Report - colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8

Report Overview

Visited public
2024-09-09 00:00:14
Tags
Submit Tags
URL
colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Finishing URL
colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Colmedica.Com Verifing...

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20 07:02:03	2024-09-07 18:13:59	5.7 kB	416 kB	104.18.95.41
logos-cdn.skrapp.io	unknown	2016-03-05	2022-11-27 21:42:34	2024-03-07 14:38:10	443 B	5.1 kB	172.66.40.112
i.imgur.com	5110	2009-01-09	2012-05-21 10:09:36	2024-09-07 19:13:25	427 B	1.1 MB	199.232.192.193
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-07 18:12:17	1.3 kB	3.5 kB	23.36.77.32
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-07 18:12:12	327 B	887 B	23.36.76.226
colmedica.ankitqtllc.com	unknown	unknown	No data	No data	3.0 kB	98 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-08	medium	ankitqtllc.com	Sinkholed
2024-09-08	medium	ankitqtllc.com	Sinkholed
2024-09-08	medium	ankitqtllc.com	Sinkholed
2024-09-08	medium	ankitqtllc.com	Sinkholed
2024-09-08	medium	ankitqtllc.com	Sinkholed
2024-09-08	medium	ankitqtllc.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (44)

	URL	From	Size	First Seen	Last Seen
	colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8	ScriptElement	0 B	0001-01-01	2025-07-25
Pretty URL colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-25 04:04 Times Seen5529945 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	ScriptElement	46 kB	2024-09-03	2024-09-19
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-03 15:20 Last Seen2024-09-19 22:57 Times Seen501 Hash 57a4011b45a950c27c1c638c9abf655b ce3ca250a31b8a891d55b7ee51dd09fd201d1033 f260796d39e01df74e820ed2e7de42f0a397d8c5b9751c58d68746066155a9c7 Loading...

	unknown	ScriptElement	236 B	2024-09-19	2024-09-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 997352a08b0f0583b2828b67da75b007 143012d4c7b797554d2d13499a40f365a361d192 952a6bd7a357dd1747291667288ec248410da06beda275a9ae579eb67cf0efb2 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/	ScriptElement	4.3 kB	2024-09-19	2024-09-19
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/ IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash ae6e45c6f2fcdf883ab04038a80d90a6 afa96ce939fdf1564423bf7e50478a8a92f2827a 3c868cd267e1153dbb7ead34fe6ed2a3d293611104632fefda9223e3deb01c47 Loading...

	colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.0 kB	2024-09-19	2024-09-19
Pretty URL colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen2 Hash 82afe475bf1034fa431b00ba4562e8ae f2cc4efac1bec73fafd4b4fa242c84da4e0a7c3c ca5e53e49b2e8bc0d36025af011eee562d91887492ad95eecd36e074ca91b934 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8c02e50e5bbf569a&lang=auto	ScriptElement	120 kB	2024-09-19	2024-09-19
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8c02e50e5bbf569a&lang=auto IP 104.18.95.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash b97b6ef0e9489fed9aefc9f4162f07bb d33994124320ce59262a2862cbc2a7a74f4124bd 7b52cb2b38eb8ef9826da250b92326efb1179401c171b2dc2dee1d12f407f4a0 Loading...

	colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8	ScriptElement	923 B	2024-09-19	2024-09-19
Pretty URL colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash aaa7379ea6b7b7aac1dc7d4860bd0319 d3ca8cd2838f9d114f650780a9629f08d4233d3b a68cdaeb9e261e3316be67f64c2e9764e8d084bc230e442180c07ffa78d0ae8a Loading...

		Size	First Seen	Last Seen
	#1 Eval - a4feaeb9f1352449125b9a75354a28a3	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash a4feaeb9f1352449125b9a75354a28a3 5d2501059b332689c10389efc3105c9ec2ac2ef0 bad4c3889d1557defe46aaaf7e705df11e7048505907d57be017ca3970fe8133 Loading...

	#2 Eval - 599f406c966e5ff864de43d564455cd2	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 599f406c966e5ff864de43d564455cd2 81f940dcca32bc5e8e9f7a12f881a1f248b3129c 1f850e3e80a651b2eef8f32b6e6fef279d0e55782a089fe383b97a19616e014f Loading...

	#3 Eval - 92dd0d822a6857636c72a28440b82f23	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 92dd0d822a6857636c72a28440b82f23 32343132f361f7ec9735fdcb2862fbd425888c49 232dbd8f6682675ce8e61f84b66f25d7e9bbc232b38a2190be6bf7cbdad3e9dc Loading...

	#4 Eval - 7661f122c3d46026fb2756004e564359	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 7661f122c3d46026fb2756004e564359 6b5cf016496e12ac96b6da8def78523cb576ae79 82569452f095f40e4653edd22c61414ac91e1515e37dd00ae494bc04eebee2ed Loading...

