Report - txpxeo.qctdz.com/

Report Overview

Visited public
2025-01-04 11:38:27
Tags
URL
txpxeo.qctdz.com/
Finishing URL
txpxeo.qctdz.com/
IP / ASN
172.67.155.22
#13335 CLOUDFLARENET
Title
Telegram

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

108

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
txpxeo.qctdz.com	unknown	2023-01-19	2025-01-04	2025-01-04	12 kB	1.4 MB	172.67.155.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram
2025-01-03	medium	txpxeo.qctdz.com/	Telegram

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed
2025-01-04	medium	qctdz.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	txpxeo.qctdz.com/6708.05075ec696cf1bca34b2.js	ScriptElement	10 kB	2024-08-15	2025-04-24
Pretty URL txpxeo.qctdz.com/6708.05075ec696cf1bca34b2.js IP 172.67.155.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-15 13:06 Last Seen2025-04-24 11:39 Times Seen497 Hash 96ef59c5330eda8a6049dc0850b9d2c3 3293c0574ac9cd31a37f9ad740cebd8d0d0aee69 1f105f736a0aeac0e3d3c6cf76b3da36820054850484015b8befa243e1bef253 Loading...

	txpxeo.qctdz.com/compatTest.js	ScriptElement	2.5 kB	2024-06-30	2025-04-25
Pretty URL txpxeo.qctdz.com/compatTest.js IP 172.67.155.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-30 22:36 Last Seen2025-04-25 11:26 Times Seen4554 Hash da7800ea928a021f2539ab41e6f2323e 0141da1dc85ca8f34212f3dde2fac9bf61f5adb7 15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf Loading...

	txpxeo.qctdz.com/main.9a912c00d881695d0ddb.js	ScriptElement	439 kB	2024-08-26	2025-04-24
Pretty URL txpxeo.qctdz.com/main.9a912c00d881695d0ddb.js IP 172.67.155.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-26 11:45 Last Seen2025-04-24 11:39 Times Seen317 Hash fbb3255985fdbb3b866c764f2b4b2f59 99048f8ff4b7155676fa1639ca4444211d4740b2 dc29b8a0507b3b28a459de068b3b1bf5b66331a72e96c74e6ed47a856b8d5a8f Loading...

HTTP Transactions (27)

URL IP Response Size

txpxeo.qctdz.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

172.67.155.22

200 OK

11 kB

URL GET HTTP/3
txpxeo.qctdz.com/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/main.b563a1b1790456b66383.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:03 GMT
content-type: font/woff2
content-length: 11016
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
etag: "676270af-2b08"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdUZntqAc7FBjbtwVNdHB7Li%2BhmN8K2TxJsu5XCsvjCuTkjOcH1QmzDndB0bv0Sszs4ppHIprkpRqhgLF4Kp0asgrd31Eszax3YJJk18h1LY8ues3THL9POEZ9t%2BkpxS%2F6HO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fcaf0ab7a7156ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2112&min_rtt=936&rtt_var=1128&sent=180&recv=21&lost=0&retrans=0&sent_bytes=196759&recv_bytes=3051&delivery_rate=72651202&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=1272&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/

172.67.155.22

200 OK

5.4 kB

URL User Request GET HTTP/2
txpxeo.qctdz.com/
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
5.4 kB (5391 bytes)
Hash
e464c5ad2b7aca0117069b93ab5aa98d
9e2036377f8d1b72e9277de72c7090ca6c2bb5fa
4a945d985d4421b85d7c9b6841ffe233b11137808005870545b1ddf26e5ea704

