www.uptycs.com Open in urlscan Pro
2606:2c40::c73c:67e2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Submission: On August 24 via api (August 24th 2023, 10:11:53 am UTC) from TR — Scanned from DE

Summary HTTP 95 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 31 IPs in 2 countries across 25 domains to perform 95 HTTP transactions. The main IP is 2606:2c40::c73c:67e2, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.uptycs.com.
TLS certificate: Issued by GTS CA 1P5 on July 24th 2023. Valid for: 3 months.

This is the only time www.uptycs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2606:2c40::c7... 2606:2c40::c73c:67e2	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
9	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:eeb9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8591	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:cc27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:a171	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7441	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6810:d7bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:d6bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:d4bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6812:8e36	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:1b79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
4	95.100.146.25 95.100.146.25	() ()
1	2600:9000:20c... 2600:9000:20c3:6800:18:15b9:5a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:780... 2a02:26f0:780::210:a423	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	18.173.187.35 18.173.187.35	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:20c... 2600:9000:20c3:9600:15:a0d3:77c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	() ()
1	2a00:1450:400... 2a00:1450:4001:831::2003	() ()
1	2600:9000:26d... 2600:9000:26db:c00:2:53b2:240:93a1	() ()
4 4	2620:1ec:21::14 2620:1ec:21::14	() ()
1	13.107.42.14 13.107.42.14	() ()
2	2600:1f18:e8a... 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a	() ()
1	2a02:26f0:480... 2a02:26f0:480:23::1726:62a7	() ()
5	2606:4700::68... 2606:4700::6810:ddee	() ()
95	31

29 2606:2c40::c73c:67e2 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.uptycs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:eeb9 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

2617658.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8591 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:cc27 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a171 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7441 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:d7bf (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:d6bf (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:d4bf (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:8e36 (United States)

ASN13335 (CLOUDFLARENET, US)

2617658.hs-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:1b79 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.100.146.25 (None, )

ASN- ()

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20c3:6800:18:15b9:5a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.segreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::210:a423 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.173.187.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-35.muc50.r.cloudfront.net

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20c3:9600:15:a0d3:77c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (None, )

ASN- ()

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (None, )

ASN- ()

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:26db:c00:2:53b2:240:93a1 (None, )

ASN- ()

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (None, ) 4 redirects

ASN- ()

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (None, )

ASN- ()

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a (None, )

ASN- ()

obs.segreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:23::1726:62a7 (None, )

ASN- ()

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:ddee (None, )

ASN- ()

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	uptycs.com www.uptycs.com	2 MB
10	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 11591 js.hubspot.com — Cisco Umbrella Rank: 7046 app.hubspot.com — Cisco Umbrella Rank: 5468 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6344 track.hubspot.com — Cisco Umbrella Rank: 2345	37 KB
8	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 12249 forms.hsforms.com — Cisco Umbrella Rank: 4358 forms-na1.hsforms.com — Cisco Umbrella Rank: 6909 perf-na1.hsforms.com — Cisco Umbrella Rank: 7683	7 KB
5	zoominfo.com ws.zoominfo.com ws-assets.zoominfo.com	20 KB
5	linkedin.com 4 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	5 KB
5	6sc.co j.6sc.co c.6sc.co ipv6.6sc.co b.6sc.co	16 KB
5	hubspotusercontent-na1.net 2617658.fs1.hubspotusercontent-na1.net	142 KB
4	hs-sites.com 2617658.hs-sites.com	39 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2212	17 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 9567	3 KB
3	segreencolumn.com ob.segreencolumn.com — Cisco Umbrella Rank: 16388 obs.segreencolumn.com	37 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	170 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4820 forms.hscollectedforms.net — Cisco Umbrella Rank: 4916	26 KB
2	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5631	11 KB
1	oribi.io cdn.linkedin.oribi.io	377 B
1	google.de www.google.de	408 B
1	doubleclick.net stats.g.doubleclick.net	254 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3101	254 B
1	clickcease.com www.clickcease.com — Cisco Umbrella Rank: 11127	54 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 772	5 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 8195	1 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2207	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3219	3 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4796	22 KB
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2866	361 B
95	25

	Domain	Requested by
29	www.uptycs.com	www.uptycs.com js.usemessages.com 2617658.hs-sites.com
5	2617658.fs1.hubspotusercontent-na1.net	www.uptycs.com
4	ws.zoominfo.com	js.zi-scripts.com ws-assets.zoominfo.com
4	track.hubspot.com
4	2617658.hs-sites.com	js.hubspot.com www.uptycs.com 2617658.hs-sites.com
4	js.hs-banner.com	www.uptycs.com js.hs-banner.com
3	px.ads.linkedin.com	3 redirects
3	js.zi-scripts.com	www.uptycs.com js.zi-scripts.com
3	perf.hsforms.com	www.uptycs.com
2	b.6sc.co
2	obs.segreencolumn.com	ob.segreencolumn.com
2	www.googletagmanager.com	www.uptycs.com www.googletagmanager.com
2	perf-na1.hsforms.com	www.uptycs.com
2	forms.hsforms.com	www.uptycs.com
2	cta-service-cms2.hubspot.com	www.uptycs.com js.hubspot.com
2	js.hubspot.com	www.uptycs.com 2617658.hs-sites.com
2	static.hsappstatic.net	www.uptycs.com 2617658.hs-sites.com
1	ws-assets.zoominfo.com	js.zi-scripts.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	www.google.de
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	www.clickcease.com	www.uptycs.com
1	snap.licdn.com	www.googletagmanager.com
1	ob.segreencolumn.com	www.googletagmanager.com
1	j.6sc.co	www.uptycs.com
1	cdn2.hubspot.net	2617658.hs-sites.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	forms-na1.hsforms.com	www.uptycs.com
1	app.hubspot.com	www.uptycs.com
1	js.hs-analytics.net	www.uptycs.com
1	js.hscollectedforms.net	www.uptycs.com
1	js.hsadspixel.net	www.uptycs.com
1	js.usemessages.com	www.uptycs.com
1	no-cache.hubspot.com	www.uptycs.com
1	s7.addthis.com	www.uptycs.com
95	40

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
twitter.com
www.facebook.com
attack.mitre.org
ip-api.com
www.youtube.com

Subject Issuer	Validity	Valid
www.uptycs.com GTS CA 1P5	`2023-07-24` - `2023-10-22`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
hs-sites.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
6sc.co R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
*.segreencolumn.com Amazon RSA 2048 M01	`2023-07-18` - `2024-08-16`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
js.zi-scripts.com Amazon RSA 2048 M02	`2022-10-17` - `2023-11-15`	a year	crt.sh
clickcease.com Amazon RSA 2048 M02	`2022-10-27` - `2023-11-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Frame ID: 1C43E426CC10786F8812FB6E8A1C0655
Requests: 86 HTTP requests in this frame

Frame: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true
Frame ID: F1C9A15079953BA5D8A44BF8DE1F39EF
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mitigating Remote Access Trojan Infection Risk: Telegram/Qwixx RAT

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AddThis (Widgets) Expand

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

95
Requests

98 %
HTTPS

87 %
IPv6

25
Domains

40
Subdomains

31
IPs

2
Countries

2893 kB
Transfer

4806 kB
Size

13
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1497/
Title: Sandboxie, VirtualBox

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047/
Title: WMI queries

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1564/001/
Title: hidden

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1053/
Title: scheduled task

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1016/001/
Title: ping

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057/
Title: process list

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0010/
Title: shared with the attacker via a Telegram channel

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1113/
Title: screenshot

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1555/003/
Title: \User Data\Default\Login Data

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1414/
Title: clipboard manager

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1041/
Title: commands

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082/
Title: victim's machine

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1518/001/
Title: Antivirus check

Search URL Search Domain Scan URL

URL: http://ip-api.com/json/
Title: http://ip-api.com/json/

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1112/
Title: modifications to the registry

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/uptycs/

Search URL Search Domain Scan URL

URL: https://twitter.com/uptycs?lang=en

Search URL Search Domain Scan URL

URL: https://www.facebook.com/uptycs/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@uptycs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1252922%26time%3D1692871910881%26url%3Dhttps%253A%252F%252Fwww.uptycs.com%252Fblog%252Fremote-access-trojan-qwixx-telegram%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true&liSync=true&e_ipv6=AQLVit2pGENZ7wAAAYonB24yFmZmUat5ip9Tc17bpg-mm8w2W3nEVYEHW8Is1VGwdN1ZsAg

95 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request remote-access-trojan-qwixx-telegram Show response
www.uptycs.com/blog/ 175 KB
30 KB 299ms
159ms Document
text/html 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8500caa0b830fd7250d3858055c9b3eb34ade83bd022d3e1b154b1dd6fe11875

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-129626920068,CG-5593128451,P-2617658,CW-105369588578,CW-105720709649,E-105237096759,E-105237648739,E-105237674790,E-105237778736,E-105237810298,E-105237812090,E-105237812106,E-105237812592,E-118532473678,E-122960336740,E-122967687066,PGS-ALL,SW-0,GC-106292852859,GC-106293388626,GC-106405915759,GC-106405924729
cf-cache-status: HIT
cf-ray: 7fbad0241fa39a2f-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Thu, 24 Aug 2023 10:11:46 GMT
edge-cache-tag: CT-129626920068,CG-5593128451,P-2617658,CW-105369588578,CW-105720709649,E-105237096759,E-105237648739,E-105237674790,E-105237778736,E-105237810298,E-105237812090,E-105237812106,E-105237812592,E-118532473678,E-122960336740,E-122967687066,PGS-ALL,SW-0,GC-106292852859,GC-106293388626,GC-106405915759,GC-106405924729
last-modified: Thu, 24 Aug 2023 07:51:34 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qdkA1rQfCoGdeuJhHbF78eGMQ4EydFTG3E3PJhQAyanklxVybA3FNQ4j5HjRe2qtzMaVIbWVZ7VyfgO2xg0TlI2DfQT8JAuva4j2EHSJuClmzzBZKo%2BWsmNJrhDRxPSFxlCXM95Dd4aHWVN8"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 208
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-0-9-td/envoy-proxy-6fdf84dd49-gxx4j
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 129626920068
x-hs-https-only: worker
x-hs-hub-id: 2617658
x-hubspot-correlation-id: 7ea482b4-ffc4-41b2-8691-a892499c4f18
x-request-id: 7ea482b4-ffc4-41b2-8691-a892499c4f18
x-trace: 2B5C7BE8CBBDF9E6293F19E4FEB805FD1CA15CDD53000000000000000000

GET
H2 200 index.js Show response
www.uptycs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 90ms
88ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 5cb605e8100138acccc04f094724133e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 10781194
x-amz-cf-pop: CDG52-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5P5HgnapyES0kJ2RbeLh7fpb5XlmX7iXAdwFzqrSQM8CVtBv%2FgviU0%2Fn6o6cHldW%2FhZzv9Q0jtQ4AgdWrpZ5x95xgel59pxfmD9lAVmq9LSNqJc8Zai%2B%2FO%2Fjkl%2F7cURTzgHGUaCMs5of5z7"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7fbad025292f9a2f-FRA
x-amz-cf-id: 1HpAFXqvL-enGli7aFtbEYFS9QYd6YvOX2Rnrw2xQ2piSsJZzYKgAg==
expires: Fri, 23 Aug 2024 10:11:46 GMT

GET
H2 200 project.js Show response
www.uptycs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 131ms
129ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 13565001
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2zuwNs3YFs3uakUh6Mgb66Fu8lstbb40mYR%2F3Bxq7ibxhE7F26sB4SCVzR4RKGqUuuOhmfz01e0iGricGdHcIFgIZjSFdO4FAl7zPYyautuQCFnlpCkspWxGejEi2ZORRactOZDBELlylDf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7fbad02529339a2f-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Fri, 23 Aug 2024 10:11:46 GMT

GET
H2 200 v2.js Show response
www.uptycs.com/_hcms/forms/ 526 KB
171 KB 99ms
98ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

69ff013760515696c54749156ae5dba9f130fa01e2e355fec69a26e6d87f1892

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 526
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3611/bundles/project-v2.js&cfRay=7fbac34d45db7162-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"c4734e241af5f9cffb4ae77e895d98aa"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3611/bundles/project-v2.js
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: t9RM7Hi5NxkmmXBn8QlzNFQ1kBe.nFZ5
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 2c1fbe45-0a70-4507-9bf6-1725845caf7d
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2c1fbe45-0a70-4507-9bf6-1725845caf7d
last-modified: Thu, 24 Aug 2023 09:52:45 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rn0SnVsYknplyRvFF4DHsBY8G7049K7q3rFYNOMwzn0Z6c6%2Fmp6dHbfSK4SevCTfZ0rPf1fc%2B2DG44BHcrhfIAx6L97UsB0P0mrlYDjpmhVyfu%2F2xoGRiO9FUO7x5xJCxvG6LtGIcJCGRK9y"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-lhvpx
cf-ray: 7fbad02529359a2f-FRA
x-amz-cf-id: ZjmhMd9Qra5iAwPEXYFHpcf8FRkeQvNYYLlt2G4YNEBfPgHDkyw9vA==

GET
H3 200 dist_lottie-player.min.js Show response
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/122967687066/1692382053269/Uptycs_Theme_2023/js/ 359 KB
95 KB 107ms
105ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/122967687066/1692382053269/Uptycs_Theme_2023/js/dist_lottie-player.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f387f7364d592087b2616eb6b7abffc179dbd63e6ea4bbdfb891d471783048a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3402
x-amz-request-id: KYKYZ5GTF1D0FXBP
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"9573fa4133b760520630e1634b1f5984"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692382054877
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 33aa60037dccf2345c8ade9dffbf1192.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Mix_qBtqIpCO94WogGKkOLwm4UcizsIC
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 768de5b3-401b-4048-8c34-290160ee4a9d
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 537
alt-svc: h3=":443"; ma=86400
x-amz-id-2: IfT2AfF0CcsoC21am0/7wBaj5kfiCTHdJVqr2gFvfQQInMcAgDgPVCw5Dz6tR0OHSOShF88hSNU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 768de5b3-401b-4048-8c34-290160ee4a9d
last-modified: Fri, 18 Aug 2023 18:07:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYunwhrMLsmgcNMnQzIXfyBSZGmZxqr1ADCbRMNVhie2tGPY2O0%2BU4Yb2Xc4zZ2hTAkvMFY7mKJ0DkVG3%2F442%2FKV%2BXkptFVGRYYwVseZgIVDQVHEgwX%2FN80q%2B5LaQ7MCeFBkSFLATqJ8FO2B"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9jn6n
access-control-allow-credentials: false
cf-ray: 7fbad0260f4d2c27-FRA
x-amz-cf-id: 8kxnkGmfIcofIgJjoMUxLA-SCB-g3wa0TiGgqjCe254zBwtFRSCnzg==