	#5 Eval - d1f5b8b9b5426ed9fd50aae7123fcf56	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash d1f5b8b9b5426ed9fd50aae7123fcf56 34228962cb7c534472f831e1eb6f704193f7cce9 af3dbedc7a4cc16fa2f3090c3e23073379a136f82155f528b30a2e503fe1259b Loading...

	#6 Eval - f0131b91b273b2ad7a655994c7a07b25	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash f0131b91b273b2ad7a655994c7a07b25 085883ad28334f204e982de1fcd3bee3953690a9 46e22f516ff876c733e8f4b52093346370f0101c6249db456407c1f95a50cb05 Loading...

	#7 Eval - e01270471456b8e59c04fa4ab756e4e4	60 B	2024-09-03 15:20	2024-09-19 22:57
Pretty Observations First Seen2024-09-03 15:20 Last Seen2024-09-19 22:57 Times Seen529 Hash e01270471456b8e59c04fa4ab756e4e4 1612ef3e59f3e40bf40ec5e3353df80542c0d73e d88519c5d465b9d5e90880096f6d043e1002aedc54cf65b978b7b94f7d7abc18 Loading...

	#8 Eval - 0633afebe39c6fac921792262a42b375	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 0633afebe39c6fac921792262a42b375 347a56d28405921a9c2e2d0097e0d3a5c9252a86 8927f64bc72899f698519294500662b114566cf2fbce9f01061c96f41b2f05e1 Loading...

	#9 Eval - c710c249b520c6118d1e0f50c03d8d71	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash c710c249b520c6118d1e0f50c03d8d71 0605c19e8851c2bb0062d40ea82aab7b5322a9d7 f348dc63e25a7f4ae4e23de8fe2f7addaba3608a8a8a3282b5d9273e2e0e0956 Loading...

	#10 Eval - 13931e39f5289a28f653e3c93a545267	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 13931e39f5289a28f653e3c93a545267 cbe36a212ddf7aa1975fc2748f7d0c8c42cb1350 196f626541b00f98edd039e5727109a5fcbac58ee4d8e3d3028f570bbb0c3731 Loading...

	#11 Eval - 72b14cf33ffcaf799f9ec2233e35b5c8	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 72b14cf33ffcaf799f9ec2233e35b5c8 ad9f269b198f571a16798287866f236f27b542fc 08bf379747b56599b1ba346ebdbee29b71dc6e7618469eea0a3c460bafa4aa9a Loading...

	#12 Eval - 92c803c87d1b8f6a800f097d47d9d85c	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 92c803c87d1b8f6a800f097d47d9d85c 87a7a433107e49d0aaa5d513026f00b015af20df 306b7aadd2645b179c8598b27e59b2782315fd0a60d6630d1b77e12d6bbd7fb8 Loading...

	#13 Eval - 37cf80f12c9105cbce6faded3b2f3d69	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 37cf80f12c9105cbce6faded3b2f3d69 a561ef0dc9d97504f1439cf1aac32e67a3b91d16 3327f7137a5e0a4973c3aa08a417ca538d5e5186a71705dad05ef5872f105a4d Loading...

	#14 Eval - 99141b535c13945014031cf9daa25844	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 99141b535c13945014031cf9daa25844 edfb1c6e3ac412868f2c0a1af27a95921be510c5 3b441f601a01692e059b25bc9e51d9f87fff205e51b5421e6a0ddf3dacc55155 Loading...

	#15 Eval - 53f259c26c214969cf2861a778339661	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 53f259c26c214969cf2861a778339661 804bf92511e06211168d1284efffa5ac1f84ccc4 54d5dd010c3cea6bbbfbc16ac05ce799e5cd02738ec081300f87920d05982f0c Loading...

	#16 Eval - 5d5e59e107743751a845c155d6bc9af3	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 5d5e59e107743751a845c155d6bc9af3 1a0da0e0498817dbdda8436e7f2e30902e055506 74cd32a6932deb318d3c1a420e06652b42b182af531d09fd79e115b6c118fe3c Loading...

	#17 Eval - 3e927bd9071e4c1ed298401e6f1f7cb9	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 3e927bd9071e4c1ed298401e6f1f7cb9 09af256d2fe928b48caa0729957fc691d99ce4f6 7a0a3f6ad9fcd7c87213de5dcf4cd873b3edba5b3dcbb68eb32447c98e27e5ba Loading...

	#18 Eval - 5c29fca630b8aca9427e8f683ea14bbd	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 5c29fca630b8aca9427e8f683ea14bbd c0c0db98f51d8e30032c117d1744162aba0c8a48 7f4a6439aac5f99be8813c7adaf1aaeb54dc36f34d66344da29f045f74dc55a4 Loading...

	#19 Eval - 4cdf8df74b2aa145e312e01c10fe2ea9	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 4cdf8df74b2aa145e312e01c10fe2ea9 7e44d997d70bb5e46e0904936d543502b0f6be53 4f5a5230b0f925502922b874bab762ab324ce86bfdde4c8ae458ef3b58eb8a94 Loading...