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Jan 2025 11:38:02 GMT
content-type: text/html
last-modified: Wed, 18 Dec 2024 06:50:24 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HDRPwQvws0%2FNBpMzE9x%2FhXXLys1wGHHNaWFCPCWrqYX3nEkhAs18FGLStszxioHWt9pOh6ZznJKNDrorB3rA%2BgF3d3%2Bmk4Ib3j%2FNCPlJ8jh5%2FA0oyE5HltwVHZXDFg%2FSIhQB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0a1b864b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5775&min_rtt=605&rtt_var=10329&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3191&recv_bytes=1118&delivery_rate=6787500&cwnd=254&unsent_bytes=0&cid=0db9e58fd6d1be9a&ts=594&x=0"
X-Firefox-Spdy: h2

txpxeo.qctdz.com/main.b563a1b1790456b66383.css

172.67.155.22

200 OK

25 kB

URL GET HTTP/3
txpxeo.qctdz.com/main.b563a1b1790456b66383.css
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
ASCII text, with very long lines (10891)
Size
25 kB (24839 bytes)
Hash
88af7a93243b7d0d3259dd44372ce866
d6e3dd205debb515858b0accea0a61eb5bba52ed
212edf6f9e15e37091b3e072b24b654ab4abfffb8891d2b16ac6428246b8c928

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.b563a1b1790456b66383.css HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:03 GMT
content-type: text/css
last-modified: Wed, 18 Dec 2024 06:50:24 GMT
vary: Accept-Encoding
etag: W/"676270b0-1a073"
expires: Sat, 04 Jan 2025 23:38:02 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=btOmoGC9h4guwdWmhmEGY9gukhSjTzX6fYxZAL9sLjjIclBANZvdTyf%2FeinXAtB1GUPu6%2FIllsKNMlGIXhlfE3uH8EESJ1k64SSsy59PmNTd93o%2FYuGeW03NDFMTdxkKCyYF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0a6ba1256ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3229&min_rtt=2328&rtt_var=1453&sent=17&recv=11&lost=0&retrans=0&sent_bytes=5974&recv_bytes=1748&delivery_rate=2320&cwnd=12000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=813&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/compatTest.js

172.67.155.22

200 OK

12 kB

URL GET HTTP/3
txpxeo.qctdz.com/compatTest.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
gzip compressed data, from Unix
Size
12 kB (11876 bytes)
Hash
081a3e027fe6c063c4569e67383a6a4b
fa03f6d0a3cb0f21ccea651e5af98f97fb49eeb9
82670f931d89fbcef56cc5cabd0718e44f0af673c5e99253eea71346f1893e2a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /compatTest.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:03 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:24 GMT
vary: Accept-Encoding
etag: W/"676270b0-9f0"
expires: Sat, 04 Jan 2025 23:38:02 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z19GYoH5RMaHgp%2F1CXx0OQMCUxcurnq6T8X%2Fgl2vT1R1fMOqHwgmOfjbIeP79et9ePTns5rpRpDc0AxkvtKV0aUMXR3zeaYUTQbdP54N3yKoHieiWr%2FmBI0zBfFeClht6njL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0a6ba1c56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3357&min_rtt=2367&rtt_var=1595&sent=15&recv=10&lost=0&retrans=0&sent_bytes=4191&recv_bytes=1704&delivery_rate=248776&cwnd=12000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=785&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/favicon-32x32.png

172.67.155.22

200 OK

734 B

URL GET HTTP/3
txpxeo.qctdz.com/favicon-32x32.png
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
734 B (734 bytes)
Hash
b57d8d2f8dd9c25272a03b1ede73c9d3
b2a7dfef5edb775ae8326c9a6c073e986829766f
3182f898341813d110b67fefd45c253d20e3fd803baec16cde730f82a38d62f7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon-32x32.png HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:04 GMT
content-type: image/png
content-length: 734
last-modified: Wed, 18 Dec 2024 06:50:24 GMT
etag: "676270b0-2de"
expires: Mon, 03 Feb 2025 11:38:04 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87mW0oakKXq2EHnw%2BmAQ32XdH74KBZZuHHV%2Fx%2BF%2FV3a1vwIlyHdZqOxopqA6R2hh6M%2Br9LZODbvZZtVQqoP5AoZKWE07TW0yktNchlqIyFMrohwdAgY0LXM3%2FX7RWSOOhtTw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fcaf0ae9e5156ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1881&min_rtt=936&rtt_var=822&sent=203&recv=26&lost=0&retrans=0&sent_bytes=221410&recv_bytes=3747&delivery_rate=4938718&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=2060&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/apple-touch-icon.png

