| login.restorecord-bot.online/assets/web.a572a92ab0a38d32b311.js |  188.114.97.1 | 200 OK | 45 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/web.a572a92ab0a38d32b311.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashb97d0dbd751b156ed94ff7be9e299ec2 a7adab0116d09edf46e2fc7ddce04b410cac250f 866bf767de1021c0532594c9493db97ea678bb09641905230423d3276937fc9c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/web.a572a92ab0a38d32b311.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1c3ff-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a5bD615EtwssjXomf%2FLsPVt6tcpWzb0ADe%2FCRgTlchqprpe62l1%2FVcCQDZzkSWhZAnyr%2BvwTgcs7cYrA6vKd7cm6cLxNxmvBMOFwEpjEXukEyyux%2FIQZqA52iAmGXOc6LpRMohEEcRncULwinOUm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56fac81c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/38081.229b2d35737bf3f84541.js | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/38081.229b2d35737bf3f84541.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (21630) Hashc20b5e9bd89cd932aec62501526bc4af eb2f709ad66bef7b20d4ecce454b827cb5758391 b4c9960af0c70acf545990b29eab7e4465caa262df425c820907bf259da27441
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/38081.229b2d35737bf3f84541.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"54b5-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f3fYiWtmVdkq9omtLth53ulN9maWf3tnG5CJ9MVFfU33AlNk3946AQKWljBfNz2njubd1fhFm%2FG%2BRw8sVEEQjhoernEqQvtwHCfr5uZ6N9pfEFEWR2p7iVi2FzR6PmGhn3L8tLnj1cXmwLyKFXtD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa641c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/94381.75805595bcb471e9283c.js | 188.114.97.1 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/94381.75805595bcb471e9283c.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (17283) Hash1d9461b1a5901db3a1913721102de7f6 b5aaaaf164bd8d45b150d86ec7580dd08743efc3 8fee5c60698b99ceefb3b9443339bf6ae1b610b3e5df65ef668eb1dbc8643dde
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94381.75805595bcb471e9283c.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"43ba-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELIS%2BTHFPYFBVEr%2FXSNJs%2BI4hrV3m42%2BqMfojv2GFPmJgY%2BzWB9EcrThOZceOnS5DgeSaIi%2BOl9pQYBHh4HqSs%2F47mY4jiWlSj%2FUaYrbgys2ljpGAdgyNpSfVjV0FZB3lcBnh6AceltQSuJtDLSF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56eaab1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/40876.477d9a39902b14c7bd0a.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/40876.477d9a39902b14c7bd0a.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (38897) Hash167366b2e3d129cc3dced1a4e7dbd82b 62a0800ba5389dfb92136e31c08cfabacdccb8fe e943c9ed5fd4c16dc88029340b62dccd9afb900ed4501c7bd14e6264a34df983
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/40876.477d9a39902b14c7bd0a.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"9828-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K2EsD4Egln9S9DnRdg%2BOBggbEk8oWSDyzyVRJMVXjtjgPZ%2FanRVmgW3qVT6nkU8BbjuRLpbfVurSQXF9GeUyMf1frYEqQTcLefTorPFcg3HRpiEPvARmzYKd24grIEfLXBO3F%2BoFGh37T9cWs%2FoZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56eab01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/11538.db58e10c3c76859618f0.js | 188.114.97.1 | 200 OK | 9.0 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/11538.db58e10c3c76859618f0.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (30244) Hash7f54de7efa90ea0e15b1c612bad83249 1a5edff4e5621f3f3fe3c536c18cd787872aa17e db01fa5a4d163102243a550ad6e1f79763c2b718a1e4e1261bbbaf0c548f5b2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/11538.db58e10c3c76859618f0.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"765b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cSlUnHXO4%2BX%2FnYOlnXlSt9pB9qBi1YHheyxH4ZGW1U3Tl%2F5i63Jt0n8LoUl5R9w0Ffzu%2Fe4AA0DCILsukJH552UqBLERsgKzh1M2GnuMdgU3ddH%2B8ksH46jO0K3aefI5iVvcuEHE5er4Zt6nI6ZI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56eab11c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/25f1e66664a140ac84c9.woff2 | 188.114.97.1 | 200 OK | 182 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/25f1e66664a140ac84c9.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 181532, version 2.459 Size182 kB (181532 bytes) Hash980082c4328266be3342a03dcb37c432 4179f54fd61655067a20a2b37224fde3d8e5024e 1b03dae61d613604b3d41d61cc4bc2e05f19bd27c7ff2638242f9036f2b8794e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/25f1e66664a140ac84c9.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: font/woff2
content-length: 181532
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:09 GMT