	#20 Eval - 2a233d2249c3ee19a7dc09b787e04a74	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 2a233d2249c3ee19a7dc09b787e04a74 1ef407b38b5f4ee9c4fce34efa8f0a1f2eef1020 dd308b8fd50785d78859560d26ae1d3e4a35b43ba15f474494b48f606537a06b Loading...

	#21 Eval - 7afc63ba9cef4f61a750bc60710e9487	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 7afc63ba9cef4f61a750bc60710e9487 c486234d2811b98dd3c078e1c248a12c078d98f5 995398acdfcc212fa7649b148c11ef1e80cad873b45a1ac84fd866b8203a05e1 Loading...

	#22 Eval - 17a5251e4db72ac825337a8412116df6	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 17a5251e4db72ac825337a8412116df6 8166da2706f37c1343610f6cf82a9aeae79f262e 1ab6099cd614329f3de97ab25353bfffa29790e67746b26955bbce8c5f970e44 Loading...

	#23 Eval - 7d6b966700bda0d088f362c32158e93a	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 7d6b966700bda0d088f362c32158e93a d9fe9fc98d8085fc9f9f6ae66426cc392230059b 42b496e0567ed21a9b2340a5246af5780968f7c20b71da35a65ed0ae75ad222b Loading...

	#24 Eval - 35cde3eef15d9182f71d22412e94712c	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 35cde3eef15d9182f71d22412e94712c 84781d773bdd5c2e2222d97e47cd68ea84787c7f d1c0e99b7fe946a7685ecb24fa1f7368a4b4e8fec515600ac83a32d2958c77a2 Loading...

	#25 Eval - a95a660a2faabca65a49b7c1244f3926	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash a95a660a2faabca65a49b7c1244f3926 6129267869eddfb24d877deca6b3fd87938be214 049831217acca14762ecd9b859073f922db31aecf731ad1f72149a8c66cfeac3 Loading...

	#26 Eval - 45d928b380580ecbc637baffad734029	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 45d928b380580ecbc637baffad734029 0ae3bae01a1fb0d898ecf04724884f2ff41b9859 e9836e4df02ec18b9e2a29481de10550d3da11368710830e0026bc9e3c99748e Loading...

	#27 Eval - 4014b0a10d911630d0543aee4e28dbf0	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 4014b0a10d911630d0543aee4e28dbf0 52412f7e9f24a4bb5075d743b2b254e73e42e501 c61811cfa370b4ab76fa14ae025c3b4edb176bb48c23e6debde2c7d3ade2bb86 Loading...

	#28 Eval - 1e8d15bb3566a2faaa4e6bacf2529e04	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 1e8d15bb3566a2faaa4e6bacf2529e04 0b8141a6122d0ceadf9df4eb77bb9e06c9c289ab 045931446a41ac01c37cd9c31d136a758a18ce982f9d919c71a20519b517d23a Loading...

	#29 Eval - 89700d92e7ac7f15781880be66c1171f	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 89700d92e7ac7f15781880be66c1171f df4151a789b7dde4dcc76a9984a51d1513db5ddb 246ed05a9a42385d65189be70e927fc959502e8998c27066e9532eb8efcd1613 Loading...

	#30 Eval - 61a94f606c2e5bfa6f6c3320c53ed91c	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 61a94f606c2e5bfa6f6c3320c53ed91c f08c72bf5592e8d351f776b7e0eb2ff4b4fd15d9 66dcb8599f1c5216e42f7904910f6866f3baaedc16deff675e8b9eaf019dd3be Loading...

	#31 Eval - fd57399e4d9844734361fa5acd71425e	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash fd57399e4d9844734361fa5acd71425e 9597d74f88592d16c1f48a72477a0e93c3d5926f 31540148edcdcc563ff4bd6d1dd6529641afe7b48a9ea6ea4a05a79d847f8889 Loading...

	#32 Eval - e0723687db6bb342e2220d01ef73a752	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash e0723687db6bb342e2220d01ef73a752 22c803fe3381b962344bc4577b1ba28032b89c8f 0445ae88f4640def0d67c4edf38c50b55fa70f4b9b91b6dcbf84eb83db9409b3 Loading...

	#33 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07 01:03	2025-07-25 04:00
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-07-25 04:00 Times Seen430094 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#34 Eval - fe8f250a74a0a84670eeed54f602e659	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash fe8f250a74a0a84670eeed54f602e659 5e342889cb9eb55241ac44e1b9e71a89068b3e9c aa0bf8281095646ed6f3957e090ef1e91cd079df9df47b5fd1db6dba0d5952a2 Loading...