172.67.155.22

200 OK

2.4 kB

URL GET HTTP/3
txpxeo.qctdz.com/apple-touch-icon.png
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.4 kB (2445 bytes)
Hash
11f7b26992091be6fe0224304f3779ce
9914cc1a57c775a11767341950661c674ec558b0
a0347b0c97d3067f47a63724bf758a844c62b74c18837816e7a95e5053726859

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:04 GMT
content-type: image/png
content-length: 2445
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
etag: "676270af-98d"
expires: Mon, 03 Feb 2025 11:38:04 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fD5E3exMaZKPpF0ylWSrYvErGzMh2tsj%2B%2BscblP%2FYbtAbxSwJTdV6Tn5BNVCUybI2Wq9C89jccefS4Mklq2aghi4la7ShXdR2tiDU4EcAQtnndNY81wvnY7I6RwOP74ACwRf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fcaf0ae9e4d56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1774&min_rtt=936&rtt_var=832&sent=205&recv=27&lost=0&retrans=0&sent_bytes=222890&recv_bytes=3793&delivery_rate=931569&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=2073&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.155.22

200 OK

168 kB

URL GET HTTP/3
txpxeo.qctdz.com/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
gzip compressed data, from Unix
Size
168 kB (168230 bytes)
Hash
55f1533b3e3e54956365c59b9eb6fb28
472b2300689dd14917223e2401124d52b5856d23
5841b23e2541d6bc735f21f0e77122005028d5af12aa1796dc80b201a2d6b82e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:24 GMT
vary: Accept-Encoding
etag: W/"676270b0-10037"
expires: Sat, 04 Jan 2025 23:38:09 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4kVdWfC6vIYWBQaLOlj%2B4HfQ1l0zzXPuiHiqHDqW6b%2Fp8XPd%2BthRvJDFE722wPFdWAU%2B4zcSPUK2JckJB7seuYsyGybs7y6cz6%2BbzfdSAAPKTDs3R8yeNhly%2Fea9LnGiTe2I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0d0b95b56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1266&min_rtt=936&rtt_var=205&sent=436&recv=69&lost=0&retrans=0&sent_bytes=469174&recv_bytes=10657&delivery_rate=45215&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=7534&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js

172.67.155.22

200 OK

2.5 kB

URL GET HTTP/3
txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (2628), with no line terminators
Size
2.5 kB (2502 bytes)
Hash
f1e52bed22548c1f7e2fce0522cd4a82
41e036d1f96cfb47fb93fc121083185660cf1b86
27d08f1a88bf79a17d448203d046e206aa249bc86bd99cf67c4e88e6aef34255

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9357.1f6836f2d95171420e95.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-9c6"
expires: Sat, 04 Jan 2025 23:38:09 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gIKrQiVz9slGe1cqHxPIPHbgycaGnb739OIat81c80v5qPpKAXBPmlkQNwTcf75OdMpGS35AqVsCm5nP8%2BxY5gvj%2FoS0mOXx%2FYkS7bu5tSwX3H%2BfrXSrtbiGxP5DDP4QO1mb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0ccfcb356ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1352&min_rtt=936&rtt_var=342&sent=407&recv=62&lost=0&retrans=0&sent_bytes=439738&recv_bytes=9605&delivery_rate=3854&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6944&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js

172.67.155.22

200 OK

21 kB

URL GET HTTP/3
txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (21341)
Size
21 kB (21424 bytes)
Hash
4ed38bfe5a91818dc89b8e94b809c616
768694610faf78cc071230229c990821c456e2fb
a0a5bd8a76f26757141750073dddaba0527a2e3a3be9a4566a46ab4fd13f1c28

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7784.ec5164938531ffe545a2.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-53b0"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwRt2U7oVtVVRY%2Frnuq48LY2B%2B%2B6NuZwzLK3cTtbju4LQzhJJbxSs0KMbn1ljf%2FJGcAjOf7uCCNu2hleLX7iohQbt%2FA2mCIKO4DQItGFtkdns7JIeqzUJ0GYqg6ns%2FZ%2BDHr9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c56b0256ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1522&min_rtt=936&rtt_var=368&sent=237&recv=42&lost=0&retrans=0&sent_bytes=250052&recv_bytes=6534&delivery_rate=2667092&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5702&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/5905.7740c1743540df2d6991.js