GET
H2 200 main.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237096759/1692382053628/Uptycs_Theme_2023/css/ 175 KB
36 KB 82ms
81ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237096759/1692382053628/Uptycs_Theme_2023/css/main.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd18b053f2bfde239d7c4d6491400997668a66973b4c73946d9c7c063e5b7963

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 0NKQPXE88DH86YYB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"b4123c85f8a7c09eadedee399159dd86"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692382054925
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 2ad6789a221bb559c9b8ce946b65a03a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Vm8l662flihp9.32DWvzybA1Ae.JPbN2
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9a6a0cb6-1ec5-4d1c-9639-00d2ff6b0cfe
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 161
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /Y+lU5yOanwVbRcqCnvBIN3Chq1fWfKqFzxxSUz3QHd+l9VT7vAw6kB+118EC1T0VGPp2CyxrxA=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9a6a0cb6-1ec5-4d1c-9639-00d2ff6b0cfe
last-modified: Fri, 18 Aug 2023 18:07:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=by6m%2BwJajQwoXZczN21aVDg%2Frq4E1WNX48XksfpIeh3cgBPu06cPpJvPhTo0tpFXeVy7HR53DsNPVcy5hhoaj7MKGospJwdmYs8UNOziDfK%2FdXCOWzg7R7ynIaKzwgIUTdVSyP0P6Qcko4uX"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-nlblb
access-control-allow-credentials: false
cf-ray: 7fbad02529379a2f-FRA
x-amz-cf-id: ms1zvY5hPtN7rDEkj2e3iDba4pv8UiM2D-nnP1-t1dd2D5tGiaz4og==

GET
H2 200 blog.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812106/1692469113592/Uptycs_Theme_2023/css/templates/ 31 KB
8 KB 95ms
93ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812106/1692469113592/Uptycs_Theme_2023/css/templates/blog.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

debccb5c80cd23ea5c4227a0c2c9d1a718c9de2b21f5e9d07c7833ebf585d3af

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 4ZSZW0SFR4ERBZ5B
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"3652e7332fdbd4a116afe96c89581d88"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692469114394
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: vnpSnSRKzDF.D7hAhU_3nJvPkun8gTb6
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9e666f2b-a551-4b2e-8c9e-2c6d8cfcbd62
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 136
alt-svc: h3=":443"; ma=86400
x-amz-id-2: CPzOIUr+KqKqDn2ZJ6+xY01C4OVfjwLb2WsosOLv7mN4uHd99ZyQro7i5+KaAvQ+OH7hG8qWebE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9e666f2b-a551-4b2e-8c9e-2c6d8cfcbd62
last-modified: Sat, 19 Aug 2023 18:18:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5aEEAUqRysd7E0fWE1vb81rgUhpLoA39vxmytXit0%2F8AG1e2yGhKIFt57bvpXAdDT2Gk%2FhKcw8c9pFb%2FNjfh32Ps07frTS5ZtYpPgDkrC9RL8P6rHQdpGpgn%2BezpUc8Wratz8OEJPtnM5%2BY"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-xmwnv
access-control-allow-credentials: false
cf-ray: 7fbad02529389a2f-FRA
x-amz-cf-id: gxkUahKyI8tncmZe9g_bTloon9760zbwMMQjwuruZ5A5ZQwUKoyoKQ==

GET
H2 200 theme-overrides.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1692382052895/Uptycs_Theme_2023/css/ 26 KB
6 KB 126ms
125ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1692382052895/Uptycs_Theme_2023/css/theme-overrides.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

705b8e12b5fa2c5bb36f6df0f526d7915bb4fbaad7934d9c1b20686d56895240

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: PP7WZZXQY0R3ZP48
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"2e0fbf93ce79e26e07f1559af1ae337b"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692382053732
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 98b2021a1a69853671ec2390cb8757f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3Vx9ajZsq6UHRJi9kThkUBbaXBb38IYy
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 97b114fc-07dc-4c82-bc28-84be89f10738
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 160
alt-svc: h3=":443"; ma=86400
x-amz-id-2: gxkNw1nLsSkSNgyxnEr8QwnuXbEbwaoQgvVLf06Ifd2n1j4bbsvQkroShfWEyZi/IDHqT+46afQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 97b114fc-07dc-4c82-bc28-84be89f10738
last-modified: Fri, 18 Aug 2023 18:07:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyQHD0%2B6hGPzQFr68UOSOu87qc0WGd9ByHCUyY6jKm%2F6QKMTHTb7I7Niau7nvb7GgY%2FGYk0MZFqxv3JPWEa%2BAducwTBKl8Cscq4MejBgMG7SDujwiwtaPfaAPEJO6SgiYsefrwBKf3T1VPTi"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-nlblb
access-control-allow-credentials: false
cf-ray: 7fbad02529399a2f-FRA
x-amz-cf-id: wUdiGBdqVKkwqbjeVkwTmqqI4G_oRfEse0PILCMp_spYkKyVaKemjg==

GET
H2 200 uptycs-custome-style.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/118532473678/1692382054480/Uptycs_Theme_2023/css/ 7 KB
3 KB 75ms
74ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/118532473678/1692382054480/Uptycs_Theme_2023/css/uptycs-custome-style.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

92b6882a6f1f89eaea5cd62363f34180267d117487929efc8e050c20cacc5174

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1481
x-amz-request-id: 0NKJBXVHD0WEZQ91
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"4d34062fc6bdbe0bd26f0e05ac925dde"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692382055145
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 2959f5d118b77b5c8e1e086d4a1147c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: _LC3G15hQn2CvyZK3VqJds2jPcCA4Qpr
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 6b6241ac-f349-4a35-a087-51d53be5769c
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 160
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xmhW5cvwyU+jvnoyJtzKpEbpi7s+gSzrQ5wFqbUygEn11LPVEJImjaxnv7E4tSJg5e+W+iHGy6Q=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 6b6241ac-f349-4a35-a087-51d53be5769c
last-modified: Fri, 18 Aug 2023 18:07:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3HKNkExfOtZnIgRMvBXvpiBfSKQLgtSPOu9o5FR5ses3BVJpX6UglK56xDVLJKPaw3%2FOz09ghRrscUyQDhinnBCZhSwvF1%2B7%2FuQ3RjBruogO%2BpIfzi5dZhiWNGoSMIcohceecShbe34iRMC0"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-pfskq
access-control-allow-credentials: false
cf-ray: 7fbad025293b9a2f-FRA
x-amz-cf-id: dgwrN9xEWEwkF7V3X4IIsp9nDqUiEAEREv6n2bLELiiLLAEMR69RuA==

GET
H2 200 module_105369588578_EXT_-_Header_Module_-_2023.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105369588578/1692726882964/ 480 B
1 KB 94ms
94ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105369588578/1692726882964/module_105369588578_EXT_-_Header_Module_-_2023.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a58896c2943d06c75d2cf9df7a44956852048664c9aac61b53d1a77a740d057a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 35W8Z6KCFCB29DVD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"46723a18a0c1498a5494b25461565313"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692726882964
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WFhgAMHTj4KFrby.T3mz23mmNNYb_kIw
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3a406c1e-b96d-4f7e-9d7a-bc101e415244
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 204
alt-svc: h3=":443"; ma=86400
x-amz-id-2: pnJRaCORcGdlFBlXsMjICKKY+ZEgYwF4WjPBCzU10Bx8yswLEGEqVEHeKiXPNeMe/lZJ1+zO/hTnejlQg29VxSixZJJBnrHti6s3UzjZVlE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3a406c1e-b96d-4f7e-9d7a-bc101e415244
last-modified: Tue, 22 Aug 2023 17:54:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWSYZ6JP6WHXOEWC%2F2v8%2FQ13O9BUNdR82NTqyM5SvRzL3IkIAmsDPhacW6e96pS0exbSmIg8imM4p49X2JSZVL3JhT6ZF8SXUXxBR1Fw95wvUb6GLPid05tymnX5pasde7lizwsw2QsWkGb9"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-rr5bz
access-control-allow-credentials: false
cf-ray: 7fbad025293c9a2f-FRA
x-amz-cf-id: s5mJr3pDJK5eVskaHhMukmakN40rvZNFSSKd1_zrFmUNuH48jPBvPw==

GET
H2 200 module_105720709649_EXT_-_Footer_Module_-_2023.min.css
www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105720709649/1689623521762/ 151 B
999 B 92ms
91ms Stylesheet
text/css 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105720709649/1689623521762/module_105720709649_EXT_-_Footer_Module_-_2023.min.css

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

afd60f081e93bfdd3ae88f14119219e17d1ce9f48ffdb1bab92fb19fb8993f26

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: M0580H4KQ53AQ115
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"68e1ed56e2a7062e0fd9ee995d0e37fc"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1689623521762
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b097dfab92228268a37145aac5629c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Dn82n7N3lZRFoaDQ2PmddubCsfr.kBvw
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 57ab3380-e7a1-41b2-95e2-733e8125fb99
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hGIDbjhnvFaPS36NUw3hUvDrlCDTek+aqGlgqrDYiDQaLRgoPdinNjveYNSCiY+YeQnF5MPctQw=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 57ab3380-e7a1-41b2-95e2-733e8125fb99
last-modified: Mon, 17 Jul 2023 19:52:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4vairaTo%2BuzwCX6HGY3iYTbbLfe5Fo11VLGL0CXcTldXpu96YpZGfZleO9CHgukwDSVpEZSJP5eOzv32yjwNnS7keIOlZSK8StexEb7%2FU8duWTJnVfateDKo3di9jkquVk246%2FrjFWly16R"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials: false
cf-ray: 7fbad025293d9a2f-FRA
x-amz-cf-id: sqiko6rNz5LkuuvLN546qmLtbfHZom3cmXIYC4IlZgcbkk6ePUYFdQ==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 56 B
361 B 349ms
42ms Script
text/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 24 Aug 2023 10:11:46 GMT
server: Oracle API Gateway
opc-request-id: /05E3D25A0E21BED0912C4CA62C5D7070/BB99FFB50C7AEC13B96CE638D664306F
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 45f73940-c8e4-472e-90f2-eb31ef9dd718.png
no-cache.hubspot.com/cta/default/2617658/ 3 KB
4 KB 352ms
247ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/2617658/45f73940-c8e4-472e-90f2-eb31ef9dd718.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3b9b5d205b509f08f501065454e6fa6628a122dd0908f79b9a12aa5934baf5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
x-amz-version-id: H.iEa6x6WlzmGMJBYYuOaijf0Vf4HoY3
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: R7N7K35BC14HT874
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
content-length: 2915
x-amz-id-2: sT59i7UPM8ehbEj41KbyRcdmee98++hgBKDD9HCjlZvYF3FhR95dYpIlaP8R/Xngy/+gpP3I/oY=
last-modified: Tue, 22 Aug 2023 16:50:30 GMT
server: cloudflare
etag: "abedd4f4bad6c7e26f23ea9ccd849f96"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7SDTA%2FraCWPRyetsd93lBSYA2XXv5sjwdZ1eZMfDm9rTtvRRTc0PKTzRgdU%2BVrtqaKGQZcUwkQMY8XJoufVampMtoESYQVGl%2FRGarIvZ93hITk3Nb8Prv62kE5kMdfrGxfbl5C57ZeZPGngm9D8t6hl"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 7fbad026b88918db-FRA

GET
H3 200 current.js Show response
www.uptycs.com/hs/cta/cta/ 16 KB
7 KB 92ms
92ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/cta/cta/current.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

699aa104ff2c30ec70b1a23f7b82efc219d6592c9f16c9decf43735d24a47b25

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 187
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.180/bundles/current.js&cfRay=7fbacb94e49c2c6a-FRA
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-evy-trace-listener: listener_https
etag: W/"84db7f29c6e0110691bd81e118462bfa"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.180/bundles/current.js
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-amz-version-id: oug8Qon.yZvzv6AMeqHA7LSRuKMgKByU
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 87332019-9db4-4c0f-897e-9d4485c1484d
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 87332019-9db4-4c0f-897e-9d4485c1484d
last-modified: Fri, 30 Jun 2023 09:03:05 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LK2y9Amkf56Bo%2BJhDWVhisDst8iEIJPD92B%2BkdK35V0Osoi3EyzI9Px08hyQfds2NFfEn97zDLjJ5c4Tq6WZRefay6hM9AxjIR3iWH7p14F5CnkLloCd3UlV9LX5YW1AYFN712owz9hYx2Tq"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-9brf5
cf-ray: 7fbad025ff312c27-FRA
x-amz-cf-id: O2eSrvwKbRIMjwXLbbCEYDhj_9GXoo_f5ardTaGL-nUpIspKITnE0w==

GET
H3 200 Logo.png
www.uptycs.com/hs-fs/hubfs/ 2 KB
2 KB 92ms
90ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Logo.png?width=272&height=80&name=Logo.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

531b8e2e19fc6ca9b09f0a73587963b0dbe3b79ea056fb10d0875b91653bbb40

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-106883654926,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 1708
cf-resized: internal=ok/m q=0 n=820+0 c=0+2 v=2023.8.1 l=1708
last-modified: Fri, 17 Mar 2023 09:13:22 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfvRZ75P8xraLZIXLezWsgepK00xAWZ76OhjZiyMwwDQ:d278421bd7fefc0c8282dbf672ba6506"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QiqQZXtDDcBO39%2FA6%2FJ8Kc3iK%2FjH1WtSbkzGDPVrO8swicaTJxGGWhwlOmK0OZVYigUD0lurC0BmH4I0l3xv13nqWZvN%2FYd0f3cFHWXcKd4WgAqiy6GQcOUrFM5GsI0U0062UWyXdwov1LiF"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad0260f502c27-FRA

GET
H3 200 Logo-Shield_Padded_400x400.png
www.uptycs.com/hs-fs/hubfs/ 512 B
1 KB 225ms
223ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Logo-Shield_Padded_400x400.png?width=45&height=45&name=Logo-Shield_Padded_400x400.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5623e9b1282e7a679a484471893d725a1c7fd3f53f73acbe24d593837be53cb8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 1861b67291103164103ad7299a51ed5e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-98273713033,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 512
cf-resized: internal=ok/h q=0 n=25+0 c=0+3 v=2023.7.3 l=512
last-modified: Thu, 12 Jan 2023 16:51:32 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfAj9E67A2iJEGU2ctgI7XiQ2Hdc90szObOHm-ATa9DQ:9dc86353e444c47b96f3bb4939d2d633"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSRSCXL33gm%2FMKV9jJbyJXRMISTky%2FwC1idfxlHbZXDnnbJyYcxaSpcOgK%2Fwfg5pOfw4cNFKZvo%2FI8I7aaGSUQ8TEwcSJIxpvybb9ao157UgMnngf24igNw2j9hs0RDBSdfrFHbYO6dcyoUh"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad0260f522c27-FRA