	#35 Eval - 000f24815339009501055e2f96427997	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 000f24815339009501055e2f96427997 d65d604de0102897a078506e481a7410b6c09266 722d711569ad1c746bd0881e42d4ccb7ddf01721b045f8d655b82f19bd12d1ce Loading...

	#36 Eval - 9651ba0f1a9483ace59fca349e8f7c40	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash 9651ba0f1a9483ace59fca349e8f7c40 b45ee86dbadc6bdaa122726bc800797fd8a58a10 e263d89e19f80963ceeee51cd5a13532c8c144107f6d3ccd7c5d718466a3f49a Loading...

	#37 Eval - b42604bb9485f8e002a2f30d0c136721	28 B	2024-09-19 21:46	2024-09-19 21:46
Pretty Observations First Seen2024-09-19 21:46 Last Seen2024-09-19 21:46 Times Seen1 Hash b42604bb9485f8e002a2f30d0c136721 53d20d6e9c28a3f8abc06c5493c93b3eff06d693 92e192f5deeeec1bc2415d3c6d50955be005354d5973cee165065a73811bc232 Loading...

HTTP Transactions (22)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
80f3aada09a34a0d6e43e77f160ac485
8feee259be181420c2c17ccb3d81ce9bc980b577
cccc9314ca2d07fb6a2a5d91a8d7b37f16fd78a5d14b0e6a27de0df82e47f1f3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CCCC9314CA2D07FB6A2A5D91A8D7B37F16FD78A5D14B0E6A27DE0DF82E47F1F3"
Last-Modified: Sat, 07 Sep 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3456
Expires: Mon, 09 Sep 2024 00:57:23 GMT
Date: Sun, 08 Sep 2024 23:59:47 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
85b35ef8e54cfd751670f6a6d56541bd
162e94ccf2a785ea99c41f45c3a76815a2f8ae5f
3f59c24a6538550f52a4c9b39d9f57b023c9d44d50a846e742b763f74dfc179d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3F59C24A6538550F52A4C9B39D9F57B023C9D44D50A846E742B763F74DFC179D"
Last-Modified: Sun, 08 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9353
Expires: Mon, 09 Sep 2024 02:35:40 GMT
Date: Sun, 08 Sep 2024 23:59:47 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
010d9d76f2cffcde2776f30737ea6daa
8f2fbd4790c6a38d70f1e6d4be7b34a6cf562d70
5b0f8b959509a0ebd05f4fd4dca127683100ab3c79a154da1b78247ebf21ffda

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5B0F8B959509A0EBD05F4FD4DCA127683100AB3C79A154DA1B78247EBF21FFDA"
Last-Modified: Sat, 07 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3061
Expires: Mon, 09 Sep 2024 00:50:48 GMT
Date: Sun, 08 Sep 2024 23:59:47 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f2ca0b1356d3a4726b2584b305c67002
de39fbd751a2e933ca34fc5f03ce213747bd2188
ab157104ff1a8239aa7f2285995c9f30cc84bcf9e87e3f6d5bf0d5197c720922

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AB157104FF1A8239AA7F2285995C9F30CC84BCF9E87E3F6D5BF0D5197C720922"
Last-Modified: Sat, 07 Sep 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11280
Expires: Mon, 09 Sep 2024 03:07:47 GMT
Date: Sun, 08 Sep 2024 23:59:47 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5c3fba1109521084ef7ba1930038c708
da167832736b19cff2200b7ee2c62f0e2cd4ceeb
170cddf1a28716b552d327083819d646261191483dec007a25da4d86ffa36bc9

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "170CDDF1A28716B552D327083819D646261191483DEC007A25DA4D86FFA36BC9"
Last-Modified: Sat, 07 Sep 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8751
Expires: Mon, 09 Sep 2024 02:25:40 GMT
Date: Sun, 08 Sep 2024 23:59:49 GMT
Connection: keep-alive

colmedica.ankitqtllc.com/

188.114.97.1

167 B

URL
colmedica.ankitqtllc.com/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: colmedica.ankitqtllc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Sun, 08 Sep 2024 23:59:50 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 09 Sep 2024 00:59:50 GMT
Location: https://colmedica.ankitqtllc.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKrAZfIH%2FA6KKng%2BXuTi83eODl%2BNWzgRPKj9RpVJRLeXSUmkLaaluGAGl4FzDwToflyYriuVeuin8yax%2Bv6XqJdxtPP%2FwS9%2BK95e%2BGaedyUTZQIXqyk0nicRS%2Fvkp%2BeFia03jxrz6rVbFTc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8c02e5072adf5693-OSL
alt-svc: h2=":443"; ma=60

GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.95.41

302 Found

0 B

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colmedica.ankitqtllc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 08 Sep 2024 23:59:51 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/a5b175b00260/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c02e50c6b55b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