172.67.155.22

200 OK

140 kB

URL GET HTTP/3
txpxeo.qctdz.com/5905.7740c1743540df2d6991.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140180 bytes)
Hash
46648d77dd491aa690f065c72bcba0c8
0c06eb281c296bec1d6a5ba710e94392689a90dc
145628cfa23f0607acd86035ca9ee8f3179c980d848d52564bcff7334db4af10

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5905.7740c1743540df2d6991.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-22394"
expires: Sat, 04 Jan 2025 23:38:08 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0EoeATvYCMkAp%2BHK7GlxoZEqwu5FPG4E5GH0mk1D235%2BccKU1PFPf%2FUziJzIaqiz28zXnkZeZ3vaaKkO72w4FS6NLwwyX3aHoX3edD9vJFoPJcfmEid5KCyDuYK3lPbOUEIf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c93f6b56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1413&min_rtt=936&rtt_var=273&sent=337&recv=52&lost=0&retrans=0&sent_bytes=362169&recv_bytes=7950&delivery_rate=16609838&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6338&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/5905.7740c1743540df2d6991.js

172.67.155.22

200 OK

140 kB

URL GET HTTP/3
txpxeo.qctdz.com/5905.7740c1743540df2d6991.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140180 bytes)
Hash
46648d77dd491aa690f065c72bcba0c8
0c06eb281c296bec1d6a5ba710e94392689a90dc
145628cfa23f0607acd86035ca9ee8f3179c980d848d52564bcff7334db4af10

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5905.7740c1743540df2d6991.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-22394"
expires: Sat, 04 Jan 2025 23:38:08 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8wcS%2Fuubp5UO1z7f0yq1NYJ6dfUI9itsq4FgsmRBbit6g6aSsTdx6o%2FMxPj1iRSWklnRf%2BEhxOAB0TxgUC0RFZiyswplzW5QJPump1dW8FyrFhOQWLpJoMzM1qkJKwqSFcf3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c95f9a56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1377&min_rtt=936&rtt_var=268&sent=305&recv=51&lost=0&retrans=0&sent_bytes=324426&recv_bytes=7904&delivery_rate=70908&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6325&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js

172.67.155.22

200 OK

2.5 kB

URL GET HTTP/3
txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (2628), with no line terminators
Size
2.5 kB (2502 bytes)
Hash
f1e52bed22548c1f7e2fce0522cd4a82
41e036d1f96cfb47fb93fc121083185660cf1b86
27d08f1a88bf79a17d448203d046e206aa249bc86bd99cf67c4e88e6aef34255

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9357.1f6836f2d95171420e95.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-9c6"
expires: Sat, 04 Jan 2025 23:38:09 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o87tTnR5KL1%2BtmOWQLQ%2BdiYz%2BBEBHYijp%2B2Fmlv7%2BAtvbwy%2BoKHdCw8qA8hVZni7W%2BJymcalKSlPr7krkHn6Vd7%2FX6qaIeVWvpPJfZerE2gmMpKu3D75h1JCr1jqKBxI2Fz6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0ccfcbd56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1284&min_rtt=936&rtt_var=307&sent=413&recv=66&lost=0&retrans=0&sent_bytes=443722&recv_bytes=10275&delivery_rate=107926&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6997&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/main.9a912c00d881695d0ddb.js

172.67.155.22

200 OK

439 kB

URL GET HTTP/3
txpxeo.qctdz.com/main.9a912c00d881695d0ddb.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type

Size
439 kB (438807 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /main.9a912c00d881695d0ddb.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:03 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:24 GMT
vary: Accept-Encoding
etag: W/"676270b0-6b217"
expires: Sat, 04 Jan 2025 23:38:02 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bU71qoBAR4RT%2FB%2BFZNmv4C4sJwt4j7Vliv%2F2AkZEWZ0zLXh3P1tFggn9rkXIfqJTXFL5o2agAE7Xy5IZjUKnTMsAQ9Sf9050qGxyeW6UCC3E5RItUIMwkRNFqbyq3QsAllhj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0a6ba1856ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2848&min_rtt=1183&rtt_var=1507&sent=39&recv=13&lost=0&retrans=0&sent_bytes=32089&recv_bytes=1835&delivery_rate=11923174&cwnd=24000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=833&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/notification.mp3