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 135ms
50ms Script
application/javascript 2606:4700::6810:eeb9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:eeb9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P2
age: 676714
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KlGT0%2FNaRwALT%2FLkHUIwCQBvFeMFzIMFrTUSv9rmVIqtdBBVohLgn5ccfXIo4Uj1s1hmM4j5gDU1u4GLpreK%2FXXN%2Fk5cdyZH6NYqE09mb1al2D8qGNvYVTvCtieIfccKDBJGMKhMVvl%2BTTkg1IM8Mz8MLS0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7fbad0268ecb367d-FRA
x-amz-cf-id: 0CrtM1JaR-Y1udGBBPZNvOu46612wP2Rd98ATg9ajHbTnwiiIGq10A==
expires: Fri, 23 Aug 2024 10:11:46 GMT

GET
H3 200 code.jquery.com_jquery-1.12.4.min.js Show response
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/122960336740/1692382057809/Uptycs_Theme_2023/js/ 95 KB
36 KB 130ms
127ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/122960336740/1692382057809/Uptycs_Theme_2023/js/code.jquery.com_jquery-1.12.4.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3402
x-amz-request-id: 0NKYQX7NSBGJNWNY
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"0fca26b5a37a66d68d0f4406976be4b5"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692382057809
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 0286f8e6d2ddfae7e9a56c7cc839488c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: R5acMq48kK7Wpj.3wc80oAKICEoHfLJJ
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 3f2193df-8657-4d61-b8b8-2e42303af0f1
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 185
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RdU4uTdQl6GSk6MWOIHgwevoT58aM8J0mUk4Y0nSEC9rqlr43ABshDjllUHCo9KsfEpJ4cuY9j4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3f2193df-8657-4d61-b8b8-2e42303af0f1
last-modified: Fri, 18 Aug 2023 18:07:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qgTPRRjuWnMY4T2fABg0tYwpDhxo4GyMI%2FMAUZjGkI%2BPSKLAIH4VTqaMYN8D7hV5BJaqLk56Qlpe088x2cjgLoFqS41VlFZkr24HzRc1e%2FR1MfqDgEQSAb6HwfzShpwA%2BX4GLTdVpcisZVRn"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-nlblb
access-control-allow-credentials: false
cf-ray: 7fbad0260f462c27-FRA
x-amz-cf-id: q-KyycsSxaCM-QehrcSim43Ap85s-6NhwM5eFvI_OsCX-Rfx8B5rtA==

GET
H3 200 main.min.js Show response
www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812090/1692382053626/Uptycs_Theme_2023/js/ 47 KB
14 KB 171ms
169ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237812090/1692382053626/Uptycs_Theme_2023/js/main.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fb0e4fbfcd0e207130cf63c0a62e053cefae5c035cd45e11a6a4564687624ad

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3402
x-amz-request-id: PP7K5GXFT3RHT8M0
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"48fa28b6a0f4cb2db343790fa1e3f6c2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692382054151
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 22ab92a35add26b3d8027870bbb6c672.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: cSJTuVcIKOh1OcbGR7QB9MTNL_FAl_Iw
x-amz-cf-pop: IAD12-P2
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 6fbeae68-6d24-497a-b520-8f1fb7bab343
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 191
alt-svc: h3=":443"; ma=86400
x-amz-id-2: mYpzPWVr7OSrfbmf2C4i5+C0A+5m7dypzpfYmiYo4XtwXvJBg1gQHQv9G/XcsCs6ONKwypaoeNQ=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 6fbeae68-6d24-497a-b520-8f1fb7bab343
last-modified: Fri, 18 Aug 2023 18:07:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5eMULHOs%2BB46ehCXyGSmEDhNKxOZx%2FnFeNaaNrKtY%2BVdbDHu45OeU1qSzntojI7FUnToCGYcUxp0jkc7envqA9Fmc7TszxFptBpufTnLhwhJdYBXJrk8TCVqDyprAqeuXozNfGZpZRPaCrW"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9jn6n
access-control-allow-credentials: false
cf-ray: 7fbad0260f492c27-FRA
x-amz-cf-id: QvOuyeArIb4ePKqlzzY7vjBLcWqXsZ3lXTH_L3CcwnSBIyyqs3TaNg==

GET
H3 200 module_105369588578_EXT_-_Header_Module_-_2023.min.js Show response
www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105369588578/1692726882312/ 629 B
2 KB 172ms
170ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/module_assets/105369588578/1692726882312/module_105369588578_EXT_-_Header_Module_-_2023.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

418371d4b7ddaea15fc991b9f6b0d479abb06cae24c54c365823e1e51d3d7d4e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 35WAK4KPGQMRK623
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"bac38f9cb4e303c8589795073994215b"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1692726882312
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 a251e31740a6e166e8fdccf296c41644.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: vmW94wmtDsgFI9yqQmOa8qnJXPX7kAAs
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 1b6eb238-c3cc-4b1d-9b0c-b44ebb6be7e2
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 390
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 7i2lgckfeJKg1ZBJksYyH+onn6T2LTx6AKA/VOWDkh/hdU3mMjwRTxiz3QI8CDFhGmw1CMjO/BI=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 1b6eb238-c3cc-4b1d-9b0c-b44ebb6be7e2
last-modified: Tue, 22 Aug 2023 17:54:43 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8BltmfGnlSTLVQZigm28GAKAKV9TseUzFOE9mdnfMCSp5DlV0ezQTAMzyYlXkp5m9uuX7%2FaLyjIHtZmi0Zz31wIJmaZ0MiXiONn9wq3D6mSi3jyCZX9LAfLfaBqzRrK%2Bsot9qmo%2FohfGECd"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-pfskq
access-control-allow-credentials: false
cf-ray: 7fbad0260f4b2c27-FRA
x-amz-cf-id: 2UHAG0OPHyv69RzlDxGIflGsyVMnqPVVJUcWDKKphaQYV2eF8q_PAQ==

GET
H3 200 2617658.js Show response
www.uptycs.com/hs/scriptloader/ 3 KB
2 KB 247ms
246ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/scriptloader/2617658.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f6b22634a8bc916dee224c5221e72ae9178673c5718cfed7ebe59279a5ac6f5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 6ab8a1b9-8dad-4c45-9079-1dbea1a4cf85
content-encoding: br
x-envoy-upstream-service-time: 24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6ab8a1b9-8dad-4c45-9079-1dbea1a4cf85
last-modified: Thu, 24 Aug 2023 09:59:34 GMT
server: cloudflare
x-trace: 2BF946A55502F4991C2D9E84EC546EB639C8BF7B93000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-9xsh2
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XD7dQ5Bs5Lz62rawk0M1myoTnYH1Fk7d5i%2By00CUGbKrck7IpVlbKDyJNb0iygfYfkScdL06nhPp9C3%2FAwtOzASBbQ%2BorYYYvNLl7JBKCHRCdb36bwf%2FoSUyAuMrDZxLwZVs92WbbuaL2pxY"}],"group":"cf-nel","max_age":604800}
cf-ray: 7fbad0260f532c27-FRA
expires: Thu, 24 Aug 2023 10:12:46 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 301c367662b3740ecc712ac0227e2369059123ccceca01296a95e674d657291b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 Dazzed-SemiBold.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 35 KB
35 KB 217ms
119ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-SemiBold.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1692382052895/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7d73ae35c3412dd12292590b041a66f83a14f7766041b8d523fadf78c8d7daa

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405778095,FD-105405778080,P-2617658,FLS-ALL
age: 649891
x-amz-request-id: EWN1BYZF9FRA3VW8
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405778095,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: "2d0d0de050f8833c2853af07a440a4ee"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122420
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: IEWlA03LFNsvE9C7Xc.pkI3DfKgTQ7bF
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405778095,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 35588
x-amz-id-2: lAmnE71tU7kr6I7byJWf1BucefmIS7yvD0JOuTtRAj/HXhtNeGGcpP6IIANoPJKGWQZm7Y2pSv0lckama8pc4PTcCEngtneMqc7QzxxUX5I=
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7fbad026aa0c9a0b-FRA
x-amz-cf-id: V5qbiNB3M_9fg_c9xbNOhVLvXoH1BVZ_fq156szolIe2Y2xwfmr-MQ==

GET
H2 200 Dazzed-Regular.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 34 KB
35 KB 201ms
103ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-Regular.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1692382052895/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b48a0510a39e949184e762267407b9d7292b4fd69dcbf953b657c1e9cfc4cc61

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405778092,FD-105405778080,P-2617658,FLS-ALL
age: 94789
x-amz-request-id: S1VQMYY2KKQ48QKF
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405778092,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: "504d899b185471166fa525f6154e224f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122391
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: Z950va749GesENoMyecGaQOgk36GpyAD
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405778092,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 34732
x-amz-id-2: EbZ7pvliHSqtywsFgEdRVZzO7w+4OkUhSzms3Y597wNvmiU8CODFY/iXh/l0D/tda8eR7co/q/SR8IN5no5k0Ncrk9Zk4UOYefLZ7h0ZZSw=
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7fbad026aa0d9a0b-FRA
x-amz-cf-id: HvL3qh0VQMQU_uz3yJtRn0o3-AZC0lRFvsw7kKonymIN-gIYbmjv_g==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c2a27f458120ec13bf467adb5fe1e867ef55aec82fb0e4bac4842dc0a8bd327

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1024db20df71903f3bd673cc9e99ce16ea9dc5489260baa0647b88674937d75b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 Dazzed-Medium.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 34 KB
35 KB 150ms
149ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-Medium.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1692382052895/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c431b7004f2def447ab4b6b2e63e694f322c65162a22e689f91a69e391241df4

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405968195,FD-105405778080,P-2617658,FLS-ALL
age: 843056
x-amz-request-id: 6AX0JMDWEM1CV5TB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405968195,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "91c0cd4d25d2ea71e8826f69b4497c6c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122410
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Thu, 24 Aug 2023 10:11:46 GMT
via: 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: A6Y2_MG70jGC4aeahpXKuceRQH2hp.YW
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405968195,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 34664
x-amz-id-2: OXuLCM04CHsQLHdJFrUdLn7rRONkUzU/vT4b7/W46n30kMnIz+eSyBOCgl1WJk3keOysK5EAvL27mOHu6fnSARUH7N3QdoNvRLxkdf/LCU0=
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7fbad026ba1b9a0b-FRA
x-amz-cf-id: RriV1VEPnCl2NQ3mk6N22H9crl01_ebBt2K6B-i8DWQ7PEnCVpf94w==

GET
H2 200 Dazzed-Bold.woff2
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/ 35 KB
35 KB 135ms
134ms Font
application/font-woff2 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Fonts/Dazzed-Bold.woff2
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237648739/1692382052895/Uptycs_Theme_2023/css/theme-overrides.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62e120f9707942e703ef7a54d281e0f4a4027114e88e57f38909e48927029604

Request headers

Referer: https://www.uptycs.com/
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-105405946669,FD-105405778080,P-2617658,FLS-ALL
age: 353092
x-amz-request-id: W8A8FRJ759ZE51KC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105405946669,FD-105405778080,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: "dec9ad669c463ebe04b667dc906e58b0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678191122320
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:46 GMT
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: kiiOVn0Uia49V.XtbhyVQvLQlSKfVfD1
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105405946669,FD-105405778080,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 35912
x-amz-id-2: wBblirAHEA0Y/1H6JNOsgI6o3WXqctO/G9J2SMOHzJSWn1pVeg5zLOXVU2rM+p9H6TI5D3lX948=
last-modified: Tue, 07 Mar 2023 12:12:03 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 7fbad026ba1e9a0b-FRA
x-amz-cf-id: ZRZnOv3TlARo-0zPGW4BbaLgNvyoeazRVHbtYa3B2D6U2QxNfDh0tA==

GET
H3 200 Lookout%20relies%20on%20Uptycs%20for%20Workstation%20and%20AWS%20Infrastructure%20Security.png
www.uptycs.com/hs-fs/hubfs/ 20 KB
21 KB 75ms
75ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Lookout%20relies%20on%20Uptycs%20for%20Workstation%20and%20AWS%20Infrastructure%20Security.png?width=210&height=110&name=Lookout%20relies%20on%20Uptycs%20for%20Workstation%20and%20AWS%20Infrastructure%20Security.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b773dcd21161d4d8433d3f1690fc470a57de8a028190e747ca8012c26f9a5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-118323716916,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 20452
cf-resized: internal=ok/h q=0 n=13+0 c=0+51 v=2023.8.1 l=20452
last-modified: Thu, 01 Jun 2023 13:33:58 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfKJGuwqELqcNCGvHafdQ94F5wRZsPlHhDerVycHiYDQ:6b193027a7eac82ba56f83fdc8535622"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmbK%2BkjR%2Fi83RAmvQPIkeyROo3sGJJL15OIgofWDMHAldx5PLwXUY3HT4OZxrS%2FLpykKc%2F42lnTCfozzB%2FR6jgy1CTmJmxgTxv%2FifgZdnTFUEZmPvl1sj%2F1f1%2B%2BG8XX10md6L76%2BGu7PsR5l"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad02718e02c27-FRA

GET
H3 200 Unified%20CNAPP%20and%20XDR.png
www.uptycs.com/hs-fs/hubfs/ 102 KB
102 KB 100ms
98ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Unified%20CNAPP%20and%20XDR.png?width=1230&height=698&name=Unified%20CNAPP%20and%20XDR.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a6b5dd68b68e2407142dbee284c55ae38b31044a205ffe9b2412f37a0e9f793

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-127732210688,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 104012
cf-resized: internal=ok/h q=0 n=28+108 c=0+0 v=2023.7.3 l=104012
last-modified: Mon, 31 Jul 2023 19:30:31 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfY-2vPrR2Dv65Ovns3KsCdpairVIeE4vRv1zXEhtZDQ:b0559944b84982f65c5e9ff1d1b1cbf3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PwF0tOvyoXlcsO5gcdZu6kyWKojSJfFsbIbXtK0nI07LxlW0l%2BQo7qrnNKFmYL%2FL%2B2ahW4gnT4wrnHt2UdWs3TviO0OCt8byq9lf2XqaIMsZKNwb24P6B4qsv5nssxNiJw%2FNQ1wsVYYA8v73"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad02718e32c27-FRA

GET
H3 200 1200x6700_events%20infosec.jpg
www.uptycs.com/hs-fs/hubfs/ 13 KB
13 KB 76ms
74ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/1200x6700_events%20infosec.jpg?width=400&height=233&name=1200x6700_events%20infosec.jpg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c57d12293f57f1e020f5e8e5639cfb8fc6a7aa8b344c436b50c815193aedae7e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-119434163872,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 12992
cf-resized: internal=ok/m q=0 n=835+0 c=8+22 v=2023.7.3 l=12992
last-modified: Thu, 08 Jun 2023 19:33:18 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfbjq0BZPehpN1LIKlx-IHti7PPnCWQJWHG7TjGj-VDQ:f60a1418fa9f235811a588bd71ec88b3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wKpN8uAjvRShPNocRTghFGIicCddDnVQUFwJe8QN%2BhwGFxMJ1F1N8em%2FF6bUGCxo9G6%2FstR5bm8aMIcVa4l1IEgVDD7GHDeEfhnDYj7b1q4u8DE8lLDR0cVU3CubM0hiaAp0vA9LNZiOKaq4"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad02718e52c27-FRA