188.114.97.1

302 Found

0 B

URL GET HTTP/3
colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectankitqtllc.com
FingerprintEB:0F:BC:4F:34:EF:EF:B1:F8:AE:3C:AA:C0:43:C6:98:57:D2:D3:D1
ValiditySat, 07 Sep 2024 09:26:33 GMT - Fri, 06 Dec 2024 09:26:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: colmedica.ankitqtllc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sun, 08 Sep 2024 23:59:51 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nV6eH98EjSZ30sQRkd5AXnZoEcKatIF8sSQ5%2BQyB%2B%2BdXeCHGqm4T1yIu1WrIfKkfOX5VXmJ9jdZM8TAzrlrqX7H9LzUKVwolK1sh%2FdYGRVHDDXsxnYKyGI3dkS9Ug9RXwQWYM%2FAzaxN7MuM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c02e50c8dcd0b02-OSL
alt-svc: h3=":443"; ma=86400

GET logos-cdn.skrapp.io/logos/colmedica.com

172.66.40.112

200 OK

4.5 kB

URL GET HTTP/2
logos-cdn.skrapp.io/logos/colmedica.com
IP
172.66.40.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectskrapp.io
Fingerprint5F:42:6A:7C:9A:3F:6C:C9:6E:EE:F5:55:33:C8:13:DC:99:B4:2D:BE
ValidityThu, 01 Aug 2024 23:08:48 GMT - Wed, 30 Oct 2024 23:08:47 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3
Size
4.5 kB (4460 bytes)
Hash
d8e5663f6dc451d7d3ce67eb729792c5
5f10b62e97dbee011c62d9e480514bdf10abb0a0
3691815439c80cd33895c95e325302efec3bae016e7ac4f6f82d972cc83a5c50

HTTP Headers

GET /logos/colmedica.com HTTP/1.1
Host: logos-cdn.skrapp.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colmedica.ankitqtllc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Sep 2024 23:59:51 GMT
content-type: image/jpeg
content-length: 4460
last-modified: Mon, 17 Oct 2022 06:57:02 GMT
etag: "d8e5663f6dc451d7d3ce67eb729792c5"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VHABrwhXVEpaa96A31dSD7OCVccRbjOG9jVtdo5OrhP9EoVBxNB-XQ==
age: 32529
cf-cache-status: DYNAMIC
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 8c02e50cbb031c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET i.imgur.com/9AxbM0o.png

199.232.192.193

200 OK

1.1 MB

URL GET HTTP/2
i.imgur.com/9AxbM0o.png
IP
199.232.192.193:443
ASN
#54113 FASTLY

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerSectigo Limited
Subject*.imgur.com
Fingerprint39:5B:E1:0D:4A:FC:A4:C7:F3:71:DE:C4:5C:12:69:F9:5F:58:9F:42
ValidityThu, 15 Feb 2024 00:00:00 GMT - Fri, 14 Feb 2025 23:59:59 GMT

File type
PNG image data, 2000 x 1272, 8-bit/color RGB, non-interlaced
Size
1.1 MB (1106219 bytes)
Hash
9a8059771fd3eeebab39959ecadf08d9
83c3b1f5443457926cfdb0a05879290fb027a4af
45ff8a27a23ae1962bb71d873aac017d4c4208f6dcba74650a3c53758eb79de1

HTTP Headers

GET /9AxbM0o.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colmedica.ankitqtllc.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
last-modified: Tue, 14 May 2024 17:05:39 GMT
etag: "9a8059771fd3eeebab39959ecadf08d9"
x-amz-storage-class: STANDARD_IA
x-amz-server-side-encryption: AES256
x-amz-cf-pop: IAD89-P1
x-amz-cf-id: j0nCSfTW4l-THf232VKpAce03RW7SKbsKmhWjQdqeNt_DV8VPy9VEw==
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 08 Sep 2024 23:59:51 GMT
age: 38101
x-served-by: cache-iad-kcgs7200129-IAD, cache-hel1410025-HEL
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 1942, 2
x-timer: S1725839992.851534,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 1106219
X-Firefox-Spdy: h2

POST colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/h/b/jsd/r/8c02e4f4cba156c6

