.97.1

200 OK

21 B

URL GET HTTP/3
fndynqh.com/user/trk/?rtid=4122191099
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
ce71f990f98204ec746c0ea5806a137e
fa67bf74438d236d316ee3e5f8af734f2a7ab7b3
ef00d2db4cc856d6cdd91195535592933751cb3fca7a31a3108be36032578c30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /user/trk/?rtid=4122191099 HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:30 GMT
content-type: text/json;charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p3T2UM9%2FVmfe2kxxQ%2BdaCzxNJi2aNpF07abbCypU%2FUFsADAOTgDPHXE63Qe0sxQr42uave0NE%2BsD2z3kgD8z3wkorjpRmsv4Le404%2F%2FWGNRtGSRd15J6o9hVqPoIxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82a418b8adba56a2-OSL
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 22 Nov 2023 20:59:29 GMT
date: Wed, 22 Nov 2023 20:59:29 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fndynqh.com/common_tpls/js/iframeResizer.contentWindow.min.js

188.114.97.1

200 OK

13 kB

URL GET HTTP/3
fndynqh.com/common_tpls/js/iframeResizer.contentWindow.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
ASCII text, with very long lines (12990)
Size
13 kB (13381 bytes)
Hash
2cf9df789476bc39b9906030f639660d
de708b4a0fe32f3d77505675eb119b671327a6b4
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/iframeResizer.contentWindow.min.js HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: application/javascript
last-modified: Thu, 04 Feb 2016 15:06:03 GMT
etag: W/"56b368db-3445"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yE0iwcl4w6w8nmhyhfpFtKOgukBB3jPdMLa113Y9Nomjm2KBNoJgmNwmY5xbt9GS64DSOE1z9BF1iyPY%2BZic1zvCmHqhU6mC5rmWa0ExZUNdRCBE3GZn8S%2Bl268K%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3ed0356a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kit.fontawesome.com/b314bdf1b3.js

104.18.40.68

200 OK

12 kB

URL GET HTTP/2
kit.fontawesome.com/b314bdf1b3.js
IP
104.18.40.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (11213)
Size
12 kB (11753 bytes)
Hash
4fc6cefe553c0690d16534ebf9d89181
aa7c5a51a88e2dcbdf8b67e8648d35682d19e31f
8f3a8661dafbfffde857c6bbc7abc7c63e929047dfc5e6cc1a805ab8e98dacbb

HTTP Headers

GET /b314bdf1b3.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fndynqh.com
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F5eN1FRg9QvRmWcEW-4j
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 82a418b40e7356cb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

fndynqh.com/common_tpls/js/validate_form_v2.js?jsv=35

188.114.97.1

200 OK

26 kB

URL GET HTTP/3
fndynqh.com/common_tpls/js/validate_form_v2.js?jsv=35
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type

Size
26 kB (26000 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/validate_form_v2.js?jsv=35 HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: application/javascript
last-modified: Thu, 19 Oct 2023 00:24:58 GMT
etag: W/"6530775a-6590"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ibUB9og%2FHd4%2Bm9peRpkrvQ7SFAnx4%2FfivAw7VmM8f2DIYmAry536bPo%2FMYF3R4ItXTxdpLEOQG2cDgEf%2FMgBoR%2F%2BNAHrOlJ3P65i1ypddqLMZirSzkepqjQUuv1L%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3dcef56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css

152.199.19.160

200 OK

121 kB

URL GET HTTP/2
ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/css/bootstrap.min.css
IP
152.199.19.160:443
ASN
#15133 EDGECAST

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerDigiCert Inc
Subject*.vo.msecnd.net
Fingerprint0E:7D:A8:CD:FE:61:1E:46:97:A3:57:99:70:DA:E0:59:1D:34:04:80
ValidityFri, 05 May 2023 00:00:00 GMT - Sun, 28 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
121 kB (121200 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /ajax/bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: ajax.aspnetcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 19873450
cache-control: public,max-age=31536000
content-type: text/css
date: Wed, 22 Nov 2023 20:59:29 GMT
etag: "0e914f2cb33d21:0"
last-modified: Mon, 31 Oct 2016 23:10:18 GMT
server: ECAcc (ska/F740)
timing-allow-origin: *
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19629
X-Firefox-Spdy: h2

fndynqh.com/common_tpls/js/form_support.js?v=1101202201

188.114.97.1

200 OK

3.8 kB

URL GET HTTP/3
fndynqh.com/common_tpls/js/form_support.js?v=1101202201
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Certificate
IssuerGoogle Trust Services LLC
Subjectfndynqh.com
Fingerprint0E:60:BF:B7:66:0C:2A:09:4A:22:6D:FA:89:38:FE:B4:97:59:F6:D7
ValidityMon, 16 Oct 2023 17:08:52 GMT - Sun, 14 Jan 2024 17:08:51 GMT

File type
ASCII text, with very long lines (4261), with no line terminators
Size
3.8 kB (3799 bytes)
Hash
bd72340aa5a6ac08cf9a0fdbd650579c
c0550503cbb35b4abcc5618fc78a0cb18c26c89c
783abe18fe8132421d19b383088f95e95a9ee6ac64b85bd2e2b178b481ab2ca4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /common_tpls/js/form_support.js?v=1101202201 HTTP/1.1
Host: fndynqh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fndynqh.com/user?SID=c706e23c98a42332db7aec1d74462112
Cookie: PHPSESSID=c706e23c98a42332db7aec1d74462112
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 Nov 2023 20:59:29 GMT
content-type: application/javascript
last-modified: Fri, 18 Nov 2022 21:23:37 GMT
etag: W/"6377f7d9-ed7"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2654
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqNRjbqeAlrP9KGNCuzttnPLpuh5I%2BkuiCa7KWrGh%2FI7yihlAh4%2FnAxmquN%2BTzFFG0HoUmjHVUxxHW3VpW2%2FwvFb8RK4GLhymyW0pqMUbR%2F%2FsFmbmLRsLhS2kuCn2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82a418b3dce956a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by