GET
H3 200 Kevin%20Paige_Social%20Media_Landscape.png
www.uptycs.com/hs-fs/hubfs/ 653 KB
654 KB 121ms
120ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Kevin%20Paige_Social%20Media_Landscape.png?width=1294&height=677&name=Kevin%20Paige_Social%20Media_Landscape.png

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bd1897c94de48948b583f4372e6d341fecbd6284980801a7bdeca08505741dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-127912237995,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 668486
cf-resized: internal=ok/m q=0 n=1052+93 c=0+0 v=2023.8.1 l=668486
last-modified: Tue, 01 Aug 2023 19:34:40 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfI82I3FQEQnxfE5irAKGJqNC4hqfs6mYoJ94azGALDQ:23194d76cb6e28f104d6e807c5b7ec7f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvxw00RPu2V5%2FnQnMiEBNIEtkkZa4XrWFnuaoLwAbodMySaaW1jgChhkwrjyyFamLSp1tlWA5IHFsePcQxt5BLJ%2F3p1LuTcNx%2BczxHqWsIp08toO3le4WjFjI3p93SzAmXKhv5BUGj9rqRzu"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad02718e72c27-FRA

GET
H3 200 Fig1.jpg
www.uptycs.com/hs-fs/hubfs/Imported%20images/ 154 KB
154 KB 199ms
198ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Imported%20images/Fig1.jpg?width=736&height=556&name=Fig1.jpg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb8d0666c13925554da13544571d2415f41352d02e1cdeedeba08da748d6e489

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b7b71910b45e646f6476bbd270127a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-129645137665,FD-45649934160,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 157190
cf-resized: internal=ok/m q=0 n=603+0 c=4+256 v=2023.8.1 l=157190
last-modified: Fri, 11 Aug 2023 21:01:11 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfm3CnYNwLyGb0DTS2SpmuBzit1lfIK7AIflORIhI1DQ:e337be0c9a643469378db7c91726dc1f"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Bi19HkerzjBuHpkbKDXvBKBRu6o7W9S1EK3fCVafxIIMvzPanjUxDjgWDfZm2KXJ9oy0yi4w%2B7oUSUFBW6ulzkWaz%2FG3EaHIwxDlNBx5M0vVv7g%2Fb1H6yMBy0IDBZ5F5IMpzHy14H%2BWwRen"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad02718ea2c27-FRA

GET
H3 200 Fig2.jpg
www.uptycs.com/hs-fs/hubfs/Imported%20images/ 138 KB
139 KB 79ms
78ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Imported%20images/Fig2.jpg?width=872&height=896&name=Fig2.jpg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6775f1e339bb198bba4abe4fc365a22648e1b670ee3fab7d46f57eb44a03a25f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 f3d57c6f1e03e389abd50b7f7535cee4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-129645137664,FD-45649934160,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 141578
cf-resized: internal=ok/m q=0 n=906+0 c=4+115 v=2023.8.1 l=141578
last-modified: Fri, 11 Aug 2023 21:01:10 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfw3-Y0KUp41M3D1NttWlnwJ4lrixGL9U7tB7TsTkBDQ:e1fdc3c83bd8644963c9d218ae55e5ae"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x5OHRIu2Dx2EbPQelsOa7fkfLXywAfzb0FWwQ52JZcUMGzEWfHwISVqSU3afCebExArEF31m4W%2FttsBnwLBub5ehgJqRq8OaYcFj%2FonyVafaIuUGx%2BWfSnadrrB%2FspivChoi9PQKcUadaWiT"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad02718ec2c27-FRA

GET
H3 200 Fig3.jpg
www.uptycs.com/hs-fs/hubfs/Imported%20images/ 593 KB
594 KB 228ms
226ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hs-fs/hubfs/Imported%20images/Fig3.jpg?width=1908&height=729&name=Fig3.jpg

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

74e99d9a9df6c394637b879d5c6a263a86cb857d61d8f90bd3e79cc634d34a98

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 bdba42cf1410fb617eeb4ffd3e0b9cb6.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-129644398264,FD-45649934160,P-2617658,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 607590
cf-resized: internal=ok/h q=0 n=16+107 c=0+0 v=2023.8.1 l=607590
last-modified: Fri, 11 Aug 2023 21:01:14 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfH_ejRYEU_8KIAMpZ1EfluyekDIlmKSlHJkPisQbEDQ:716aa8313bd28bba00103fe01800cbe3"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6A2lEFHa6VHNFo3fSG7H6hakcvN3FhlPnS76v%2BBH%2BX7gfLC1v%2BQvmTZk%2BdTetpVZF3RWqiq%2F9ILy3WdjAXJkhtmgYEAb5EMVVndm8AaidQO1HV09L8IHhTYMKvSqF2zfWwM2CN4lexQZ8p46"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7fbad02718ee2c27-FRA

GET
H3 200 json Show response
www.uptycs.com/_hcms/forms/embed/v3/form/2617658/0492e7b1-c029-4110-8042-598f482d9802/ 10 KB
4 KB 480ms
480ms XHR
application/json 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/_hcms/forms/embed/v3/form/2617658/0492e7b1-c029-4110-8042-598f482d9802/json?hs_static_app=forms-embed&hs_static_app_version=1.3611&X-HubSpot-Static-App-Info=forms-embed-1.3611

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbe544d779209c2f0e35452ab66230cbdd4e2db3f2dd935f9c558999ec6de175

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 24 Aug 2023 10:11:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 66b89c29-623a-48dd-9a14-28d52b018dfc
content-encoding: br
x-envoy-upstream-service-time: 26
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 66b89c29-623a-48dd-9a14-28d52b018dfc
server: cloudflare
x-trace: 2BC5CEC227708949A061111B1AF664225D200432B9000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6xsfj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WS22wf0Biw49KZ0ozhntZeBrB4BXFPKJPYuPM3vbwLa6t6g76qWEKMO3qEbynPZ%2Btznf3XsFpCmSJu%2BHdwuFRQN%2FvBhlv3xqG6t1WX9nExWaCuldlytaYHO2EE9dxKcRw0Xnbp2BsJtS8W1q"}],"group":"cf-nel","max_age":604800}
cf-ray: 7fbad02a1d792c27-FRA
access-control-allow-headers: *
x-robots-tag: none

GET
H2 200 2617658.js Show response
js.hs-banner.com/ 63 KB
16 KB 536ms
425ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2617658.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2b349073b8421ec84bfd334c01132010daabccff2f8975a9d242720a37a7da3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: TuWmOSXJ.1_mSeervlSUXgVEF7VD5cJt
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 7EFXS6J84TM0GRHB
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 7e8d96f8-9e4d-4947-9ebc-3bf7fd6be593
x-envoy-upstream-service-time: 29
x-amz-id-2: FQ4UGiyrhP7m536P3sV4kgh7sjcmC3PAjfEAUKji3iDPqwa0i8hvPiVluEorrnmyhXohJCkSgGMDITWg0xSwhsJsoX7vXCMErIpKcr6pQE4=
x-evy-trace-listener: listener_https
x-request-id: 7e8d96f8-9e4d-4947-9ebc-3bf7fd6be593
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 17 Apr 2023 15:07:23 GMT
server: cloudflare
etag: W/"bb0865a36c00349fa7c66c579d630ef2"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-v9vn7
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7fbad02ab85b91e4-FRA
expires: Thu, 24 Aug 2023 10:16:47 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 76 KB
22 KB 168ms
53ms Script
application/javascript 2606:4700::6812:8591
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8591 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92cb228fb9440bac15485ceee66c5d2b1f193b347cedd8213f1d645e30dc8238

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: G1jwIt6bVkEDEnfUjwKjWJwoMKSCPoJL
via: 1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 35
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13860/bundles/project.js&cfRay=7fbacf504c305bf5-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: ccbad3b4-e088-4a72-9768-b0fb3882d26c
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ccbad3b4-e088-4a72-9768-b0fb3882d26c
last-modified: Wed, 23 Aug 2023 02:48:58 UTC
server: cloudflare
etag: W/"4d30bb46d9e67baa74eca1312aaec601"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-9brf5
cf-ray: 7fbad02abb8d993f-FRA
x-amz-cf-id: P0aTFPEn6-CgQR7dIV0Z-X_ztc4ndfCV-sckiV52l4z1bUVJpQTO7w==
x-hs-target-asset: conversations-embed/static-1.13860/bundles/project.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 385ms
48ms Script
application/javascript 2606:4700::6810:cc27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:cc27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36a58b231f4bd34d323b5a7da9caf1a2706ecc87ca22a822763b96659043017e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: jPXu6qi.g7uxBjG4s6uCQIhIPiNAy8nk
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 161
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.396/bundles/pixels-release.js&cfRay=7fbacc3d59de047a-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 08d210da-0a94-407a-b952-0a5ca69dc667
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 08d210da-0a94-407a-b952-0a5ca69dc667
last-modified: Mon, 07 Aug 2023 08:57:08 UTC
server: cloudflare
etag: W/"c80164a2fdf0ea90248ff107d11fb350"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-hq6rz
cf-ray: 7fbad02c2a4a9165-FRA
x-amz-cf-id: IZ5tXeN4WaNgbfs8d6-NN_rYTpOH3zqfHtT_qfloQWsfTANsWrvzWQ==
x-hs-target-asset: adsscriptloaderstatic/static-1.396/bundles/pixels-release.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 64 KB
20 KB 253ms
145ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27e3943c6d2d808f1ec811588ba8fa1b36ce3e3293c723582ae0c1c8820995a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.443/bundles/project.js&cfRay=7fbad02abfe8696f-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"9c1b36d27e87bdc966683b37987e4641"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.443/bundles/project.js
date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: S5kTiYVg2qO0fD3wSMvxzGwc82mXSIcx
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: ea54acb2-e91b-406d-9636-df31bbbc02db
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: ea54acb2-e91b-406d-9636-df31bbbc02db
last-modified: Wed, 23 Aug 2023 02:34:03 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZkD6krBx2QVgJw12m9kXbHL%2Fr%2FmSvE6HwZv6Z9tnW2xkgXHK32jWeWRNmI9j58kW2Sw%2FjqTnReyRQ20bxnkBFSyBQybDxxbVsn9o3Is5tpuQ9eLlcQJlxeQ4HujDnUbxoMTuow649mkmNoi"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-hhhlh
cf-ray: 7fbad02abfe8696f-FRA
x-amz-cf-id: HfyyV1V7uIgUYuQgxgkIYAUTWEJF7oUi_FotJKWJYNm1ctlAoociWg==

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 488ms
152ms Script
application/javascript 2606:4700::6810:a171
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a171 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Origin: https://www.uptycs.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: EcjZkyUfgxNGQ.xnv1Vqq9Oda2f1T.dE
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: a09c7b5e-4632-4469-86d1-0059a0f7288c
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.394/bundles/project.js&cfRay=7fbad02c1e7191e1-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a09c7b5e-4632-4469-86d1-0059a0f7288c
last-modified: Wed, 09 Aug 2023 09:05:38 UTC
server: cloudflare
etag: W/"6fb5b8aa66d730f2a49b41a9c712ffa7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-2zr9h
cf-ray: 7fbad02c1e7191e1-FRA
x-amz-cf-id: YX0Xwl5j-tEuql9vfaUWTbLVqWZM3CEcs-s4Lp7WQoNp_FGrLlaRdg==
x-hs-target-asset: collected-forms-embed-js/static-1.394/bundles/project.js

GET
H2 200 2617658.js Show response
js.hs-analytics.net/analytics/1692871800000/ 66 KB
21 KB 631ms
520ms Script
text/javascript 2606:4700::6812:7441
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1692871800000/2617658.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs/scriptloader/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:7441 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4f0266f07e9360d5daf1957c2b5a7e6b6ba72b26aefd33d618cb3964d233f3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: MV1XN8Z4DVJN464N
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: c1bf2f6b-9bf0-418f-8f22-c65e7c9d2fcf
x-envoy-upstream-service-time: 21
x-amz-id-2: A1kTi0ORxPRpJ5o7TqcxQBb/QDSp8W0b3AMICIpFP3NvZMfyUT4Pq2kaBiFE66aHs4v+ny2awcI=
x-evy-trace-listener: listener_https
x-request-id: c1bf2f6b-9bf0-418f-8f22-c65e7c9d2fcf
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 14 Aug 2023 15:28:48 GMT
server: cloudflare
etag: W/"0a3016c58ceb5e9f264858eb66388f1e"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-fznd8
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7fbad02abc9a1965-FRA
expires: Thu, 24 Aug 2023 10:16:47 GMT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
424 B 235ms
232ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=2617658&callback=jsonpHandler

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 99ff2869-2d36-4b0d-b144-98b1625db4e1
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7fbad02a2e0d18db&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 99ff2869-2d36-4b0d-b144-98b1625db4e1
server: cloudflare
x-trace: 2BC5335741CBD98F6502CEC076846AFE0298A2B40A000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-4skbg
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7fbad02a2e0d18db-FRA

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 3 KB
2 KB 195ms
170ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&pageId=129626920068&pid=2617658&sv=cta-embed-js-static-1.180&rdy=1&cos=1&df=t&pg=45f73940-c8e4-472e-90f2-eb31ef9dd718

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de6ffffd5f4367c7ee296d63f52e2fd927757a83823c574e5e011c9502c03d1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 24 Aug 2023 10:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 63566d53-7a55-4af6-be51-e57103c58abc
content-encoding: br
x-envoy-upstream-service-time: 21
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 63566d53-7a55-4af6-be51-e57103c58abc
server: cloudflare
x-trace: 2B5325C3429842A4152248BA235503402A70F5BE9A000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-wcwld
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQTUgYULSV%2BhHpyxM2du6Yz2lQo6JxtgF5Zbh2m1q4Amm5T4Psa4EL7Zf5egbb53neSQ7NBgnGdYYqsO302aS0BTjYUwmYn1WLe9TgnDTXpsyEKu%2FHc%2F3nCeqVvf7SkS%2B5I6bkezY4IfF9roRFdFw%2Bs0J7%2F%2FTJScuI0%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7fbad02a5e5518db-FRA