188.114.97.1

200 OK

0 B

URL POST HTTP/3
colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/h/b/jsd/r/8c02e4f4cba156c6
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectankitqtllc.com
FingerprintEB:0F:BC:4F:34:EF:EF:B1:F8:AE:3C:AA:C0:43:C6:98:57:D2:D3:D1
ValiditySat, 07 Sep 2024 09:26:33 GMT - Fri, 06 Dec 2024 09:26:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8c02e4f4cba156c6 HTTP/1.1
Host: colmedica.ankitqtllc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12359
Origin: https://colmedica.ankitqtllc.com
DNT: 1
Connection: keep-alive
Referer: https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:52 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.ankitqtllc.com; HttpOnly; Secure; SameSite=None
cf_clearance=jIqWD_TqIqEMRc7ceRUlEBYrX.7neQY07Ks3QQUpSm4-1725839992-1.2.1.1-vNrL8UbUf5enrDZRm.qFTZnnl3.GESmTcvpFjDFULE6gAk6_UlJzX4G3_u5TOv4ufdZzcW5rM7Gj4ESnsNxOMmnMciVwk0ajBH42Qx80kZpT65tjOneUElJqMOj8sCWnEhD6skq9rppZDqZ8pWWAkGdagbk25uJ_QfBUxlRKA7IMsSPZAKkzG0PcI18L0eirLQZpCGGY8kwIF2SNFZKhkvpjwIc5L6Bat7ngbHIY6_jtAVsxptKV39TsuMn3FmQsuyIzjaIHM.L0uni4kPeUC3TAeKIPiuyf_6l8OotOVVcIPIUtnOHFyc7wTBV_hzAT_pZfy_YFreUyBhB1tz5GYg; Path=/; Expires=Mon, 08-Sep-25 23:59:52 GMT; Domain=.ankitqtllc.com; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HjdyMRL5KFZdq04m0PHPX1NkxPEPmCfR1wBo5qoa0QfaJVh0phfFJNyvsKHT2kr8RxdXCpAKe%2FH1Ht284M3xdRuWN5KEhtQ9JnwZU8Gp8RpYstpHC5SxVrQKIXQf3hd6VTwNAZOKoSptAGE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8c02e50e2e500b02-OSL
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D

104.18.95.41

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:52 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8c02e50edbf8569a-OSL
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8c02e50e5bbf569a/1725839992454/TTi_q_euYucM8r4

104.18.95.41

200 OK

61 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8c02e50e5bbf569a/1725839992454/TTi_q_euYucM8r4
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
PNG image data, 63 x 98, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
a6a1f3d5ce2e75af3d77afb79be09b25
620b49967436bf0e9b221c676f54a53c91c6751b
212af4cfa0d2a5e0570528fc7130921351c8e12e328e1ad9ea312c885ce100e6

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/8c02e50e5bbf569a/1725839992454/TTi_q_euYucM8r4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:53 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8c02e515df38569a-OSL
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8c02e50e5bbf569a/1725839992457/2be1d4f43faca76d811436d6fdb104213bdd21cd21bbc0a724f2dd680337884e/smEjJzl-NboFpL_

104.18.95.41

401 Unauthorized

1 B

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8c02e50e5bbf569a/1725839992457/2be1d4f43faca76d811436d6fdb104213bdd21cd21bbc0a724f2dd680337884e/smEjJzl-NboFpL_
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/8c02e50e5bbf569a/1725839992457/2be1d4f43faca76d811436d6fdb104213bdd21cd21bbc0a724f2dd680337884e/smEjJzl-NboFpL_ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Sun, 08 Sep 2024 23:59:54 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gK-HU9D-sp22BFDbW_bEEITvdIc0hu8CnJPLdaAM3iE4AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAk_yrAtSPL5vmkgpuBy3KJLPICALzWRTikGvxmWlYumLaVTZtT8T91l1gHHr_V8lvB_vp0Cjnf9K0DA2HRjCjecBAH7jCacU7SQjJBvrMou2QLY130cw7WOtHx54StslWePdpIkXLd_M8liyoz5mbZj0yoxreAg58EDWAo20k8CWPclaA1rhC18NNEA9oyfLkOOXWpUlLv8AhOqhwYJ0ip8NggkJUhgwi_XzVlUROklNicnKuAhNClxN1KdL6pN8PGzAFPcnJ-8I6xtEfjAKgtAs-dGrsUqmpwmMHHozHdJ1qt1lSkM90g61k5gaSrL4VXkche32jqdSa27sI9NiHzwIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tICvh1PQ_rKdtgRQ21v2xBCE73SHNIbvApyTy3WgDN4hOABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tICvh1PQ_rKdtgRQ21v2xBCE73SHNIbvApyTy3WgDN4hOABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAuJroJOc-tyeoeQjFgfJ8GZidY1pYZ3E6vnRPKA0M4VuvYINC4ZmqLOQzac3aJzNuRrxrQ8vCXrvu97kqdHJSuD7c4F3hVN6pS2ay8sAL7u7jJt6lacsQHuSPC9EIde0igAXxPC2mDw7WVmKBnW1L8eX49fv385hVn2lkvVbn6g2RCo-8cr_vCaywLT1Y4m5m_6XjP6Oekt71A2a9NKotkb81Y8DjanuZ8fdTQWt6O8NqyhDobyHRcF9-9o8acjcIRT5cfkSGzFdMpznnIFdDtr33BOQv2usHcnClM6om78iaqVMykh3JylHkrYXv9gOBIy3r8i0wOr_0t9XKtgxipQIDAQAB", max-age=20
server: cloudflare
cf-ray: 8c02e51dbd11569a-OSL
alt-svc: h3=":443"; ma=86400