172.67.155.22

206 Partial Content

11 kB

URL GET HTTP/3
txpxeo.qctdz.com/notification.mp3
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
Size
11 kB (10880 bytes)
Hash
eba09b6a457792c52fc610b5f9f974b3
95e6e0f7648e28ea21bc434054ea59aba3a35aea
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /notification.mp3 HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Sat, 04 Jan 2025 11:38:04 GMT
content-type: audio/mpeg
content-length: 10880
last-modified: Wed, 18 Dec 2024 06:50:24 GMT
etag: "676270b0-2a80"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-range: bytes 0-10879/10880
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UL8ItOFyDgsTomTbPWs36hJE3Izv0%2FPmcVu99KSYbyM5RscRqoFsGR%2FChSLEw3a0kENjX7BNk8oyTz5eORW6Nx8D4ea2X70pX5VcVXQJ5iUmstJGsOY3lj9rSMrCJ7k7g1wi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fcaf0ab9a9a56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1952&min_rtt=936&rtt_var=907&sent=193&recv=25&lost=0&retrans=0&sent_bytes=209551&recv_bytes=3701&delivery_rate=7489&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=1610&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js

172.67.155.22

200 OK

21 kB

URL GET HTTP/3
txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (21341)
Size
21 kB (21424 bytes)
Hash
4ed38bfe5a91818dc89b8e94b809c616
768694610faf78cc071230229c990821c456e2fb
a0a5bd8a76f26757141750073dddaba0527a2e3a3be9a4566a46ab4fd13f1c28

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7784.ec5164938531ffe545a2.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-53b0"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KMwGVxy%2B81SkRmCybDs3vUI%2BCeEo0FP8LeYBFR4bvEldt8HB2TFswwbQgoPsAtPtfKBjjCnoWbXSqWMvx3Er1fWA%2B8K3sqJIbwcT1g0dH53XaAceBZ%2BSPJyY0E%2FnjMwN%2BJQU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c5db7156ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1400&min_rtt=936&rtt_var=343&sent=264&recv=48&lost=0&retrans=0&sent_bytes=277515&recv_bytes=7527&delivery_rate=655282&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5783&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js

172.67.155.22

200 OK

2.5 kB

URL GET HTTP/3
txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (2628), with no line terminators
Size
2.5 kB (2502 bytes)
Hash
f1e52bed22548c1f7e2fce0522cd4a82
41e036d1f96cfb47fb93fc121083185660cf1b86
27d08f1a88bf79a17d448203d046e206aa249bc86bd99cf67c4e88e6aef34255

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9357.1f6836f2d95171420e95.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-9c6"
expires: Sat, 04 Jan 2025 23:38:09 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUtcFgzuthyAqTau5l2wBI5kxg19vfco6UJE2nsOXa3SvHQz3mkKF3C4hqQYOiS8OUBQDJmEh8IFLFxkkGJ3YijKEAVcGNIW8kk34pfN%2Bp6Ii4CznEPx80%2BoojYn8djO7HaS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0cd1cca56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1404&min_rtt=936&rtt_var=319&sent=404&recv=60&lost=0&retrans=0&sent_bytes=437746&recv_bytes=9270&delivery_rate=589467&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6930&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/api/rcd

172.67.155.22

400 Bad Request

12 B

URL POST HTTP/3
txpxeo.qctdz.com/api/rcd
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
35b8479fc87fba9ff32f9cca75ca07a1
b0cbda90ec27954eccff7bf4f53b638658d7b83a
24d737c87fcd096c69cf283c47088aadf84e8adbae58a7f68f2c081afea41d53