GET
H3 200 cta-loaded.js Show response
www.uptycs.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 201ms
200ms Script
application/javascript 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=2617658&pg=45f73940-c8e4-472e-90f2-eb31ef9dd718&lt=1692871906314&dt=1692871906314&at=1692871907125&an=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 24 Aug 2023 10:11:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c12eec1b-b1ff-462f-8bf3-dc6ec9a519e5
x-envoy-upstream-service-time: 4
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c12eec1b-b1ff-462f-8bf3-dc6ec9a519e5
last-modified: Thu, 24 Aug 2023 10:11:47 GMT
server: cloudflare
x-trace: 2BD4A59193B7030B127669EDB6A6533B1F8E69C535000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uthl%2BGPggFXGmvxN%2FcG%2B7Ht%2BNZMZ5H%2FH1XBTv0ruX30z0dmpk6UcflEZ%2B5P%2B%2BypM3mnEz7At6EUXnCe7Wb6EPbasLdtyWQlP5%2FzkuKTZWcCWdn4GhIY0J6myGLQjBUa7rMhU94CM1CnGwwH1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-8hpn4
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
cf-ray: 7fbad02ba83d2c27-FRA
x-robots-tag: noindex, follow

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 255ms
152ms Image
image/gif 2606:4700::6810:d7bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:d7bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 10:11:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 25f58dd4-0ceb-452b-9110-6888982a9f7a
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 25f58dd4-0ceb-452b-9110-6888982a9f7a
Last-Modified: Thu, 24 Aug 2023 10:11:47 GMT
Server: cloudflare
X-Trace: 2BA29429163A478DADF81F0ECCF04F9CD9DD80284C000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-d2gnr
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7fbad02c5fe6377b-FRA

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 285ms
181ms Image
image/gif 2606:4700::6810:d7bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:d7bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 10:11:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 02d0386f-fff3-4611-83fa-e2e7c1f53337
x-envoy-upstream-service-time: 9
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 02d0386f-fff3-4611-83fa-e2e7c1f53337
Last-Modified: Thu, 24 Aug 2023 10:11:47 GMT
Server: cloudflare
X-Trace: 2B21623A46466F6574F40AD8C77AE42A5A02DA7858000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-pzkjr
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7fbad02c58fc9b1c-FRA

GET
H3 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 1 KB
2 KB 274ms
229ms Fetch
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=2617658&currentUrl=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&contentId=129626920068

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

317e8bc65a6810eecbf2aed4bb1236f15927eaa80e29c236328ede8e497a65d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 51622471-6703-4a14-8f98-3511e0370b94
content-encoding: br
x-envoy-upstream-service-time: 80
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 51622471-6703-4a14-8f98-3511e0370b94
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMBZ7B4%2Fm2yAzrb0hTJwec9CMAdpwrnTLdl4yoZlHnzKJpCfcbP2hQOzZGA7IpzcYHGf3zsdm3sle1n7iXEhFOT0oHmPcgninMEP5Y%2B3B137Dwmy0wWyuEETkVimWn6AfJDSNpZzR1OYXvF5%2FHPdJ%2FpREbzZs8RHZt0%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7fbad02c09594da1-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-fz7bv

GET
H3 200 widget Show response
www.uptycs.com/_hcms/livechat/ 297 B
1 KB 229ms
229ms XHR
application/json 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.uptycs.com/_hcms/livechat/widget?portalId=2617658&conversations-embed=static-1.13860&mobile=false&messagesUtk=945271bd27f1444e8af40c0eeb9078f3&traceId=945271bd27f1444e8af40c0eeb9078f3

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1380f23e5b88ee37b79142ab6854b765d683e13fb10f05e1c6a1e5fee1e12fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9535c8fb-082f-4ed2-a332-0c5beebf081c
x-envoy-upstream-service-time: 49
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9535c8fb-082f-4ed2-a332-0c5beebf081c
server: cloudflare
x-trace: 2B638011822BDA8235DF8390D65FA492FA78A47F21000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-x7p8v
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iiMqziJ1Hpl2ZUIoaPihGgboVuaBGG0siNnxhc3kAE%2FdtNe6E%2BnUw4fHEVTocvSBo2vFrgl38Vx%2F6hi1Qj4uEYWdxBuka4wFnHfKIFKv0rvUqh9QpmLbrLoUzZVOmM7BqJe5wN2bg2xOCYNs"}],"group":"cf-nel","max_age":604800}
cf-ray: 7fbad02bc8672c27-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1017 B 278ms
169ms Image
image/gif 2606:4700::6810:d6bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:d6bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 10:11:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 377e725a-9d4c-422b-b6ea-6e4138fc208f
x-envoy-upstream-service-time: 17
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 377e725a-9d4c-422b-b6ea-6e4138fc208f
Server: cloudflare
X-Trace: 2B691837B98E676E87A0B3BAC6388190A827FB12D1000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-2dtzq
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7fbad02dcdcc4d8a-FRA

GET
H2 200 Submit_arrow.svg
2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Home%20Page%20Images/ 270 B
1 KB 204ms
119ms Image
image/svg+xml 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://2617658.fs1.hubspotusercontent-na1.net/hubfs/2617658/Uptycs%20Theme%20-%202023/Home%20Page%20Images/Submit_arrow.svg
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/hs-fs/hub/2617658/hub_generated/template_assets/105237096759/1692382053628/Uptycs_Theme_2023/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7775c3a94d76e47ed6bda5a404bf940ef8f710223ecdd4bfb7f48edb58925430

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-105763674949,FD-105371464374,P-2617658,FLS-ALL
age: 269408
x-amz-request-id: 5CF7B8AJXPGK7B3W
x-amz-server-side-encryption: AES256
edge-cache-tag: F-105763674949,FD-105371464374,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: W/"d86c78f19be3b56354776168464f274a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678357972000
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:47 GMT
via: 1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: jMw4TxEmyrDKjLRp3HsQf.dOAbMI9oJK
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-105763674949,FD-105371464374,P-2617658,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: exkPRCp8j3Sehc8z/236FsLNHzM5yEM/bx8qolH38r+msrVw5yLjkY2iTBShKftLh3oi/ZGE/NlgUQr5XtzmIA==
last-modified: Thu, 09 Mar 2023 10:32:53 GMT
server: cloudflare
cf-ray: 7fbad02dcf929b8c-FRA
x-amz-cf-id: 5LI012dcIBk6-xzSS3EDoCMpp30nvtuwBYNjkvQNjGDf45qdHw4vXA==

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1017 B 256ms
155ms Image
image/gif 2606:4700::6810:d4bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:d4bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 10:11:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 6615ed28-83d8-44cd-a2ed-0f4e26ddefd1
x-envoy-upstream-service-time: 12
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6615ed28-83d8-44cd-a2ed-0f4e26ddefd1
Server: cloudflare
X-Trace: 2B69835EE2C9D57019796557F6F02C869B72694F37000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-pzkjr
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7fbad02debca4db4-FRA

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
433 B 169ms
154ms XHR
application/json 2606:4700::6810:a171
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=2617658&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a171 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6067dcd5dce2a3474610f14be162b671b90e8d916358d4cf324a526fb5e9ac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 323e1840-4387-471d-9e6b-aa415fd1bab9
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 323e1840-4387-471d-9e6b-aa415fd1bab9
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-89hzd
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 7fbad02da8b291e1-FRA

GET
H2 200 hs-web-interactive-2617658-127711067266 Show response
2617658.hs-sites.com/ Frame F1C9 26 KB
7 KB 265ms
168ms Document
text/html 2606:4700::6812:8e36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8e36 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb9dd5cf50c844e02194374b27804853a6765744086886a8213559e2a8fd331d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-127711067266,P-2617658,PGS-ALL,SW-0
cf-cache-status: HIT
cf-ray: 7fbad02e2db737f5-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Thu, 24 Aug 2023 10:11:47 GMT
edge-cache-tag: CT-127711067266,P-2617658,PGS-ALL,SW-0
last-modified: Thu, 24 Aug 2023 09:23:58 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
server: cloudflare
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 84
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-bots-td/envoy-proxy-547bf9f566-z4lrk
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 127711067266
x-hs-hub-id: 2617658
x-hubspot-correlation-id: dd1b6b87-eba4-4dd9-88e5-3d477001c1f0
x-request-id: dd1b6b87-eba4-4dd9-88e5-3d477001c1f0
x-robots-tag: none
x-trace: 2BB15F51C572B13B2DC0D989372E54FFA962D26244000000000000000000

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 245ms
153ms Image
image/gif 2606:4700::6810:d7bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:d7bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 10:11:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 15b1c925-4edb-444d-b9ce-be4630475e8a
x-envoy-upstream-service-time: 6
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 15b1c925-4edb-444d-b9ce-be4630475e8a
Last-Modified: Thu, 24 Aug 2023 10:11:47 GMT
Server: cloudflare
X-Trace: 2B35E3C9C1F75B3C6023BDC7E7E45C7E18F43746F5000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6fhst
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7fbad02e293d36e0-FRA

GET
H2 200 cf-location Show response
js.hs-banner.com/cookie-banner-public/v1/ 2 B
150 B 129ms
47ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/2617658.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-origin: https://www.uptycs.com
date: Thu, 24 Aug 2023 10:11:47 GMT
server: cloudflare
cf-ray: 7fbad02e18204d9e-FRA
content-length: 2
vary: Origin, Accept-Encoding
content-type: text/plain;charset=UTF-8

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 144ms
144ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.uptycs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.uptycs.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7fbad02e687f4d9e-FRA
content-length: 0
content-type: application/octet-stream
date: Thu, 24 Aug 2023 10:11:47 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 6
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-qh8zw
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: de344696-296a-45f3-a328-acb5a9923fa4
x-request-id: de344696-296a-45f3-a328-acb5a9923fa4

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
176 B 162ms
161ms XHR
text/plain 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/cookie-banner-public/v1/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/2617658.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 3c3769f8-4dbc-4653-8b1f-7b354b8d7c5e
x-envoy-upstream-service-time: 21
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 3c3769f8-4dbc-4653-8b1f-7b354b8d7c5e
server: cloudflare
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.uptycs.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
vary: origin
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-ww4tr
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7fbad02f59c14d9e-FRA

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1016 B 188ms
148ms Image
image/gif 2606:4700::6810:d6bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:d6bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 10:11:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 825beee0-ec11-471f-bb42-00c8f5f04863
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 825beee0-ec11-471f-bb42-00c8f5f04863
Server: cloudflare
X-Trace: 2BE6EAEF9369A7A95CE78A4693D15F97E1D8ADEF34000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-wcwld
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7fbad02edf0e4d8a-FRA

GET
H2 200 project.js Show response
2617658.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ Frame F1C9 1 KB
963 B 72ms
71ms Script
application/javascript 2606:4700::6812:8e36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2617658.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8e36 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
via: 1.1 bfa7dfbe8ca6d4eb3690c4c82ca6c0fa.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 17650030
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7fbad02f485b37f5-FRA
x-amz-cf-id: 8QXLw2UOfT_OkIUXh8Uk-Qb7YUhl4mYkBSxBcIeGI9pAOc0VmTrDlA==
expires: Fri, 23 Aug 2024 10:11:47 GMT

GET
H2 200 module_-53649664999_Button_interactive.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-53649664999/1692733226234/ Frame F1C9 114 B
1 KB 147ms
58ms Stylesheet
text/css 2606:4700::6811:1b79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-53649664999/1692733226234/module_-53649664999_Button_interactive.min.css
Requested by: Host: 2617658.hs-sites.com
URL: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:1b79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b94925cc30a38d4cff4893ce00128a1314eeeee9fa06ffb2d3650a5077050ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2617658.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-encoding: br
age: 138647
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"be7a4b154e718de7dee2ae186bac4fb8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692733226234
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 52992681-6849-48d0-b4da-2decaafb4354
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 220
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 52992681-6849-48d0-b4da-2decaafb4354
last-modified: Tue, 22 Aug 2023 19:40:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Y7XMDpt4gNOCGs0xHGyx3TjEi1zzNxu%2FrRtBi9tQuuGfhDO3SYQUknMWJQYTFMfqIJ%2FZGRYOfQNHxCUY1o%2BSRF9ND4dvs1yNj%2FJlCHPVE8caLAS4KBNi8BBBH4X%2FiWq6Lje77ALmDsEJgCD7V4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 7fbad02fd9ab9b8e-FRA

GET
H3 200 web-interactives-container.js Show response
js.hubspot.com/ Frame F1C9 20 KB
7 KB 111ms
60ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-container.js

Requested by

Host: 2617658.hs-sites.com
URL: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0e6fadc5b89bcf7490fb79af9087eac39335dad2537d325e6c169c3d4b44cfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2617658.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-encoding: br
age: 589
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-container/static-2.443/bundles/project.js&cfRay=7fbac1cafbc51c03-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"72c3bb1f4bf45213bc195a39edd8ca1e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-container/static-2.443/bundles/project.js
date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: bzQEuSGQQ05Tc.7CiB9mT2wvJuFZJRMD
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 9e8b16da-8d2b-4a32-be7e-702c820e0639
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-container-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9e8b16da-8d2b-4a32-be7e-702c820e0639
last-modified: Wed, 23 Aug 2023 02:34:03 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQRIGZNNHQSYmRj%2F8Epz9ekiVBg2uP7LF2qSL%2BnLs%2FACF8Ju4iRXx7hzJq%2BiC095w1ngsmzEHp1d9xHyUgW0bNxGsd5e5FWanNWFx6DLpfHlp2NvqTY%2BiyYVFG4Xi0Yb7%2BJJTGCBh6hSZ0yP"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-lhvpx
cf-ray: 7fbad02f9d351cab-FRA
x-amz-cf-id: r1DqLy53LzfWZVCW6ZxU3IUSwLcSV4jsN3WJITc795h1YuxWFFAiUg==

GET
H3 200 Screenshot%202023-07-24%20at%204.03.40%20PM.png
www.uptycs.com/hubfs/ Frame F1C9 152 KB
153 KB 102ms
96ms Image
image/webp 2606:2c40::c73c:67e2
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.uptycs.com/hubfs/Screenshot%202023-07-24%20at%204.03.40%20PM.png

Requested by

Host: 2617658.hs-sites.com
URL: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e2 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1c06dfcc768ec96cc85d8ccd84178009d9ee1cbe914ccfc9b13b713e08e0627