etag: W/"2c51c-18d28d95808"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOo1k%2FP9NTnythcjrQffPpWVub5%2BgQH8kltc4oR%2FQRMUnNBn8fXJjfFzcyfg56enjSLG4BgrlpC2xvfQV0RvURW04zJb%2FkLMPoIxabbQwAHZ9XpZVVYjHyf%2Bf2JglUgfeZ6wRoWsfI2wyC7HadA0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6c9fe61c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/7273.654bf842a369e2d3de94.js | 188.114.97.1 | 200 OK | 135 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/7273.654bf842a369e2d3de94.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size135 kB (135390 bytes) Hash8da1faca35a6cf1029dfc42e48b9c810 45f463dd73d51dabbb399d6ae6a4c1f16019e50a 14acf9e94dd9a0cb4dc91e43f797654258398f2c91ce40aff16960d049111125
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/7273.654bf842a369e2d3de94.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"7626b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FXWdxq%2B5WaCC%2BV%2BoQwz9799a7i5CYZvvgLhK4fJr%2B%2BaVA%2BQnjWHmiws7DfYhk2SyP%2Big7cLDbxzLV1yJO0dtLoOW6lV%2FdNPuRnqUUv8zIfZkAncOy4cVhg3%2F6PejJWC3T%2FGX0Hko%2BNZ8FE2CVz%2Bv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56fabb1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/api/v9/experiments?with_guild_experiments=true | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord-bot.online/api/v9/experiments?with_guild_experiments=true IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hash530575a53142d8ba7fdffe343f4af20f 22a505c56cb59e6414a537dbe549222e60e88abd 0885577bc54ddfaf5191d5820e98ee1482e050517be5f4ea5fc1b3609fe73f96
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /api/v9/experiments?with_guild_experiments=true HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Context-Properties: eyJsb2NhdGlvbiI6IkxvZ2luIn0=
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://discord.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-Resource-Optimization-Level, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GgDQpgqpu6l8udU5xW9pJ51CWTtZy0rFMFYsrbj6FHudLu42f42Q5dYz8MZA0hCE47un91a%2BNLj4Ldy3iz7zh950Ke7z0bulvTefEbSQPCOoJlEe6HYCwj5rYSEs"}],"group":"cf-nel","max_age":604800}
set-cookie: __dcfduid=f975e29807fe11ef94b01ec1fc053aa7; Expires=Mon, 30-Apr-2029 21:08:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __sdcfduid=f975e29807fe11ef94b01ec1fc053aa7b355260b45eb333c2de118d89eb0317c90dfcd1298513b65d3fcdc262e152af6; Expires=Mon, 30-Apr-2029 21:08:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __cfruid=d72378c7edd3de23d2ee1b8a156277ddd951a934-1714597716; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=tG2U2IV8IqW_clJVUNb3D3OKZ6e.030RTVycKR5MPro-1714597716031-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 google
x-content-type-options: nosniff
etag: W/"90d7-IqUFxWy1nmQUpTfb5UkiLmDoir0"
server: cloudflare
cf-ray: 87d2bf683bc51c16-OSL
content-encoding: br
|
|
| login.restorecord-bot.online/assets/f84e3e81b8d0718cd917.woff2 | 188.114.97.1 | 200 OK | 65 B |
URL GET HTTP/3login.restorecord-bot.online/assets/f84e3e81b8d0718cd917.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with no line terminators Hashc0caa8227e2754f8440029c42df9f7e9 cc2f0e3655002fdff933711fabb53d63c23cbfbd 89a8e6fe1c595fb5fe77edd74ee8990458ecbf2941bb44e60ce8d96b6fde660f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/f84e3e81b8d0718cd917.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: font/woff2
content-length: 65
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"41-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBwCui3waM8uQu9tnNVX0nltR8lCwtEPBrpIPHxW4rEjxGAYnOIEdkYuaLANPcqW9MUI7xcUrBF%2FAbxCUIpy5LwQ%2F8BxmEX6Asqriqo3YpRkFHw83wKKOPpMWwleH7TQbS44kOygoZjlzdWX8TjR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf700cd31c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/api/v9/science | 188.114.97.1 | 204 No Content | 0 B |
URL POST HTTP/3login.restorecord-bot.online/api/v9/science IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /api/v9/science HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Fingerprint: 1235337099390095483.MVVJUgzmab0F_02FJxRaG0nKH1g
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
Content-Length: 1026
Origin: https://login.restorecord-bot.online
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 01 May 2024 21:08:36 GMT
access-control-allow-origin: https://discord.com
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DDBTwLcE8DQEIH4VtDjqb%2BOBD0P%2Btax6q2YY8UZvc5IrEynremqHfWRqtRT0bRznShTJpoxlXIivEyVE4tBapoz%2Fo8Ik6uKXHp2ZiqJahVLcc8kDxs3eA3jmWnAj"}],"group":"cf-nel","max_age":604800}
set-cookie: __cfruid=a9a5cb460db4365460e8e1a60ca492e8b48a56b0-1714597716; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=p60.15fxmEO4yC3vQDGGqDRvEl.m.hbEqPU3kB86giE-1714597716572-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google
x-content-type-options: nosniff
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
server: cloudflare
cf-ray: 87d2bf6f9c261c16-OSL
|
|