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/rcd HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://txpxeo.qctdz.com/
Content-Type: application/json
Content-Length: 21
Origin: https://txpxeo.qctdz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 400 Bad Request
date: Sat, 04 Jan 2025 11:38:04 GMT
content-type: application/json; charset=utf-8
content-length: 36
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, User-Agent, Authorization
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TMNGtFOYlsr5dd4PTKiTFzMx2ZzaP57jKK92IVnVhqunOZbA5qHxIvIFciy%2FtND4hUuiOVgniWpOpD5BGdg4EPRMrdoiVdiYVUzoOn5I%2Fg20RDez4lbOTY0SNZLA%2FAuKjuNV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0ab9a9056ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2018&min_rtt=936&rtt_var=1033&sent=192&recv=24&lost=0&retrans=0&sent_bytes=208780&recv_bytes=3655&delivery_rate=40117&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=1564&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/6708.05075ec696cf1bca34b2.js

172.67.155.22

200 OK

10 kB

URL GET HTTP/3
txpxeo.qctdz.com/6708.05075ec696cf1bca34b2.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (10367), with no line terminators
Size
10 kB (10367 bytes)
Hash
96ef59c5330eda8a6049dc0850b9d2c3
3293c0574ac9cd31a37f9ad740cebd8d0d0aee69
1f105f736a0aeac0e3d3c6cf76b3da36820054850484015b8befa243e1bef253

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /6708.05075ec696cf1bca34b2.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:07 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-287f"
expires: Sat, 04 Jan 2025 23:38:06 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KR91kdXFlbRTThgFtLirvumfrl8HupbVPVAEp00brrRVKS2SF9qU%2FVK45WvM9aBeqLwav6MoSVSNcI1U8g8yK8cFkBzEVFsn4LbeFAIjVmzArC4U909pQnhEA%2FehNpIPfMdO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0be49d856ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1689&min_rtt=936&rtt_var=792&sent=209&recv=29&lost=0&retrans=0&sent_bytes=226129&recv_bytes=4093&delivery_rate=1954072&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=4549&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/8074.2a21714739b00af37659.js

172.67.155.22

200 OK

8.4 kB

URL GET HTTP/3
txpxeo.qctdz.com/8074.2a21714739b00af37659.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (8568), with no line terminators
Size
8.4 kB (8401 bytes)
Hash
cf029d23efef8096e18b597928dadca1
c82cd6d236f5bf526a350ce60e9830cd78bd7eb4
f5b1ea8910be7e403c7c2149044bb7f2664878d8f27c7ea93c24821b8c02b188

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8074.2a21714739b00af37659.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:07 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-20d1"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LsSKlxsGdkv67LIET7EZa6NTVdHiicdeGa2VLEDAbGOwLPCkDEax5O9dY4G%2BnujgAp8rYR5TGxguGrDhESz0Psq3MA0zIqnv8wmUstT%2BBRPmLoA9e798rBaqD1qBlbNhtoTS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c1feba56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1543&min_rtt=936&rtt_var=434&sent=231&recv=39&lost=0&retrans=0&sent_bytes=245241&recv_bytes=5920&delivery_rate=144416&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5184&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js

172.67.155.22

200 OK

21 kB

URL GET HTTP/3
txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (21341)
Size
21 kB (21424 bytes)
Hash
4ed38bfe5a91818dc89b8e94b809c616
768694610faf78cc071230229c990821c456e2fb
a0a5bd8a76f26757141750073dddaba0527a2e3a3be9a4566a46ab4fd13f1c28

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7784.ec5164938531ffe545a2.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-53b0"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EkAEAdMgYqf8Z9veRHhXbF8qNUxkqou7w%2BNlQ6A3zCf99tb6iOpKbQ9oz9um0yr8dyv%2BSrgM2WT3LUA2fPCLsNkEQpGS2pxHjprx0d%2FAHGRfjZOw9AUeUXVSaDarccfASlWP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c5cb6b56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1441&min_rtt=936&rtt_var=347&sent=255&recv=46&lost=0&retrans=0&sent_bytes=268362&recv_bytes=7196&delivery_rate=439874&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5751&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/8074.2a21714739b00af37659.js

172.67.155.22

200 OK

8.4 kB

URL GET HTTP/3
txpxeo.qctdz.com/8074.2a21714739b00af37659.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (8568), with no line terminators
Size
8.4 kB (8401 bytes)
Hash
cf029d23efef8096e18b597928dadca1
c82cd6d236f5bf526a350ce60e9830cd78bd7eb4
f5b1ea8910be7e403c7c2149044bb7f2664878d8f27c7ea93c24821b8c02b188