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2617658.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-126809452407,P-2617658,FLS-ALL
age: 241753
x-amz-request-id: WSCG853M6RRF6G4C
x-amz-server-side-encryption: AES256
edge-cache-tag: F-126809452407,P-2617658,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Screenshot%202023-07-24%20at%204.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "eb6c5a825c78f762a8cbfaa532577648"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690229056678
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 24 Aug 2023 10:11:47 GMT
strict-transport-security: max-age=31536000
via: 1.1 8e4700eb43d0f5579f360cfc02e71fac.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 7SVA_i50ve5Veeju8ipiINTqdpsjUufp
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=246319
x-cache: RefreshHit from cloudfront
cache-tag: F-126809452407,P-2617658,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 155372
x-amz-id-2: IDDiNDEq6GmztOXDsMdRLk11dQPW7P91EQYo1E53gzBh3X+gLcb/JstAT16/bpp63T3iLbDhHjE=
last-modified: Mon, 24 Jul 2023 20:04:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T6Hj24dDvOf6Awo6n4rh1oWaHJBqmB39qyD%2FzAkKo%2F4AMTzrKFR4KYfNTSOkvwtiG%2FUydVNPQFuniI%2B66GHKAI6Mu%2FYxU748fILbvL4g1P61vOuPnZ91Qi%2Bwsn%2Fkd2BSZpbAiHLhh7vNCiiT"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 7fbad0300f852c27-FRA
x-amz-cf-id: N5GvlbQTS32MryxBHgpDg6vGYaNGNeJIXXGsizVEvPw2Nyd163iLGw==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ Frame F1C9 14 KB
5 KB 89ms
49ms Script
application/javascript 2606:4700::6810:eeb9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: 2617658.hs-sites.com
URL: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:eeb9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2617658.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:47 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 3b5a3bc53642845f1ba1a839609aac0e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P2
age: 676715
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pSvVWOikddqhXS03Yrg%2BFOp4L%2BZi%2F7EuARkl54Li%2BsCnln3YdADgpkV0xSp2izIwsO7Qou70GQZ5gZOAiT%2BOYvglGazF0PNRGFwJ1614agW1DuvWfEzaez%2BGXPRPqeog9JHCDAIrKQ5anWfG12QO3mDo%2BqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 7fbad0307efd367d-FRA
x-amz-cf-id: 0CrtM1JaR-Y1udGBBPZNvOu46612wP2Rd98ATg9ajHbTnwiiIGq10A==
expires: Fri, 23 Aug 2024 10:11:47 GMT

GET
H3 200 700.woff2
2617658.hs-sites.com/_hcms/googlefonts/Lato/ Frame F1C9 15 KB
16 KB 135ms
121ms Font
font/woff2 2606:4700::6812:8e36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2617658.hs-sites.com/_hcms/googlefonts/Lato/700.woff2

Requested by

Host: 2617658.hs-sites.com
URL: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:8e36 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb58784762e1f4cd581dcf26cbed00d1c44ad0db7277b41a20cc602c6c93a03f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true
Origin: https://2617658.hs-sites.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

expires: Thu, 07 Sep 2023 10:11:47 GMT
date: Thu, 24 Aug 2023 10:11:47 GMT
via: 1.1 070b0d2884a220757828cffa8af8afd4.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 2436
x-amz-cf-pop: CDG53-C1
x-amz-server-side-encryption: AES256
x-amz-request-id: 8GHPM1FEG3DQNFZ3
x-cache: RefreshHit from cloudfront
x-amz-version-id: qjUM3HSFmEQmLBcEP4S7QqTU60_aWFce
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
content-length: 15204
x-amz-id-2: PWnrpsO4MbN661muoAE6gCd+ciRuok1NE817XTqYgZrD1G58M6uE7oD/iZmBWMmTRWlDBwQcqwGspf8smsiRfQ==
last-modified: Tue, 17 Jan 2023 22:05:34 GMT
server: cloudflare
etag: "2649b8a36bb1e56e1498cf449a6ca7af"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 7fbad0307ab91ac5-FRA
x-amz-cf-id: 7kMUWuh4H4jyia5NvBcFozxjL3j0egaUGCpGpvVsYdfmBhqgprBR7g==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 regular.woff2
2617658.hs-sites.com/_hcms/googlefonts/Lato/ Frame F1C9 15 KB
15 KB 82ms
76ms Font
font/woff2 2606:4700::6812:8e36
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://2617658.hs-sites.com/_hcms/googlefonts/Lato/regular.woff2

Requested by

Host: 2617658.hs-sites.com
URL: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:8e36 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7af61bd3913727d7a31c8e925ec3b04b4331a193bb3169e107f0033fa554b6e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://2617658.hs-sites.com/hs-web-interactive-2617658-127711067266?enableResponsiveStyles=true
Origin: https://2617658.hs-sites.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

expires: Thu, 07 Sep 2023 10:11:47 GMT
date: Thu, 24 Aug 2023 10:11:47 GMT
via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-security-policy: upgrade-insecure-requests
age: 2436
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-amz-request-id: YR7KXJRZTFWMG2WZ
x-cache: RefreshHit from cloudfront
x-amz-version-id: J0OOeJJqqhGiMhTNX3qbOiRT4iEUgSVM
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
content-length: 15008
x-amz-id-2: DSWOGBtDFDEbH/qfEV685LD3AU6YWejCBXwwadiiaR/qp4RY51d82/eqzi0i8/CZZjO3WJEZ6BA=
last-modified: Tue, 17 Jan 2023 22:05:43 GMT
server: cloudflare
etag: "cd795c06a0aed16bf47aa81c3d6c7a1c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 7fbad0309ae01ac5-FRA
x-amz-cf-id: wiSSlPYrs0Y9mz2i1o85_uOdA5ut22AJj2wVNY1bJVW7cgSBatxn7A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
472 B 192ms
173ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4036121453&v=1.1&a=2617658&pi=129626920068&ct=blog-post&ccu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cpi=129626920068&cgi=5593128451&lpi=129626920068&lvi=129626920068&lvc=en&pu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&t=Mitigating+Remote+Access+Trojan+Infection+Risk%3A+Telegram%2FQwixx+RAT&cts=1692871908032&vi=0daa892229519320f35249672ebae2ce&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 345868a9-4a9b-4967-9ffe-95ca4b9552c2
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 345868a9-4a9b-4967-9ffe-95ca4b9552c2
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e4YAoaomyDhnDQy%2F8%2B6P7PIBRr1RoNCtzJ21e3M85jO%2FyglCSPOKs8jJ%2BLZPnQKdSpdjxu1tXgFtf1m3TMP6IiGYAX6QR8ATrIgeGBA9cUJM0CQL5iekJfEFNtfgxooaAmK7a1QQR4n%2BBRva54i6"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-bwpt9
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7fbad0318a2e18db-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
667 B 215ms
168ms Image
image/gif 2606:4700::6810:d7bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:d7bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f694655a-f9a6-4289-831e-9b9fe9aa9927
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f694655a-f9a6-4289-831e-9b9fe9aa9927
last-modified: Thu, 24 Aug 2023 10:11:48 GMT
server: cloudflare
x-trace: 2BCC682B074987BA2E05B868A478B506D997289052000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6xsfj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 7fbad031bdea694c-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
567 B 194ms
176ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%2245f73940-c8e4-472e-90f2-eb31ef9dd718%22%2C%229c5b3cee-36ad-4f38-b65c-aac3c2e92ec6%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4036121453&v=1.1&a=2617658&pi=129626920068&ct=blog-post&ccu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cpi=129626920068&cgi=5593128451&lpi=129626920068&lvi=129626920068&lvc=en&pu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&t=Mitigating+Remote+Access+Trojan+Infection+Risk%3A+Telegram%2FQwixx+RAT&cts=1692871908034&vi=0daa892229519320f35249672ebae2ce&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 657b540c-51bd-4a19-b358-490a391739b3
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 10
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 657b540c-51bd-4a19-b358-490a391739b3
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qwgUjSOCaaDPV8YZCovO7u9IglljBTsctfFcNgKwxLUXdrmkFKyYNPV0FbvUmJx9fF71tmEAFIru7zSGYGfw8V45XDtRypdu13ERffRoUO9BeS2mgvlMvMoRfoDd6xsSo7Pic4wbTh%2F7tYy3odYi"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-fmrhj
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7fbad0318a2a18db-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
453 B 198ms
181ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=0492e7b1-c029-4110-8042-598f482d9802&fci=64f19ce6-1bb3-4e72-ba8d-e9b578ae9c3a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4036121453&v=1.1&a=2617658&pi=129626920068&ct=blog-post&ccu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cpi=129626920068&cgi=5593128451&lpi=129626920068&lvi=129626920068&lvc=en&pu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&t=Mitigating+Remote+Access+Trojan+Infection+Risk%3A+Telegram%2FQwixx+RAT&cts=1692871908036&vi=0daa892229519320f35249672ebae2ce&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0488ed7d-a216-4928-aa67-48673e639d80
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0488ed7d-a216-4928-aa67-48673e639d80
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=akqtsjtxDfeOE01owbkZK3RDSX0gWcTmXWgN1nVwXOrFp43KboquKu3%2BzT1FtNczW3Wzb8mk22AwmFYpEc0Ud22rtrCYp0eHuWL%2BP1ju7H6HIzz515265hIHqmvw8H%2BsjYNZaZ%2F4KpzAbLUl33Nb"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-mx5h4
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7fbad0318a2b18db-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
642 B 189ms
171ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=0492e7b1-c029-4110-8042-598f482d9802&fci=64f19ce6-1bb3-4e72-ba8d-e9b578ae9c3a&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4036121453&v=1.1&a=2617658&pi=129626920068&ct=blog-post&ccu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cpi=129626920068&cgi=5593128451&lpi=129626920068&lvi=129626920068&lvc=en&pu=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&t=Mitigating+Remote+Access+Trojan+Infection+Risk%3A+Telegram%2FQwixx+RAT&cts=1692871908038&vi=0daa892229519320f35249672ebae2ce&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ee660ab0-a47e-4d7c-9daa-26727f993714
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ee660ab0-a47e-4d7c-9daa-26727f993714
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vkeM8w5sqJagSNAc%2Bn3Lv80GMyN5ZGaVewH2BW3rCoJugFm9ONkntthqvIdADF6s5WLmLfGEKtPa8rM6HcDg%2FAkLH6zqacXsRfkyrk6oMwQlecGvaRGLuw9M1DvjZ4h4lWVtfpnoE7bja7BTtqKT"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-s99qq
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7fbad0318a2c18db-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
635 B 225ms
180ms Image
image/gif 2606:4700::6810:d7bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=interactive-shown&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:d7bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7fbbd625-f4a3-4dc3-b7c5-4d9952b8243c
x-envoy-upstream-service-time: 16
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7fbbd625-f4a3-4dc3-b7c5-4d9952b8243c
last-modified: Thu, 24 Aug 2023 10:11:48 GMT
server: cloudflare
x-trace: 2B556EA50C68E9C98394D31420ABD14BF6D33CE162000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-fz7bv
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 7fbad031bdf4694c-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 232 KB
81 KB 224ms
62ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ebd7119892157567b520f5ad116ee1397366510e6450d9e01ec2bf7747d9e494

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82700
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 24 Aug 2023 10:11:50 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 259ms
94ms Script
application/javascript 95.100.146.25

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.100.146.25 -, , ASN (),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Aug 2023 10:11:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Thu, 24 Aug 2023 10:11:50 GMT

GET
H2 200 0036b213134bb87d518c56fbdc671d2b.js Show response
ob.segreencolumn.com/i/ 96 KB
35 KB 175ms
60ms Script
text/javascript 2600:9000:20c3:6800:18:15b9:5a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.segreencolumn.com/i/0036b213134bb87d518c56fbdc671d2b.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:6800:18:15b9:5a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: 5edb40e7d142bcaca6f113cdfbd652debfe818927520cace60006cc4588a1d38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 02:27:01 GMT
content-encoding: gzip
via: 1.1 89a45b9ac94fb6c6e52c37fdd89a6cb0.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: MUC50-C1
age: 33377
etag: "17fdf-OidwYGhUV4wDXYcopf2TCxsqzIM"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 35640
x-amz-cf-id: 4FYpnfLEzsLUIJa4sJaQJHBrHE9ffNg_GTt7LA8_3vbr8nm_1DL-Tw==
expires: Thu, 24 Aug 2023 12:55:33 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 176ms
56ms Script
application/x-javascript 2a02:26f0:780::210:a423
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a423 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=32070
accept-ranges: bytes
content-length: 4862

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 139ms
40ms Script
application/javascript 18.173.187.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-35.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-version-id: Rt6XPSKiJ8UdHSAhNzDbvtFnl_cNNgVn
content-encoding: gzip
via: 1.1 03f0b5e1388e49b279dc44f8ff1caa78.cloudfront.net (CloudFront)
date: Thu, 24 Aug 2023 07:06:26 GMT
last-modified: Mon, 24 Jul 2023 07:50:42 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P4
age: 11126
etag: W/"4eb0c668e820abe414d19a11b92dd0fa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: QsasZQF_gH7CaMWfFJCciWLzYr-B_jzmr12lV1IqHKJvKpaQR7QA7Q==

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 171 KB
54 KB 160ms
49ms Script
application/javascript 2600:9000:20c3:9600:15:a0d3:77c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: www.uptycs.com
URL: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20c3:9600:15:a0d3:77c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-amz-version-id: 6Er2d0GJvgnFniPQXIH7h8kzG7dJBNJf
content-encoding: gzip
via: 1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
date: Thu, 24 Aug 2023 10:11:46 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
x-amz-cf-pop: MUC50-C1
age: 6
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 22 Nov 2022 11:31:37 GMT
server: AmazonS3
etag: W/"1c27f449b067550681f23ad3e53988fa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: microphone 'none'; camera 'none';
x-amz-cf-id: wayux6zJOTBV-0xzBz-vFBn0_R1HiBG6MHosokA1tGYTXu7BU5dJDg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 266 KB
89 KB 59ms
58ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FM1R8N7KP8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P663XDQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

377befe9fa491d84e89db596ed749b4291d579045c04b3d81a73d549c3cd08cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90576
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 24 Aug 2023 10:11:50 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 141ms
48ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-FM1R8N7KP8&gtm=45je38l0&_p=1985176845&_gaz=1&cid=1224772951.1692871911&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692871910&sct=1&seg=0&dl=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&dt=Mitigating%20Remote%20Access%20Trojan%20Infection%20Risk%3A%20Telegram%2FQwixx%20RAT&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FM1R8N7KP8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Aug 2023 10:11:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.uptycs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 153ms
47ms Ping
text/plain 2a00:1450:400c:c0c::9a

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FM1R8N7KP8&cid=1224772951.1692871911&gtm=45je38l0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FM1R8N7KP8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Aug 2023 10:11:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.uptycs.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 179ms
86ms Image
image/gif 2a00:1450:4001:831::2003

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FM1R8N7KP8&cid=1224772951.1692871911&gtm=45je38l0&aip=1&z=1792596395

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Aug 2023 10:11:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 199 B
562 B 195ms
194ms Fetch
application/json 18.173.187.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-35.muc50.r.cloudfront.net
Software: / Express
Resource Hash: b4e1cdfb6f5fedb404e343f8125401709ad3775e3fe4957792f12a65ce01cf44

Request headers

Content-Type: application/json
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
accept-language: de-DE,de;q=0.9
Authorization: Bearer 5d799bfd871670447419
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
visited_url: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram

Response headers

date: Thu, 24 Aug 2023 10:11:51 GMT
via: 1.1 3d60650fd0c339e18e816ce29f9a0da0.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P4
x-powered-by: Express
etag: W/"c7-Z3n4sd8Zh4VPVMj3TAj35EKnjUM"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 199
apigw-requestid: KKP0LiXKvHcEN5g=
x-amz-cf-id: yCl6mfNwxp8J428MuGHS0T5gQ_V_9xB0jyPitMRDmFW3z0oVa9TD1w==

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 286ms
192ms Preflight 18.173.187.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-35.muc50.r.cloudfront.net
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.uptycs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: KKP0JgNRvHcEMQg=
date: Thu, 24 Aug 2023 10:11:51 GMT
vary: Access-Control-Request-Headers
via: 1.1 3d60650fd0c339e18e816ce29f9a0da0.cloudfront.net (CloudFront)
x-amz-cf-id: 4jPb3W1lul3HxGKMbkiSV1pGuQaxfkxURqkSx_vdXBWjeXzd7rkzkQ==
x-amz-cf-pop: MUC50-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/1252922/domain/uptycs.com/ 36 B
377 B 165ms
49ms XHR
application/json 2600:9000:26db:c00:2:53b2:240:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/1252922/domain/uptycs.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c00:2:53b2:240:93a1 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 09:33:44 GMT
content-encoding: gzip
via: 1.1 67b5b59d34e71a36a3955bf957ea9ed2.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 2287
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: teFL1wPCmR7LhXj-1dQLH11ESXt5iyBQUJQ0B7IWC_aCpgBoLm6X4Q==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1252922%26time%3D1692871910881%26url%3Dhttps%253A%252F%252Fwww.uptycs.com%252Fblo...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true&liSync=true&e_ipv6=AQLV...

0
265 B

258ms
146ms

Image
application/javascript

13.107.42.14

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true&liSync=true&e_ipv6=AQLVit2pGENZ7wAAAYonB24yFmZmUat5ip9Tc17bpg-mm8w2W3nEVYEHW8Is1VGwdN1ZsAg
Protocol: H2
Server: 13.107.42.14 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:52 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 65C6FE367F5A47D5834472372A14CD83 Ref B: FRAEDGE1313 Ref C: 2023-08-24T10:11:53Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYDqHUKPElvMjSDOtyDnQ==

Redirect headers

date: Thu, 24 Aug 2023 10:11:52 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 3E807688C9A445F1A91B80256D9CA861 Ref B: FRAEDGE2009 Ref C: 2023-08-24T10:11:52Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1252922&time=1692871910881&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&cookiesTest=true&liSync=true&e_ipv6=AQLVit2pGENZ7wAAAYonB24yFmZmUat5ip9Tc17bpg-mm8w2W3nEVYEHW8Is1VGwdN1ZsAg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYDqHUGYEJh3plra+D4LQ==

GET
H2 200 ct Show response
obs.segreencolumn.com/ 3 KB
1 KB 682ms
136ms Script
text/javascript 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.segreencolumn.com/ct?id=44824&url=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1692871911041&hl=2&op=0&ag=1708050661&rand=83899960252727022801200010087710036122456878801428290980805524798278262196009579222&fs=1600x1200&fst=1600x1200&np=win32&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDg5NDNdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjksXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjozNjk4NTE4NzEwLFwic2VjXCI6XCJcIn0iXSxbMzcsIlszMzE2MjI0MDQ5LGZ1bmN0aW9uKG5ld1ZhbHVlKSB7XG4gICAgICAgICAgICAgIGFkZENvbnRlbnRXaW5kb3dQcm94eSh0aGlzKVxuICAgICAgICAgICAgICAvLyBSZXNldCBwcm9wZXJ0eSwgdGhlIGhvb2sgaXMgb25seSBuZWVkZWQgb25jZVxuICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoaWZyYW1lLCAnc3JjZG9jJywge1xuICAgICAgICAgICAgICAgIGNvbmZpZ3VyYWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgd3JpdGFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHZhbHVlOiBfc3JjZG9jXG4gICAgICAgICAgICAgIH0pXG4gICAgICAgICAgICAgIF9pZnJhbWUuc3JjZG9jID0gbmV3VmFsdWVcbiAgICAgICAgICAgIH1dIl0sWyJjYiIsIjAsMCwwLDAsMCwwLDAsMCwwLDMsMCwwLDExLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEyLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDYsMCwwLDAsMCwwLDAsMCwzIl0sWy0xLCItIl0sWy0yLCI1LGVjWEdYMTlubnJ2Vk8ySmRsTmh4QktRa0x2U0ZkQVFCQ2xoMTRWVVZGQWxGNytDQUlxWFJCRkNFMTZGWWtvVlVwQVdoQVNJRDJrWjVOdFUrNjliLzErNTg3Y3pXUkpBUGxHbDkiXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcIm1oamZibWRnY2ZqYmJwYWVvam9mb2hvZWZnaWVoamFpXCIsXCJpbnRlcm5hbC1uYWNsLXBsdWdpblwiXSJdLFstNCwiLSJdLFstNSwiLSJdLFstNiwiLSJdLFstNywiLSJdLFstOCwiLSJdLFstOSwiKyJdLFstMTAsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiLFwib2c6ZGVzY3JpcHRpb25cIixcIm9nOnRpdGxlXCIsXCJ0d2l0dGVyOmRlc2NyaXB0aW9uXCIsXCJ0d2l0dGVyOnRpdGxlXCJdfSJdLFstMTIsIm51bGwiXSxbLTEzLCItIl0sWy0xNCwiLSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0xNywiNCJdLFstMTgsIlswLDAsMCwxXSJdLFstMTksIlswLDAsMCwwLDAsMCwxLDI0LDI0LFwiLVwiLDE2MDAsMTIwMCwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTIwMCwwLDAsMCwwLFwiLVwiLFwiLVwiLDE2MDAsMTIwMF0iXSxbLTIwLCIxMjI0NzcyOTUxLjE2OTI4NzE5MTEiXSxbLTIxLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMjMsIisiXSxbLTI0LCJbXSJdLFstMjUsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6MjQ1MDAwMDAsXCJ1amhzXCI6MTgyMDAwMDAsXCJqaHNsXCI6Mzc2MDAwMDAwMH0iXSxbLTI3LCJbMCw5LjMsMCxcIjRnXCIsbnVsbF0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMjksIi0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTMxLCJmYWxzZSJdLFstMzIsIi0iXSxbLTMzLCItIl0sWy0zNCwiLSJdLFstMzUsIlsxNjkyODcxOTExMDE4LC0yXSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy0zNywiLTE0NC02Ni0xODAtIl0sWy0zOCwiYywtMSwtMSwwLDAsMSwwLDU0LDg2LDE2NSwtMSwxNyw0ODQuNiw0ODQuNiw1MjQzLDUyNDMiXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDQsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsMyxmYWxzZSx0cnVlLG51bGwsMF0iXSxbLTQwLCIzMyJdLFstNDEsIi0iXSxbLTQyLCIxNzI0Mjk3NjUzIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMCJdLFstNDQsIjAsMCwwLDUiXSxbLTQ1LCI2MjAsNjc3LDAsMCwwLDU2MiwwLDAsNjQ4LDAsMCwwLDAsMCwwLDAsMCwwLDAsNjg0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy00NiwiMCJdLFstNDcsIkV1cm9wZS9CZXJsaW4sZW4tVVMsbGF0bixncmVnb3J5Il0sWy00OCwiMCwwIl0sWy00OSwiLSJdLFstNTAsIi0iXSxbLTUxLCItIl0sWy01MiwiLSJdLFstNTMsIjEwMCJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMjg3Mjg5OTMyMFwiXSxcImRcIjpbXSxcImJcIjpbXCJfMlwiLFwiMzkxNTAzMzIxNlwiXSxcInNcIjoxfSJdLFstNTUsIjEiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNTcsIldFMFpWMXhPY1ZoWFhWVmNTeGNGV2xaVVNVeE5YRjBIR1dKWVNobFlTVWxWUUdRWkVWeFBXRlVaV0UwWkJWaFhWbGRBVkZaTVNnY1pFUU1PQXdnTUNRNElBUkFWR1FWWVYxWlhRRlJXVEVvSEF3Z0JBd29KRUJWWVRSbDRTMHRZUUJkTFhCa1JVVTFOU1VvREZoWldXeGRLWEY1TFhGeFhXbFpWVEZSWEYxcFdWQlpRRmdrSkNnOWJDd2dLQ0FvTlcxc0JEbDBNQ0FGYURBOWZXMTFhRHc0SVhRdGJGMU5LQXdnRER3d0lBQUVRRlZoTkdVMFhYRUZKVmt0TlNoa1JVVTFOU1VvREZoWldXeGRLWEY1TFhGeFhXbFpWVEZSWEYxcFdWQlpRRmdrSkNnOWJDd2dLQ0FvTlcxc0JEbDBNQ0FGYURBOWZXMTFhRHc0SVhRdGJGdz09Il0sWy01OCwiLSJdLFstNTksImRlZmF1bHQiXSxbLTYwLDIyNV0sWy02MSwie1wid2dzbFwiOlwiMDtcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFstNjIsIi0iXSxbLTYzLCIwIl0sWyJkZGIiLCIwLDUsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMSwwLDIsOSwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMSwwLDAsNiwwLDAsMCJdLFsiYm5jaCIsNjddLFsiYWJuY2giLDY4XV0%3D&dep=0&pre=0&sdd=%7B%7D&cri=qCwzYEFJkP&pto=5266&ver=56&gac=1224772951.1692871911&mei=&ap=&fe=1&duid=1.1692871911.xIpXJcZgk4RexSAN&suid=1.1692871911.ODtciJ97qFE6LoXg&tuid=1.1692871911.4KwNJwsupE0Ee5R6&fbc=-&gtm=W10%3D&it=71%2C4923%2C235&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0
Requested by: Host: ob.segreencolumn.com
URL: https://ob.segreencolumn.com/i/0036b213134bb87d518c56fbdc671d2b.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5442eb1b5bec8c9be9c6b3e1a3e5e5ba761427ef90f6636568391b1b66abbe14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-type: text/javascript
pragma: no-cache
date: Thu, 24 Aug 2023 10:11:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 1199
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 60ms
51ms XHR
text/html 95.100.146.25

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.146.25 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:52 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.uptycs.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 19 B
309 B 181ms
41ms XHR
text/html 2a02:26f0:480:23::1726:62a7

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a7 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 24 Aug 2023 10:11:52 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.uptycs.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a01:4a0:1338:92::7
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1692871912742_388391911_499617020_29_1629_38_80_219";dur=1
content-length: 19
expires: Thu, 24 Aug 2023 10:11:52 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 289ms
281ms Image
image/gif 95.100.146.25

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=7f8bd8662c3cd8304b53ece67c07c07c&svisitor=null&visitor=3add0668-e032-41fd-83fc-eebd4357f680&session=3ac6d319-8554-49c4-8308-c6a829197a6d&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2024%20Aug%202023%2010%3A11%3A52%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2024%20Aug%202023%2010%3A11%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%227f8bd8662c3cd8304b53ece67c07c07c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2024%20Aug%202023%2010%3A11%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2024%20Aug%202023%2010%3A11%3A52%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Read%20about%20QwixxRAT%2C%20a%20new%20Remote%20Access%20Trojan%20infiltrating%20devices%20via%20Telegram%20%26%20Discord%3A%20technical%20analysis%20%26%20protective%20measures%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mitigating%20Remote%20Access%20Trojan%20Infection%20Risk%3A%20Telegram%2FQwixx%20RAT%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&pageViewId=ee485c0d-173b-4883-8b37-5103e0d7fc6d&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.100.146.25 -, , ASN (),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:52 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/6127ecc2d037650015c31617/ Frame 0
0 292ms
199ms Preflight
text/html 2606:4700::6810:ddee

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6127ecc2d037650015c31617/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:ddee -, , ASN (),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type
Access-Control-Request-Method: GET
Origin: https://www.uptycs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
access-control-allow-origin: https://www.uptycs.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7fbad04eecb11e0c-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 24 Aug 2023 10:11:52 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

GET
H2 200 formcomplete.js Show response
ws-assets.zoominfo.com/ 56 KB
18 KB 163ms
69ms Script
application/javascript 2606:4700::6810:ddee

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:ddee -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: f03450bb6efbf09d31b7d62bd7b5ebe3e21ca4c132341b929dcfd2d0e21f133e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:52 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 704
x-guploader-uploadid: ADPycdsOhLW3I7dT80zKUX5BscRV_mrQ_a5JfUfciX95dR4Cym4riVgwbkXhowgVYg_mDYOJCRsUW4HGPOWtcrdboSpkdg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 16 May 2023 09:01:21 GMT
server: cloudflare
etag: W/"98af2c9e21e222c751d8c61f27ca2f67"
x-goog-hash: crc32c=hquDPQ==, md5=mK8sniHiIsdR2MYfJ8ovZw==
x-goog-generation: 1684227681426057
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 57282
cf-ray: 7fbad04ed947371c-FRA
expires: Thu, 24 Aug 2023 11:00:08 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/6127ecc2d037650015c31617/ 3 KB
1 KB 269ms
195ms Fetch
text/javascript 2606:4700::6810:ddee

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/6127ecc2d037650015c31617/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:ddee -, , ASN (),

Reverse DNS

Software

cloudflare / Express

Resource Hash

eb1830faee30efb7bb46b0c461dcdb6dd8fd43206a0d94ab2f928504f8e4585b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
_vtok: ODAuMjU1LjcuMTA5
_zitok: b6daf4bf233e512eac401692871911
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/javascript

Response headers

date: Thu, 24 Aug 2023 10:11:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.uptycs.com
access-control-allow-credentials: true
cf-ray: 7fbad05099ee363e-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