| login.restorecord-bot.online/assets/adf75861421c2a6a6269.png | 188.114.97.1 | 200 OK | 1.5 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/adf75861421c2a6a6269.png IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced Hash092b071c3b3141a58787415450c27857 d7002b9404799e18bab34e931a6f2e23ab1ba3a4 f1ca5949ef43d0a6130a1176794b4b38b393f2638c6cc5c2b8449adb6ed3f144
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/adf75861421c2a6a6269.png HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: image/png
content-length: 1532
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"5fc-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qAjZHTYXH9QWzD6jiZLvWbvHtObNgP52NUC3rGbuXRXUAhN%2FHU531rdYERoTLN5f%2F9w54GL3PAwBQFclb1UpYRfCevZqWfpTMEKOfBug8JhEJCvbjfXNn800R0%2FI8kgVZaRsusuh8%2BHNCYj7wNEk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf702cf31c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/98106.5d0f74b94113ede84656.js | 188.114.97.1 | 200 OK | 32 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/98106.5d0f74b94113ede84656.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash052c17e11e732de852f587cb1fe2cda5 31a92c74ce4c31c741d43570106a7086c94362fa 52bf56ddfb5538d260a9163c9fa4bd213fb2b79ee3da2a2cda4de6c37ed53ff6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/98106.5d0f74b94113ede84656.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1afee-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0k0%2FoCaJhKA7dSqxagoj2hs8fj%2Fm9ZrO8M37YZPIbvQmKC7aRBgtzTRXZZWwbXR1lWWX%2F%2BpCiKRxEvkjsr500LzkFIgbrPgx5d3ws68saiP%2F6z1uerIVfMPFhrrW%2BzA1DBSlcVNhMScrV2pkxVc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf69fd541c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/e0ece3c23b33d18f4d00.woff2 | 188.114.97.1 | 200 OK | 187 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/e0ece3c23b33d18f4d00.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 186744, version 2.459 Size187 kB (186744 bytes) Hash05422eb499ddf5616e44a52c4f1063ae eab3a7e41cbf851df0f0962ed18130cf89673a65 c1d71bd80fc3ecf5ef1a97092a456a046d55fd264be721f2a25be3e59ccb8b2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/e0ece3c23b33d18f4d00.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: font/woff2
content-length: 186744
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:41 GMT
etag: W/"2d978-18d28d9d508"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KShI9aoo3yKJ%2FQJJfCdUnVxqeb5VFO4NOYNkfx4LylDseK%2BYcmMPHpY2S9xu0Q6%2BEyfLKIgj%2BnQPhAtBZycknha0iaOHkUDkW0F%2Fh2ah0ANHsBhlFgYZCfzZAd4tiE%2B0AMP2d2pMxENVdj4MeMZ9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf712dec1c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/9a02726c2f8410020238.woff2 | 188.114.97.1 | 200 OK | 188 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/9a02726c2f8410020238.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 187596, version 2.459 Size188 kB (187596 bytes) Hashe55012627a8f6e7203b72a8de730c483 4c43b88403ec9c3053d74b4c502bcaf99f594c57 8390503760c8f26556001a28e7d95e4a237a4780e7ceeebf0853ce252fde4ba8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/9a02726c2f8410020238.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: font/woff2
content-length: 187596
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:24 GMT
etag: W/"2dccc-18d28d992a0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OFoT6CBre3MZ0lU%2BJqjX0vkL9if5dfE3ITfTE8kshoF647ON7yiFqzWFE7yitkKnWVApyqCDlGWEkmASroaqJxnJBOR0VHu8FnWv4%2BYDQ1E4VeZZeNsyAfQsv95wXykB1sIyKaPdmnf%2F8YCoqWS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf70edb31c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/67079.912803f13064d4c3677e.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/67079.912803f13064d4c3677e.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (23306) Hash2a521f7bf2072b4d3eabdf38c0681157 90cfe120f3d79aa5d4efed7a5b458ec27e2d9af0 d7cc40cdb7b530f4d0050c5354a295361f1550e1e3f3092b8e2758fc26006903
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/67079.912803f13064d4c3677e.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5b41-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RDqlKrnyxKQfoxCcR0ltMJ1QWB8tzZ%2FOhxVSCI%2BeuE5wO9DT5986ianDrsSw%2F9WyNmTWl6U2VObiWoAYr%2BzzP0vRv27n8XEXp6T2sz2D%2BDNzNIvSG8Tah2QHVT4Rs%2BAJBPltnHZvOrZSHuvPEDKR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf568a361c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/ee6b51adb64f6365352c.woff2 | 188.114.97.1 | 200 OK | 179 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/ee6b51adb64f6365352c.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 179380, version 2.459 Size179 kB (179380 bytes) Hash7cf1be7696bf689b97230262eade8ad8 8eb128f9e3cf364c2fd380eefaa6397f245a1c82 a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/ee6b51adb64f6365352c.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:37 GMT