GET colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8

188.114.97.1

200 OK

78 kB

URL User Request GET HTTP/2
colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectankitqtllc.com
FingerprintEB:0F:BC:4F:34:EF:EF:B1:F8:AE:3C:AA:C0:43:C6:98:57:D2:D3:D1
ValiditySat, 07 Sep 2024 09:26:33 GMT - Fri, 06 Dec 2024 09:26:32 GMT

File type
HTML document, ASCII text, with very long lines (951)
Size
78 kB (77568 bytes)
Hash
a3feed85744b52214bd09032c65c8811
c4939f5840d4811ed053755c837dee6e909a5efd
c854e8751f5567f96cea50cbb97b444d2abe756e5e5f5be73a42da3af93bd392

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8 HTTP/1.1
Host: colmedica.ankitqtllc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Sep 2024 23:59:51 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c2A1QhbZuZEA55cqugQ6FHvc1aBIjb3O9hJHbOx1oa8l67vOBR2C4ckdg%2FSbOvQ1Rx1FbMLAI849uINQjbH8WzOD%2BNlb6w%2FF2%2BXRgI7tGJGnRET%2B%2Bk5J9KRGYNqI24ZI7TGAgeNx%2BmNjZ44%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c02e4f4cba156c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET colmedica.ankitqtllc.com/favicon.ico

188.114.97.1

404 Not Found

7.6 kB

URL GET HTTP/3
colmedica.ankitqtllc.com/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectankitqtllc.com
FingerprintEB:0F:BC:4F:34:EF:EF:B1:F8:AE:3C:AA:C0:43:C6:98:57:D2:D3:D1
ValiditySat, 07 Sep 2024 09:26:33 GMT - Fri, 06 Dec 2024 09:26:32 GMT

File type
ASCII text, with no line terminators
Size
7.6 kB (7560 bytes)
Hash
658c9286407aeee268ba52e45da2252a
18591157b79780b4edf9b66af042581fa5a36756
394c095c2710c6a131c27fb7e00ada38ec005c86b512403062ed81c33f6b51f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: colmedica.ankitqtllc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sun, 08 Sep 2024 23:59:52 GMT
content-type: text/html
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8SgHkwjCUvZ4eE3ubyt%2FmA1X9qMH14%2Fmhgwjre1h2nZo%2FHzh%2BDHJoI0Ug85R96rcq5rcOjxFPLrHVhKd0Ml2BvUnoWKzoVX6ehiaKomhsfRpGeU%2Bslk54zleIS2lX3LBXzZI6F6PrMcYYsA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c02e50dde400b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/469178812:1725837891:5XY_wee9OzaE9bcXk5Cr6c_MqW_6i55-0NRtqgmVsqA/8c02e50e5bbf569a/55f34a40fc11977

104.18.95.41

200 OK

26 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/469178812:1725837891:5XY_wee9OzaE9bcXk5Cr6c_MqW_6i55-0NRtqgmVsqA/8c02e50e5bbf569a/55f34a40fc11977
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
ASCII text, with very long lines (26304), with no line terminators
Size
26 kB (26304 bytes)
Hash
04ef27774d00545e20729a48c30cd0ba
02dbd235abbacd8e8389c9d371348c387db246ec
c108aaa47273110619aa31288f5474af1ca42384252c3939190ab92978386f6b

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/469178812:1725837891:5XY_wee9OzaE9bcXk5Cr6c_MqW_6i55-0NRtqgmVsqA/8c02e50e5bbf569a/55f34a40fc11977 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 55f34a40fc11977
Content-Length: 28762
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:54 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: BuejLlLqXROJ5DYYssY7SP1BX/PsXtAjaVjML8la9Sy24pfG5+eMFa0O7vr6UEbZf0sQ7692NLF8YZz+$ShCBIdZfI6JvpLNK
server: cloudflare
cf-ray: 8c02e51f1e2b569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/469178812:1725837891:5XY_wee9OzaE9bcXk5Cr6c_MqW_6i55-0NRtqgmVsqA/8c02e50e5bbf569a/55f34a40fc11977

104.18.95.41

200 OK

142 kB

URL POST HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/469178812:1725837891:5XY_wee9OzaE9bcXk5Cr6c_MqW_6i55-0NRtqgmVsqA/8c02e50e5bbf569a/55f34a40fc11977
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
142 kB (142128 bytes)
Hash
74904f26f8ecc742651b57d7390e0e7c
884ece947f3b58f297c31c2577404a0d99ad11a9
a0c2951dc8ceb093742f2f198b1fcdf50a5fdef6b3a59836c5a37b12b80f3cc2