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8074.2a21714739b00af37659.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:07 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-20d1"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kBl7hs9cpn04HGmaFkq03OMe6CUVV%2FrADMgCVMXCUhLCwQVzx3j0ZcwW75m6aikzzAw3xpRjGF0t%2FAKOoZ3fFwI3Zz5FjlskPGn%2BoEDm%2BP9C6bwe5YIrqpXb9dXbX9r1BTly"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c1eea756ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1631&min_rtt=936&rtt_var=711&sent=217&recv=34&lost=0&retrans=0&sent_bytes=230912&recv_bytes=5215&delivery_rate=8288&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5120&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/5905.7740c1743540df2d6991.js

172.67.155.22

200 OK

140 kB

URL GET HTTP/3
txpxeo.qctdz.com/5905.7740c1743540df2d6991.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140180 bytes)
Hash
46648d77dd491aa690f065c72bcba0c8
0c06eb281c296bec1d6a5ba710e94392689a90dc
145628cfa23f0607acd86035ca9ee8f3179c980d848d52564bcff7334db4af10

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5905.7740c1743540df2d6991.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-22394"
expires: Sat, 04 Jan 2025 23:38:08 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0IM4E612qOW6ZvVcWGUqhJlz1m8NjYY5OzV79%2BWHk7qU%2BadOfWrdSzBom7JTjO3XBm876gWxFszlTvj%2B0S7uCPKo160CHsKCGkefc7ZGioWbamcaXS8n1U9gGWVsHHgg68C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c90f3856ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1365&min_rtt=936&rtt_var=326&sent=273&recv=50&lost=0&retrans=0&sent_bytes=286681&recv_bytes=7858&delivery_rate=354759&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6322&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/5905.7740c1743540df2d6991.js

172.67.155.22

200 OK

140 kB

URL GET HTTP/3
txpxeo.qctdz.com/5905.7740c1743540df2d6991.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140180 bytes)
Hash
46648d77dd491aa690f065c72bcba0c8
0c06eb281c296bec1d6a5ba710e94392689a90dc
145628cfa23f0607acd86035ca9ee8f3179c980d848d52564bcff7334db4af10

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5905.7740c1743540df2d6991.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-22394"
expires: Sat, 04 Jan 2025 23:38:08 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XmS5pHDUFxHc%2B8RcFa2ifppOz0R5lolKgH139SlfMDOUjWMdp6mFF5w0%2BKZs2CDbZ58yR4KTOwBblAIm9yJ1bwfRunddQXbNPrTWYNKHqjN0RwtCwMh6oXPFBUDvKbpwMnG1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c9880056ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1370&min_rtt=936&rtt_var=233&sent=371&recv=57&lost=0&retrans=0&sent_bytes=399973&recv_bytes=8895&delivery_rate=28551634&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6408&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js

172.67.155.22

200 OK

2.5 kB

URL GET HTTP/3
txpxeo.qctdz.com/9357.1f6836f2d95171420e95.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (2628), with no line terminators
Size
2.5 kB (2502 bytes)
Hash
f1e52bed22548c1f7e2fce0522cd4a82
41e036d1f96cfb47fb93fc121083185660cf1b86
27d08f1a88bf79a17d448203d046e206aa249bc86bd99cf67c4e88e6aef34255

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9357.1f6836f2d95171420e95.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:09 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-9c6"
expires: Sat, 04 Jan 2025 23:38:09 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FuMS39erFNI%2FPBnS6T%2F9gzFcJoKPLmFH6VnGtIxb%2FE2tWpD77UDmdhelfZc4UIDkLgZQxdrvv2fWwtG1xTZ6q4QNX0hARe9QQvOamf0bsBd%2FIW6S6eXlNlWEOtDqq1tnrgcn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0cd7d6356ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1307&min_rtt=936&rtt_var=347&sent=410&recv=64&lost=0&retrans=0&sent_bytes=441729&recv_bytes=9940&delivery_rate=528103&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=6970&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/8074.2a21714739b00af37659.js