content-type: font/woff2
content-length: 179380
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:32 GMT
etag: W/"2bcb4-18d28d9b1e0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yu28LD2hlSmPDYJbBRKXCj39dUGAbOn3xVvn%2F%2FpsJBmPJS7Ki4KbdnETLXHrKeQymaKl4C8Kx9YW%2BQT0RIkGH3qxodgJiHZ5eObp9QyauqNuzionIi4pzLJ4c%2F1A0e5sLTOnywDy1ryZBvUHv1gC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf70edb41c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/23356.ac12463556a44bd7b330.js | 188.114.97.1 | 200 OK | 306 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/23356.ac12463556a44bd7b330.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size306 kB (305714 bytes) Hashea40ae308128c34c5c2315acb36e7c92 66a9ab4bb72d4d334a0f477930bd9abc8e617a97 50b771c9c9d4597221d281e5ade7f69786b1c63b9c81c84c61073812a35cdd3c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/23356.ac12463556a44bd7b330.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"167001-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lrHXhB3Wk2l6h9dXDH40aScJgOVu%2BhprNYQ4Bn2p0A5Zkg03HbCaJiYB%2FzSNckrJFjuCWBg4aAhU0LQqTHYU1trFJ9eE2f5JaVhHz3EU54de%2BVjg8%2BRgVE9WyyJnBmtLlW6%2FHe8Su8rMmxcIc6If"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf569a481c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/api/v9/science | 188.114.97.1 | 204 No Content | 0 B |
URL POST HTTP/3login.restorecord-bot.online/api/v9/science IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /api/v9/science HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Fingerprint: 1235337099390095483.MVVJUgzmab0F_02FJxRaG0nKH1g
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
Content-Length: 751
Origin: https://login.restorecord-bot.online
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 01 May 2024 21:08:37 GMT
access-control-allow-origin: https://discord.com
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D79KtPGjqJyn1Q1PLuejPzxitdHcdg4vW4udf0jNdhG5XbXC8jX6%2FsFGsEnrxBgSHP6Iyb5wE3r%2BqBtMxu7jh1oJB%2B7ntWot5Ca9PZQw5lf%2Bv4f%2B2V6ORjlwMRqd"}],"group":"cf-nel","max_age":604800}
set-cookie: __cfruid=64b032f6685186bdbe5e17a4dbaedd5827545a14-1714597717; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=MsFcUFi80BroWDJJCgeWg0ykP.6Zx9nZu0xXePzt_FY-1714597717863-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google
x-content-type-options: nosniff
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
server: cloudflare
cf-ray: 87d2bf75ba641c16-OSL
|
|
| login.restorecord-bot.online/?v=2 | 188.114.97.1 | | 0 B |
URL login.restorecord-bot.online/?v=2 IP188.114.97.1:0
CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?v=2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://login.restorecord-bot.online
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ogoPEvHdiCg7QPZh3CLj4g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 01 May 2024 21:08:41 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KMk8gFZ3TzsUPmDCemrdHPcDvdc=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbulIqBQaaPfU3GzSg1oHkRybf8ixVQb0nvUaTxy4PJeWdKj3l6XwfTueu%2FElAYg4txJ16I64Ou5VJa21oqe0OQiEg95Qav%2FPNwJ56LbDWg%2FATmLCfSumJGfIOnkyz5qV7hPrpMr8E936EzViNdH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87d2bf8bdc27b4f9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/8f581f91e7e650ac87a2.svg | 188.114.97.1 | 200 OK | 5.2 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/8f581f91e7e650ac87a2.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hash70275fe3104cf1d3388586ad8ffd478e 473ea46f5b22b5c7d14c39ee9c0c82811593883b 3269cf3fda7681388472225bad39b6bb3b26088a0a03b6cd5796195f0114ce13
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/8f581f91e7e650ac87a2.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"89-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kNXYTKP6cu4r6vx6V9BtHD%2BMcxrzAxf3yPyqySxeoSvk6Wwqlb67T09qhBpppNd1WBhipDprXIc5bQyn9N%2BxnJb6Um0n38bl77wU2zk9FDbUHITgze9dAePiZ4A27rUWo1b71qtoCmlRu8enrSjU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a8de31c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/?v=2 | 188.114.97.1 | | 0 B |
URL login.restorecord-bot.online/?v=2 IP188.114.97.1:0
CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?v=2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://login.restorecord-bot.online
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Cj3dIVnsmSSMM7WQww0Qxw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 01 May 2024 21:08:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: y0u8AgsYVagon9yKcIgaPNnubhw=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hY0LdDfZb7G8uH9GaaJiUsdMEW0S3s8F3P%2FYzJfIoD68Xa384aZampMHNT7b2YNhx%2FJW1Ie1PDVwZJ7fcXk1qw62j4PdaAj3nY4MgIg78rGuz8LzIU%2BwHXc2KsM2K2Is4YMOQ8h4JEa%2Fi4qJJ2J4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87d2bfd4aa555689-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/89261.02ed5e657cba70087452.js | 188.114.97.1 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/89261.02ed5e657cba70087452.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14959) Hash792d2294c9fb0e7d0a07bff3abbb0d0b e3ec35950876ae2e409e65759d0802c00a91e40e 2d3415e0b866788b07564eeec5035c17ac14645fd13b0bcb9bdf71b5f66a1e69