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/469178812:1725837891:5XY_wee9OzaE9bcXk5Cr6c_MqW_6i55-0NRtqgmVsqA/8c02e50e5bbf569a/55f34a40fc11977 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: 55f34a40fc11977
Content-Length: 2882
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:52 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: dAGF88+V/pPr29Hp4IIkERD+CNNFP3NU4NJf0GfvGSxvosbzc/t8hjPLR/tLNn4cm91UnO5jE37K/EEfpFEJj3yckywzzoOZh7h6YAMsFP2qR6UOrMSrTzsnPL++0FSukDBb+h7Rnzy5sXDNGmlN/cAUwxtAHb5C4rcdFl5B98LocPSMZf9VtbHF8jl1hsAE3m5afVAxEF30/3Ceg5Otqy+t7+GXXMwmTUgEkmpmipoVplf9L4lOKjRZA16ZIl1vGXyBx+SzpAwoH+JH9JmLViVirJ7095nP9k0i+Mm1HubLh5pQc7c/rV2/K5ZFzv4czl67qLMIeZ7SEavEAXGu5b9N2CuL9lLirUL9BtxZ3PTKfFxgtIrIXuIPsGWyHSiC/7lEeEV/CaCCta4uH1muDRos+WXqd+/jkJnB8Grule+uagLy2snDLOvmLhqHL7zHxEgqh9YfcYcoQdNr2fihPZrfg6g34El8hDUVQGBRAg==$8dTWQwm7HnAbtg+9
server: cloudflare
cf-ray: 8c02e510ccb3569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?

188.114.97.1

200 OK

8.0 kB

URL GET HTTP/3
colmedica.ankitqtllc.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js?
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectankitqtllc.com
FingerprintEB:0F:BC:4F:34:EF:EF:B1:F8:AE:3C:AA:C0:43:C6:98:57:D2:D3:D1
ValiditySat, 07 Sep 2024 09:26:33 GMT - Fri, 06 Dec 2024 09:26:32 GMT

File type
JavaScript source, ASCII text, with very long lines (7964), with no line terminators
Size
8.0 kB (7964 bytes)
Hash
82afe475bf1034fa431b00ba4562e8ae
f2cc4efac1bec73fafd4b4fa242c84da4e0a7c3c
ca5e53e49b2e8bc0d36025af011eee562d91887492ad95eecd36e074ca91b934

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/a5b175b00260/main.js? HTTP/1.1
Host: colmedica.ankitqtllc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:51 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KpMW327prWoOMTq%2Bsanl1vILVqIdeIzdSgb1Sk47Ex7jMTWIqKuumtLeeksFWugZ5eVtx0MrwyUHQga8XsJEF1YoEAF0doZ3%2Fn8Emw62FJECPeE7LpAI4ScYBG4x3KDDALKuJVEYWC1Q6Oc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c02e50c9dd90b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/

104.18.95.41

200 OK

74 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
HTML document, ASCII text, with very long lines (37809)
Size
74 kB (74497 bytes)
Hash
f7d271d58ec52101e8e52704033eedf0
a144ee402674a5600fa19c0a125f2d8d51689949
dae5ff01430649b9a1780914f4461ec678fb4506c970d9df55fcd79f907afc87

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://colmedica.ankitqtllc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:52 GMT
content-type: text/html; charset=UTF-8
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-opener-policy: same-origin
origin-agent-cluster: ?1
cross-origin-embedder-policy: require-corp
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 8c02e50e5bbf569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8c02e50e5bbf569a&lang=auto

104.18.95.41

200 OK

120 kB

URL GET HTTP/3
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8c02e50e5bbf569a&lang=auto
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
120 kB (120459 bytes)
Hash
b97b6ef0e9489fed9aefc9f4162f07bb
d33994124320ce59262a2862cbc2a7a74f4124bd
7b52cb2b38eb8ef9826da250b92326efb1179401c171b2dc2dee1d12f407f4a0

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8c02e50e5bbf569a&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/5z0xj/0x4AAAAAAAitI1_OTywSHxjG/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Sep 2024 23:59:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8c02e50edbf9569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/turnstile/v0/b/a5b175b00260/api.js

104.18.95.41

200 OK

46 kB

URL GET HTTP/2
challenges.cloudflare.com/turnstile/v0/b/a5b175b00260/api.js
IP
104.18.95.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://colmedica.ankitqtllc.com/bllmhxohkkxdduu/aapqgkangcrpk/Znhqdumrkskyewe89g0xmaersk/erewrtemaqtabu/fyydhfxjscw/nandarm/tdvahipyoxx/colmedica.com/wqqrldxnxrxz8
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4
ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

File type
JavaScript source, ASCII text, with very long lines (45805)
Size
46 kB (45806 bytes)
Hash
57a4011b45a950c27c1c638c9abf655b
ce3ca250a31b8a891d55b7ee51dd09fd201d1033
f260796d39e01df74e820ed2e7de42f0a397d8c5b9751c58d68746066155a9c7

HTTP Headers

GET /turnstile/v0/b/a5b175b00260/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://colmedica.ankitqtllc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Sep 2024 23:59:51 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 02 Sep 2024 16:25:39 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8c02e50c8b67b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (44)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations