Suspicious calls to testgvbgjbhjb.com

On the last few days, one of our endpoints calls to testgvbgjbhjb.com

I used TCPView to find suspicious connections and checked if there any unknown extension.

The owner of the domain made it a 127.0.0.1 record and set the next txt record:

“The owner of this domain does not know why your machine is reaching out to it. Owner saw suspicious traffic in multiple networks and bought it.”

I read the next analysis but I can’t find the cause of these calls.

  • https://urlscan.io/result/14f59032-94ab-4b39-b7ef-1c0d33bc02f7/

  • https://www.joesandbox.com/analysis/199223/0/html

Any Idea?