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/89261.02ed5e657cba70087452.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3aa6-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qSXXPON0Nfqb5fNxY08BfYZmSuELwf1f5KlEvM66F3dDH0qUKgbOIuERy1vPlm%2FZPEc8d0MwIkasQW8xtNHTs7PSrbF0wS3clpZcXkL4jtik5xAMhTIvSIUwU6Er5wU25lZuzBw8N27aSQAhpF24"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba6d1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/shared.6fd41c763b4cd504862f.js | 188.114.97.1 | 200 OK | 119 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/shared.6fd41c763b4cd504862f.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size119 kB (118990 bytes) Hashf2444e4ebe925f193c83f692cd8766e6 9d0c75a19d0693743e6429ab8da62f70184426ab 957af5a5dbcbbb943faca25af701c1a3d8839ad98d55ee5aaa401aa2f117ea8b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/shared.6fd41c763b4cd504862f.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1d0ce-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DRwgd8aqJcfC%2FArjmaKMDLBOBakH4Qa5I4B4ZdS8FQmbUKAF9CKXKE0P7rgr6v2HS0TOlc86j%2Fu40lh6u1EzGJ00js8n8LpmbnvmKC6ZylBUiCtiW8JxMIC0en8b4HRbceCqxwjRp7Z4mqkqFt1R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56199b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/78033.af8587a9881dd8fba471.js | 188.114.97.1 | 200 OK | 1.4 MB |
URL GET HTTP/3login.restorecord-bot.online/assets/78033.af8587a9881dd8fba471.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size1.4 MB (1402833 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/78033.af8587a9881dd8fba471.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1567d1-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujshVw32RLfnPYVLUB1zCs6P57ynBAsM4anT71SRQL1tiBY5YWopwVcmgjd509gX5UiY9pGmOVks35PrbERJXyZMnNqBLPWGPEZTBL7YNsjdFc6XCX228%2FlpsJklP1cPwUG1ge426jmYZ4%2FxJS7Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba7e1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/1af9bdf041e000508e41.svg | 188.114.97.1 | 200 OK | 137 B |
URL GET HTTP/3login.restorecord-bot.online/assets/1af9bdf041e000508e41.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hashde7079c084523cbb534e908927ab5519 cd4e81dfbcc142ff38ac775c9302f26d3bd28fa0 b5d51114897461dedb697b36086385bdc8b62f56da6914fcec198644a96aa65a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/1af9bdf041e000508e41.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"89-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hIcXpEQh70bGOyOYuvEgsWgcAva5H9gniUlWIeiliTY7kWcSj9woqAr%2Fblmq26yAgndRURFmrj%2FxuPyk0%2FVeI06xNr%2B77DlS3J1YqB9e%2FqHEz8twG1k2jVnvJSwKsBbA0ljNy4aTLHgY72NjRWXQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a8dd41c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/96897.008f2a416a4c547f02a7.js | 188.114.97.1 | 200 OK | 8.9 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/96897.008f2a416a4c547f02a7.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (9305), with no line terminators Hash09526b3c9921a6dc860a1ad3e0b0bbb7 8830182678c4c396ec9098dbb522bf8124196a97 9c1e6291fe3e409a901297061f201be5ea9de639ca97a63badffdc77f50fbce1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/96897.008f2a416a4c547f02a7.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"22bc-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WlcATDHUHGZF%2FXuxk4c8HnER%2BFqJfJSHuWsuAXmy0LHa6GwBoL5NtK4I5g1pxoxGb6jpUkOL1XeipDzqQ6e9%2BUhRdKmeh%2FsrWf2lickInk%2FbMEm4J%2FpYzjGHb6rUWSvwWmf2EmrTDhgy%2BzYIy1VF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba6f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/69628.7b15742208fc0d4aa02d.js | 188.114.97.1 | 200 OK | 91 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/69628.7b15742208fc0d4aa02d.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/69628.7b15742208fc0d4aa02d.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"164df-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2S4ebAmqeDC0BtHBAf0WceYo%2FxPPXCfLg8%2FBRYrYunKmAL1eNR0cpYSrMr857E5hL8OpCThemtnxv7tG6lOXnJ16JneCN%2B5GGW%2BbkM3LzE09EEvZUv3O4L%2BQk7jCc3v%2BcPXzoQOrbRfFlZ3D8KJ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56da981c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/7442b576347c1d02886f.svg | 188.114.97.1 | 200 OK | 395 B |
URL GET HTTP/3login.restorecord-bot.online/assets/7442b576347c1d02886f.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hash3e60ff1de94af19ce4bc825b9d2fd18a c5a4ae459f6596bdefe85021f198826e316b4198 8a32440759eee1d213b1561c980ebe7856fcaffa11588a4b7131cf83fb1c2092