GET
H2 200 tc_imp.gif
obs.segreencolumn.com/tracker/ 43 B
102 B 120ms
120ms Image
image/gif 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.segreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001363eccf32eb4e8b9c9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5a15856f2317071a10acf9f29f674cd7848806243c18af7c7e00813c8c65c455390571c75a025d3d010dc1be3f1c77be26bb25cb43e2916af05365ac097c7a1bdb50ef4ef497d7d63fbb2807ff7ecaa8556d8e0e3143714493d60264f260b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c4b92177af998ffe4198b6dec06c213f85e162ae7d133722b325f817c99ec59b058609fc6e359143e3dd385293e88864c06513c157a77bb9e70392652b48d1c2ad7f4ec3ee3b8192d4079b4a7a4928677a0d8d65eee489d593e72aeb9cce4b46d8fd9e16c893008c3e5db6e4d57e56b7dab961664ec8efd278704ac4eb5821dcb4e98c62e976966919e2edd6191dae1f19df3f1477fe425bfb9fe2f4d26f9913f82be50eb0102419457459a9796dd8deb9726d32bc1d2b48577a37c753981353b939b9c58209feb72aa06f682028067a27541471bdf23b417c688b878b6803dd71fe8cf929b6189191c3eb31e04547d5873cbec3be5148f82c725e5c625dbb76c94c2e9be25dcfea748653ed0bf1004cbb00d5d12e4ebf274ae2888f64ebcb83cb86ef369c012d05497fb2edb0879b5e8cb316e7b395c74195605f4f3907e8553c419171677bccd1bcd920a0dfcbadbbdbb6ecbe8e5e287fea6f343483df24687a4457cd51116478e36033515a269a56404d0f7d321d672dd4e96a22ccdb9119a6712272104600e9fc8e7c73f7953861b469ccfc4b8b8cb4f189db7b4618bc9737ac4cf143c6de58cda5021ab3a835f9d77ff2dcf57829c01f2a833fc9a8edb9a4f65eee93a629c3edfcdd8d145f63b6f1267c1202021cfb1439daf5193cd89c246cc99863507354fb93ca204ab4bcdf52dc56b3928467b0b0ae726d1e96447a57d84e2ac61cbc55f8d6a72a9187e2498e9d80b5bf0758ec96ea04072450ac93b59d7aab56ed94b2cd8c545b3d5b6929c5098190c301ff26b3706cdd45d20e56fb6ba9872d1b1b9590423fc782a0918dd4305a48be41b12997e6393cad653c3d5a6dd197ff822b1592f0a905231209683555381d7ffc4bdf140a328ac3090799d93109dae816b45b3d91399c7e0e5d6f9809c6801d9ab&cri=qCwzYEFJkP&ts=1642&cb=1692871912683
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
date: Thu, 24 Aug 2023 10:11:52 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
BLOB 200
OK 8cd40a96-6447-45ea-a650-293e1e85c378
https://www.uptycs.com/ 261 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.uptycs.com/8cd40a96-6447-45ea-a650-293e1e85c378
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4893d19887d2089c821253b4287286e98d423f4810d913ceb50d07c7a211f4b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Length: 261
Content-Type

OPTIONS
H2 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 174ms
174ms Preflight
text/html 2606:4700::6810:ddee

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:ddee -, , ASN (),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.uptycs.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://www.uptycs.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7fbad04f5d6a1e0c-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 24 Aug 2023 10:11:52 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ 396 B
670 B 207ms
189ms Fetch
application/json 2606:4700::6810:ddee

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:ddee -, , ASN (),

Reverse DNS

Software

cloudflare / Express

Resource Hash

f183a02540b19ddb117ab6e690021755770b5f73784eded85066bab395c7cdab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
accept-language: de-DE,de;q=0.9
Authorization: bearer eb80a034af9a77c4c43d5841044feb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 24 Aug 2023 10:11:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
etag: W/"18c-UDdq46tNmFhkRcWaR9URtM35s0A"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.uptycs.com
access-control-allow-credentials: true
cf-ray: 7fbad05099ec363e-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
alt-svc: h3=":443"; ma=86400

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 265ms
265ms Image
image/gif 95.100.146.25

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=7f8bd8662c3cd8304b53ece67c07c07c&svisitor=null&visitor=3add0668-e032-41fd-83fc-eebd4357f680&session=3ac6d319-8554-49c4-8308-c6a829197a6d&event=ipv6&q=%7B%22address%22%3A%222a01%3A4a0%3A1338%3A92%3A%3A7%22%7D&isIframe=false&m=%7B%22description%22%3A%22Read%20about%20QwixxRAT%2C%20a%20new%20Remote%20Access%20Trojan%20infiltrating%20devices%20via%20Telegram%20%26%20Discord%3A%20technical%20analysis%20%26%20protective%20measures%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Mitigating%20Remote%20Access%20Trojan%20Infection%20Risk%3A%20Telegram%2FQwixx%20RAT%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.uptycs.com%2Fblog%2Fremote-access-trojan-qwixx-telegram&pageViewId=ee485c0d-173b-4883-8b37-5103e0d7fc6d&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.100.146.25 -, , ASN (),

Reverse DNS

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.uptycs.com/blog/remote-access-trojan-qwixx-telegram
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 10:11:53 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.uptycs.com/	1970-01-20 14:14:33	Name: __cf_bm Value: 2vDHsfv6iMdQa0AQB4t2rMyjNKRn79QYexE1KGc.L0o-1692871906-0-AYuf5aaIDmOaYGWMNtWYSRmV9V71Yhu6KAG46zdXYXZpvMBLVlD0q29zfvhNdDgP8khL+d21thYAoCXPxnA31zA=
.www.uptycs.com/	1969-12-31 23:59:59	Name: __cfruid Value: 3f500652a5e2e00de8fc9bd00af18c785270851a-1692871906
.hubspot.com/	1970-01-20 14:14:33	Name: __cf_bm Value: nQhQ7_Up3aAvPyJBFC_4JxAmOxOOD_6USq6C2WpOQdE-1692871906-0-AQFJ+RCsTVoEQp9PUTO/0wqdC04+W1gR8QVfeW201XvpKOuuBwAUStm8Y1p8FeBQu1Rzu2XmHuVUvzMR7G6PNZ8=
.hs-sites.com/	1969-12-31 23:59:59	Name: __cfruid Value: 59ea378d5a8991a71c1362c54455b59422dd2eff-1692871907
.uptycs.com/	1970-01-20 16:24:07	Name: _gcl_au Value: 1.1.1411390952.1692871911
.uptycs.com/	1970-01-20 23:50:31	Name: _ga_FM1R8N7KP8 Value: GS1.1.1692871910.1.0.1692871910.60.0.0
.uptycs.com/	1970-01-20 23:50:31	Name: _ga Value: GA1.1.1224772951.1692871911
.uptycs.com/	1970-01-20 16:25:55	Name: _cq_duid Value: 1.1692871911.xIpXJcZgk4RexSAN
.uptycs.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1692871911.ODtciJ97qFE6LoXg
.linkedin.com/	1970-01-20 16:24:07	Name: li_sugr Value: 650249ed-93af-46a5-9d30-1db537492a7e
.linkedin.com/	1970-01-20 23:00:07	Name: bcookie Value: "v=2&2779cb44-2df6-43c5-8203-bafc961bcff9"
.linkedin.com/	1970-01-20 14:15:58	Name: lidc Value: "b=VGST05:s=V:r=V:a=V:p=V:g=2835:u=1:x=1:i=1692871911:t=1692958311:v=2:sig=AQFxnlIOxnCCF5yMVxYv5S3yVW6pSi6u"
obs.segreencolumn.com/	1970-01-20 22:18:22	Name: cg_uuid Value: 5e711833a49467c73a90bd82285b70dc

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	verbose	URL: blob:https://www.uptycs.com/8cd40a96-6447-45ea-a650-293e1e85c378(Line 1) Message: Error

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2617658.fs1.hubspotusercontent-na1.net
2617658.hs-sites.com
app.hubspot.com
b.6sc.co
c.6sc.co
cdn.linkedin.oribi.io
cdn2.hubspot.net
cta-service-cms2.hubspot.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hubspot.com
js.usemessages.com
js.zi-scripts.com
no-cache.hubspot.com
ob.segreencolumn.com
obs.segreencolumn.com
perf-na1.hsforms.com
perf.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s7.addthis.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
track.hubspot.com
ws-assets.zoominfo.com
ws.zoominfo.com
www.clickcease.com
www.google.de
www.googletagmanager.com
www.linkedin.com
www.uptycs.com
104.75.88.126
13.107.42.14
18.173.187.35
2001:4860:4802:34::36
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
2600:9000:20c3:6800:18:15b9:5a80:93a1
2600:9000:20c3:9600:15:a0d3:77c0:93a1
2600:9000:26db:c00:2:53b2:240:93a1
2606:2c40::c73c:67e2
2606:4700:4400::6812:297c
2606:4700:4400::ac40:991b
2606:4700::6810:a171
2606:4700::6810:cc27
2606:4700::6810:d4bf
2606:4700::6810:d6bf
2606:4700::6810:d7bf
2606:4700::6810:ddee
2606:4700::6810:eeb9
2606:4700::6811:1b79
2606:4700::6812:7441
2606:4700::6812:8591
2606:4700::6812:8e36
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2a00:1450:4001:82a::2008
2a00:1450:4001:831::2003
2a00:1450:400c:c0c::9a
2a02:26f0:480:23::1726:62a7
2a02:26f0:780::210:a423
95.100.146.25
026c249acda71b64fe2510542d88ae26073694f89b595b1fd0e9f3ad501bf6b4
0b94925cc30a38d4cff4893ce00128a1314eeeee9fa06ffb2d3650a5077050ab
1024db20df71903f3bd673cc9e99ce16ea9dc5489260baa0647b88674937d75b
1bd1897c94de48948b583f4372e6d341fecbd6284980801a7bdeca08505741dc
27e3943c6d2d808f1ec811588ba8fa1b36ce3e3293c723582ae0c1c8820995a6
2c2a27f458120ec13bf467adb5fe1e867ef55aec82fb0e4bac4842dc0a8bd327
2f6b22634a8bc916dee224c5221e72ae9178673c5718cfed7ebe59279a5ac6f5
301c367662b3740ecc712ac0227e2369059123ccceca01296a95e674d657291b
317e8bc65a6810eecbf2aed4bb1236f15927eaa80e29c236328ede8e497a65d8
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
36a58b231f4bd34d323b5a7da9caf1a2706ecc87ca22a822763b96659043017e
377befe9fa491d84e89db596ed749b4291d579045c04b3d81a73d549c3cd08cb
3fb0e4fbfcd0e207130cf63c0a62e053cefae5c035cd45e11a6a4564687624ad
418371d4b7ddaea15fc991b9f6b0d479abb06cae24c54c365823e1e51d3d7d4e
4a6b5dd68b68e2407142dbee284c55ae38b31044a205ffe9b2412f37a0e9f793
4f387f7364d592087b2616eb6b7abffc179dbd63e6ea4bbdfb891d471783048a
4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22
531b8e2e19fc6ca9b09f0a73587963b0dbe3b79ea056fb10d0875b91653bbb40
5442eb1b5bec8c9be9c6b3e1a3e5e5ba761427ef90f6636568391b1b66abbe14
5623e9b1282e7a679a484471893d725a1c7fd3f53f73acbe24d593837be53cb8
5edb40e7d142bcaca6f113cdfbd652debfe818927520cace60006cc4588a1d38
62e120f9707942e703ef7a54d281e0f4a4027114e88e57f38909e48927029604
6775f1e339bb198bba4abe4fc365a22648e1b670ee3fab7d46f57eb44a03a25f
6814ef46f686990cf4e946f966167b0507e1d642c44e51f61bffb0bba2d4672b
699aa104ff2c30ec70b1a23f7b82efc219d6592c9f16c9decf43735d24a47b25
69ff013760515696c54749156ae5dba9f130fa01e2e355fec69a26e6d87f1892
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
705b8e12b5fa2c5bb36f6df0f526d7915bb4fbaad7934d9c1b20686d56895240
73b773dcd21161d4d8433d3f1690fc470a57de8a028190e747ca8012c26f9a5c
74e99d9a9df6c394637b879d5c6a263a86cb857d61d8f90bd3e79cc634d34a98
7775c3a94d76e47ed6bda5a404bf940ef8f710223ecdd4bfb7f48edb58925430
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
8500caa0b830fd7250d3858055c9b3eb34ade83bd022d3e1b154b1dd6fe11875
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
92b6882a6f1f89eaea5cd62363f34180267d117487929efc8e050c20cacc5174
92cb228fb9440bac15485ceee66c5d2b1f193b347cedd8213f1d645e30dc8238
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
a0e6fadc5b89bcf7490fb79af9087eac39335dad2537d325e6c169c3d4b44cfb
a1380f23e5b88ee37b79142ab6854b765d683e13fb10f05e1c6a1e5fee1e12fe
a3b9b5d205b509f08f501065454e6fa6628a122dd0908f79b9a12aa5934baf5c
a58896c2943d06c75d2cf9df7a44956852048664c9aac61b53d1a77a740d057a
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
afd60f081e93bfdd3ae88f14119219e17d1ce9f48ffdb1bab92fb19fb8993f26
b48a0510a39e949184e762267407b9d7292b4fd69dcbf953b657c1e9cfc4cc61
b4e1cdfb6f5fedb404e343f8125401709ad3775e3fe4957792f12a65ce01cf44
b7af61bd3913727d7a31c8e925ec3b04b4331a193bb3169e107f0033fa554b6e
bd18b053f2bfde239d7c4d6491400997668a66973b4c73946d9c7c063e5b7963
c1c06dfcc768ec96cc85d8ccd84178009d9ee1cbe914ccfc9b13b713e08e0627
c2b349073b8421ec84bfd334c01132010daabccff2f8975a9d242720a37a7da3
c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b
c431b7004f2def447ab4b6b2e63e694f322c65162a22e689f91a69e391241df4
c4f0266f07e9360d5daf1957c2b5a7e6b6ba72b26aefd33d618cb3964d233f3c
c57d12293f57f1e020f5e8e5639cfb8fc6a7aa8b344c436b50c815193aedae7e
cb58784762e1f4cd581dcf26cbed00d1c44ad0db7277b41a20cc602c6c93a03f
cb8d0666c13925554da13544571d2415f41352d02e1cdeedeba08da748d6e489
d5792801335f11b32a948d51b64bb655b16f8767f5837f2be4c406715994752f
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de6ffffd5f4367c7ee296d63f52e2fd927757a83823c574e5e011c9502c03d1f
debccb5c80cd23ea5c4227a0c2c9d1a718c9de2b21f5e9d07c7833ebf585d3af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4893d19887d2089c821253b4287286e98d423f4810d913ceb50d07c7a211f4b
e6067dcd5dce2a3474610f14be162b671b90e8d916358d4cf324a526fb5e9ac6
e7d73ae35c3412dd12292590b041a66f83a14f7766041b8d523fadf78c8d7daa
eb1830faee30efb7bb46b0c461dcdb6dd8fd43206a0d94ab2f928504f8e4585b
ebd7119892157567b520f5ad116ee1397366510e6450d9e01ec2bf7747d9e494
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f03450bb6efbf09d31b7d62bd7b5ebe3e21ca4c132341b929dcfd2d0e21f133e
f183a02540b19ddb117ab6e690021755770b5f73784eded85066bab395c7cdab
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb9dd5cf50c844e02194374b27804853a6765744086886a8213559e2a8fd331d
fbe544d779209c2f0e35452ab66230cbdd4e2db3f2dd935f9c558999ec6de175
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.uptycs.com Open in urlscan Pro 2606:2c40::c73c:67e2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

95 Requests

98 %HTTPS

87 %IPv6

25 Domains

40 Subdomains

31 IPs

2 Countries

2893 kBTransfer

4806 kBSize

13 Cookies

22 Outgoing links

Redirected requests

95 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.uptycs.com Open in urlscan Pro
2606:2c40::c73c:67e2 Public Scan

Screenshot
Live screenshot

Full Image

95
Requests

98 %
HTTPS

87 %
IPv6

25
Domains

40
Subdomains

31
IPs

2
Countries

2893 kB
Transfer

4806 kB
Size

13
Cookies

95 HTTP transactions
3 data transactions