172.67.155.22

200 OK

8.4 kB

URL GET HTTP/3
txpxeo.qctdz.com/8074.2a21714739b00af37659.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (8568), with no line terminators
Size
8.4 kB (8401 bytes)
Hash
cf029d23efef8096e18b597928dadca1
c82cd6d236f5bf526a350ce60e9830cd78bd7eb4
f5b1ea8910be7e403c7c2149044bb7f2664878d8f27c7ea93c24821b8c02b188

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8074.2a21714739b00af37659.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:07 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-20d1"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x4418CX8kf2aGS1ao42JkFPm7KefdXRUib7TXGILVNY1GSE3esWEQck1pms%2Brw4%2BqOX86RL6dJl%2BkHHEpifZrgjjHy08LC4jJXTyYJz0OlEMGsuyN1Um5KBSDTVMB88PSyRL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c1eeb556ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1582&min_rtt=936&rtt_var=475&sent=227&recv=38&lost=0&retrans=0&sent_bytes=240481&recv_bytes=5875&delivery_rate=612794&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5180&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/8074.2a21714739b00af37659.js

172.67.155.22

200 OK

8.4 kB

URL GET HTTP/3
txpxeo.qctdz.com/8074.2a21714739b00af37659.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (8568), with no line terminators
Size
8.4 kB (8401 bytes)
Hash
cf029d23efef8096e18b597928dadca1
c82cd6d236f5bf526a350ce60e9830cd78bd7eb4
f5b1ea8910be7e403c7c2149044bb7f2664878d8f27c7ea93c24821b8c02b188

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8074.2a21714739b00af37659.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:07 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-20d1"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rScHZuPSAF7nlb7asNBsqJ04RzxC%2FDqjnHId892mWXLdrVnlovOqFA5SJDGcseLq2Mimk%2BMMFZdE1ryH2xuzTigxJcf4JmRneIJQoNEFclZXCPVqW1JrQLJEBgMdaVCBJTqc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c1feb956ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1581&min_rtt=936&rtt_var=632&sent=222&recv=36&lost=0&retrans=0&sent_bytes=235698&recv_bytes=5545&delivery_rate=8619&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5138&x=1", cfExtPri, cfHdrFlush;dur=0

txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js

172.67.155.22

200 OK

21 kB

URL GET HTTP/3
txpxeo.qctdz.com/7784.ec5164938531ffe545a2.js
IP
172.67.155.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Certificate
IssuerGoogle Trust Services
Subjectqctdz.com
Fingerprint0F:A1:40:D9:1C:9A:77:8E:B9:74:0C:8B:F1:1E:E7:9C:CE:4D:85:A5
ValidityTue, 03 Dec 2024 01:59:06 GMT - Mon, 03 Mar 2025 01:59:05 GMT

File type
JavaScript source, ASCII text, with very long lines (21341)
Size
21 kB (21424 bytes)
Hash
4ed38bfe5a91818dc89b8e94b809c616
768694610faf78cc071230229c990821c456e2fb
a0a5bd8a76f26757141750073dddaba0527a2e3a3be9a4566a46ab4fd13f1c28

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7784.ec5164938531ffe545a2.js HTTP/1.1
Host: txpxeo.qctdz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://txpxeo.qctdz.com/8074.2a21714739b00af37659.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Jan 2025 11:38:08 GMT
content-type: application/javascript
last-modified: Wed, 18 Dec 2024 06:50:23 GMT
vary: Accept-Encoding
etag: W/"676270af-53b0"
expires: Sat, 04 Jan 2025 23:38:07 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: REVALIDATED
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VS%2Fi%2FRzx6LFOw9IQuo0uTfahTrqSO%2Bbu2xjtGBJIU0JRD8Mq07UzKN2ffT%2F8dbL8FF0qqrTZ0FI5h3bBPmPcJKOQbfkJaAbFX8hj71Mo42rJu46uXaEceCElKanawct1dDDz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fcaf0c58b2856ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1480&min_rtt=936&rtt_var=360&sent=246&recv=44&lost=0&retrans=0&sent_bytes=259210&recv_bytes=6865&delivery_rate=17879&cwnd=108000&unsent_bytes=0&cid=e9804e4dd186ada0&ts=5730&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (27)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size