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/7442b576347c1d02886f.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"18b-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2BMbIv9fhnBq3jWjzTUeamXwu4S3j7mRBToPau6dLgSpHBjx0fJpAONhsEvc3p8JQLsx6cd7sPKx8XAnZ9koOeQo7vKerEgw9rBpZ%2B39qWRJavEzWwg3SEXBGBsrDZxyG7jUjS%2Br1LhwKbNckidH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a8dd51c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/482.6e1c86f88a37a71d42ec.js | 188.114.97.1 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/482.6e1c86f88a37a71d42ec.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (20577) Hashba0cca7d871b0de10a4344be2427733f 4d4149acf6c6694000b0b4a5f18b4bff6aba6878 066deb7f1b943e4ccefdc62fc9dc214596787f8904a464de52bbaecf02ad8d86
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/482.6e1c86f88a37a71d42ec.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5096-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VJzKRhYg%2Bi5WUpxlHapXWrrnUE5gJg3C%2FTDnvpu2mLOHCJ3MIi0NlD1ETt6g3oj9j2Jq9J8ofT9Cl07GpVrXSNsmlYSo4TU4S2ukDuTxeiAvALG%2Bky%2FdAug54n%2Bo3qsb%2FoJIINGi8ozcmMopEQd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5629b31c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/19263.fe32553ff71153cb7656.js | 188.114.97.1 | 200 OK | 6.7 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/19263.fe32553ff71153cb7656.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with very long lines (6802), with no line terminators Hash22004ec800dc7d91289b0f2b29cfb22e 54698e8664becd4ffa7f35cd3eb3be9d9c357ce1 3031275133c2f739865c83543d1130f56f98a103fcb5548177c7cd026f5de85e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/19263.fe32553ff71153cb7656.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1a57-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1LK67Y1lW4e%2BhzVDU6Vd%2BERjM5t47OMtT9Fr%2B9dcCS54X4rO0QchRk7ZSCYhmDz9STy4xUsy5c0Q7C83FvDdrYD7UGCIKqJGaqDC2aFhk0RJlWJPtdlPFGXEvIPHgDigl3MRGPGbH%2FfGtyrBtSc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639b61c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/34426.9f82349d8cf165e1b07e.js | 188.114.97.1 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/34426.9f82349d8cf165e1b07e.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14800) Hash495af705377c93d5c53e1b8c3b14d883 16ac3e41a677731e5ced48142c2949a75154fc64 83edb478f8ed6fa71c304bd0571c29d682453217ab896bd84fecfc4f2e42b2ac
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/34426.9f82349d8cf165e1b07e.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3a07-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9srbkG9KUq4Yze2KiAcyuhyVCL3y2SATdmNpKzohA5slAU%2BOjrD8MEMVvUB5n9pzbsFV9njzpq%2Br8snZoVXbu%2B87NqblWt5S86WabyLrldUwI8Bclp%2BiM%2FNLrLvMU2OIIvdCGq02hzPKoIMVAoZt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659f51c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/41831.ad048c0163425aea4d2e.js | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/41831.ad048c0163425aea4d2e.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (15734) Hashaa0f56ed2b08f1029037fc3d27925069 87365d2e6e51333ebd33cdc51cad33fa7aa5fc44 84267bc281052f153133ac0dacddd98dfbf3edaa99aa2b60f0ed645e90d1c0d1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/41831.ad048c0163425aea4d2e.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3dad-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2BFYAO%2B81jY2ww83Nllxa2g5B1EwpNDiQi5uSoUtSUX20nfUtmd51SUCqZpmzvbOLg9QvuqDl2l3MT%2Bu67Z1tqdz0fHj578OydmZq3xiCGFY5YZzAj1oMjp37HHMcwkvLdiTbCjqNiS9IqJxgusU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659f81c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/37580.f4011cf1c76f3c28f15f.js | 188.114.97.1 | 200 OK | 24 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/37580.f4011cf1c76f3c28f15f.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (24059) Hash57c8c6f403f66b72ca058bfa2a84d58e e19ca14f4bb25d322910c510f04ef2429487a2ae 934565da3cbcca91b42b6e506c8586d87297ee0d781d1eb7a73d006641a5a5ea
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/37580.f4011cf1c76f3c28f15f.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5e32-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NWtTPO0GsX0PQFg3VJRlOoIVup%2BycRASCRYLwDIelt2060%2BP49ybzL8Rg%2FNSlC1bClUvzsS0cPSog2pLMkx70oMevgN34zgptI5uUgiyyiDhwWWYmcDsz5D3yvq%2Bh%2F8qQtB5a2Tre%2F4bhLH64get"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a071c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/47498.38da6b2cf2f487359536.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/47498.38da6b2cf2f487359536.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (10010) Hasha4ff99b0bbadc5f521c2a07f0f1e3f93 30b17f14702fe71f825a3966b652f65705ec3c93 6e2b1b73e8b8dbf90920572224e0edfbf56fa6e20d0cede00321cb2ac91c1254
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47498.38da6b2cf2f487359536.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2751-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KDiDp1C6Wk%2BPsh%2B2bC9RW2RjSvbSHd%2BTAyAyCJkFqwjX9mUldZ5uh83zYltP44my2j6dF16tEhahbL2%2F2ZBT9AujiWr4Q2ZHkd1LWVpJDCf0dE6ZZEQhffA7BFqr81ULItJFoGD42OpKXIsiny4y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba7f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/25653.f1981721227784f0166e.js | 188.114.97.1 | 200 OK | 164 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/25653.f1981721227784f0166e.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size164 kB (164235 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/25653.f1981721227784f0166e.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2818b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKJqzILcHQJOFFAKtnWOOCkhDXL7q0y5Zd0m3%2Bn7FNjnXJQZyTllhz4LvgBmWKGoQsMNcLS6rjrdAiS5TB%2BmQDlmG%2BQGkNvMSh%2BQ7lV9zw4R2sEap8HcUGlBFN%2BJAWy5C5SBKRZAJOMFN%2BK6Q%2Fd9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf57bb871c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/71193.ad9560e90cdc0645a7a0.js | 188.114.97.1 | 200 OK | 774 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/71193.ad9560e90cdc0645a7a0.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size774 kB (773921 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/71193.ad9560e90cdc0645a7a0.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"bcf21-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8WkGfQM4Nivkm4ybIx4dnWzCw8iTqSI41XM9ExuWTS7vPbABxY7qwoA7TAWaTa7nBxNB0Ed5MZt4azQoXND2Gel36ySzkNFSutbyB20XtJuQpX2LFt%2B%2F3jijtnc7ZT79SVKn%2Flott%2BUhvh4q3h0X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5629b01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/09563300dbb31ab193bc.js | 188.114.97.1 | 200 OK | 164 B |
URL GET HTTP/3login.restorecord-bot.online/assets/09563300dbb31ab193bc.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with no line terminators Hash8e42afb6be6c7e5cb3f80a429a9b38a5 9f69a17c261ecb637260673bf19224d146446522 e99ddcc2b404b34c865bf9b0476cbf22be543672d12349f58aa61d5905898014
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/09563300dbb31ab193bc.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"a4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDiInT2PnanVulNMrCeKLtZGrLXVGvQtYjhefynaydG%2BxviaaRyDTttJJeGIiDMY2mJCYS5BRG8Cxj%2B8hddtDUAOlAt0NK4cEdg%2F0%2BEnaUEgbDpIUDOdCWnS3F6%2BYg23i%2FmvG0SBViANk3OyeeEl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a7dbf1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/18667.a2153b412864bc0484ff.js | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/18667.a2153b412864bc0484ff.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (11075) Hash40ac4831e99b9248bfcac7f7dc820c49 ff2b273c92b32ed9a0849743bec41a5af5b9d3c1 b47a9d595f8492f38ccddba2d47641117fc6a8426d73db79218259717462518f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18667.a2153b412864bc0484ff.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2b7a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wky9bwQUkEQN6V7PMD7GUkIDp84gUd4i%2FG3eIGOJrHe0HneI0R8Sz6Thjm75XY24S9DeMFpoEtje%2F%2FuI5FuQ7JSU6BsyEN%2BV2PRyvojdzXGmdCfSFnG9fHh%2FSUvgF26jTpfCjmJL1jj8PztX2%2Ffb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a4d901c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/14786.f948127b41553ade279f.js | 188.114.97.1 | 200 OK | 179 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/14786.f948127b41553ade279f.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size179 kB (178740 bytes) Hashd69e56d43eca67fdd7b58880418dad05 2c978cf96ee924c1eaf3a8e7f4f7a1df8a67bde7 1e625e5053b23ddf6c8c3c0775e2b7f865ad1fd8e34a3b67b0b12b714dafddd2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/14786.f948127b41553ade279f.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2ba34-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m6Gv86KaX6Xmmj2qBLGGAg5T9oK%2Bw7QelcRvPnvvI03uBCbKXryEQPH%2BLt1OIA4XTyLSKDS52kvHAxGsiErT0oUBZ%2BMKEZZzYaPj9gPkbr2tQXwHPvHnEj68LE7Y457Mu21PxbpyVvgxcG1V492S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa6c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/78891.2eacf9854660d1cbcc66.js | 188.114.97.1 | 200 OK | 8.4 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/78891.2eacf9854660d1cbcc66.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (8513), with no line terminators Hash4864c337a44bd2d3badf7670471a790d f64d984f97d5a1acce5a839417b7aa0f61a55095 3a7141586692ac441533e43942e1aefc2d326389e094aa7c78834f8e3ad48da1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/78891.2eacf9854660d1cbcc66.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"20de-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VvMd4CNUwsHSANNlQs%2Bwe5EhAjpfHhVcxZtIOWATOy9HwRsiqbFySTKoG1s02Wbo55TkM0gErShDEYi9xyuCxxe95YYZdAGsPBH6B%2B40kDUGwbTkvG5r6DWdpCOYsLLj8ESK4xz0NLzaRd7kueui"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56da951c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/1f3e315f020ed5635dc1.svg | 188.114.97.1 | 200 OK | 180 B |
URL GET HTTP/3login.restorecord-bot.online/assets/1f3e315f020ed5635dc1.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hash7be3d705f8fd758f30fdb6d593364954 469caeb23537d7152c40fca8e5a8c9a03013eb07 907d7bc2d1af895ac583237f9005822ad480c51fd03618f5a7819c3d71b62424
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/1f3e315f020ed5635dc1.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"b4-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5UzR01jrYg0k0YFDqJz60AqW56jFaYXohLA5Ms2oWzobz5Xs1VyAxaHe5kxFrvlkqRyjQzBnXUqZlz9JBFo4jiSs5xy7JxnIEplHBe1mPLYy3QYACoYjgKUufS7017FNEJ%2BT9nD%2F7XlwZcqF%2BtDK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a8dd01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/99742.217a8e519977f9b5cbf0.js | 188.114.97.1 | 200 OK | 18 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/99742.217a8e519977f9b5cbf0.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (18014) Hash1960cd6ad791e73cdcfafff546853923 0ad17a1e5860279e6885d8d94ee0e29a1730d530 13c1c620578fee12330a7c3c003da2ea56f487fe471125b76add74f74d0bc36c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/99742.217a8e519977f9b5cbf0.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4695-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7T0aVxViUfkBamDgMxT7YzY%2BdyTnesokGcylydO0lO2Tdfhf3BFmNKNAQ7jUM0DJZxtBLxSdaO72hHgo78Q65GKN9z1KpmxLqLXIb4V8fHlMv4bUYYWtvWcEGTGDADlievoIOWWs0Z6QmrFxAOkC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a121c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/52033.8c199987fcf5a97f2ee5.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/52033.8c199987fcf5a97f2ee5.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (10438) Hash8eaae7e1a96c8c653d0d85b3733e705f 5b7a6b708f070bbdf46cf15e3c613e3e60896260 83e5ef5e06c1625afe2ad608af5ab6b3dcf13652395d218b8f2a2442bb5791c5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/52033.8c199987fcf5a97f2ee5.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"28fd-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4F7FiQQZGqsNIGZTlLqxLPIMUPZoV79HWiekwIn37JaGf7JLg9C6KW%2BZu1xCRlM63dLJ3Iq%2FB1%2FGNRrKoR8ZBwtd4BC0%2BtyOo3Tm0mWNbTyapEGBs7XmUUOMeoA9D01W9p1jI%2BGLiCWUM1uVPdM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a4d941c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/d8d8bb7602e34b57bbef.js | 188.114.97.1 | 200 OK | 164 B |
URL GET HTTP/3login.restorecord-bot.online/assets/d8d8bb7602e34b57bbef.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with no line terminators Hashf82bf1c23c9485e0017406246ad5bd7e 6edc2406e77fe53d60d5c955b76b6f34a5b3cd59 f110fea7669d1c9ada9bc6f23ebf0fa2ef1d58f2fc98b30d6d25de027a0b8afd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/d8d8bb7602e34b57bbef.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"a4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TFREVBfkBGzUzLtfS9gi5omTXOFAhQZ2FMp3CIr3WtU967pP%2BoKnU6Uhs67FVSsBI9CndQs6r6e9iI1F3BduDSmVOdGvEcd3OLGm9ioGl1YZ7UxzF7qCpHdq3%2B0nnxTVmNGTM4HIFLjVqKIxxFL0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a7dc51c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/47470.c4ab7647d25b8ac58ca8.js | 188.114.97.1 | 200 OK | 312 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/47470.c4ab7647d25b8ac58ca8.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size312 kB (311789 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47470.c4ab7647d25b8ac58ca8.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4c1ed-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zPCj52fVIFcXV0uPRICtW%2FkFXcESS4dNvQJs5Nm9tIuvRm91T3z5qcRAlvTvLXm9cGYvomSSsQT0nULFzpf4DMhwId3Gej%2FBA2r7hyyGyHjy%2BS27Q8aqrs2kJBgEUSelEWi71aPPXtYRBQtn3I3Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649cd1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/13942.42b3309fce7f57e5eb63.js | 188.114.97.1 | 200 OK | 141 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/13942.42b3309fce7f57e5eb63.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size141 kB (140709 bytes) Hashb57f45095b443009c496ab1c1471be7f e9af53d0e3e3ab155abafa07d23c79dae2c71f2c 408ebf752cddb6bc3782d7266fa4a7aa759bb9d4255f8d17cc7aade0ecb971b5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/13942.42b3309fce7f57e5eb63.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"225a5-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FGj3N%2Bf%2BT0npDziklhsqKjzE6UYZA6M20lgmoI8%2B7RlaFQO%2F4q0z5daXN8g5jn2TVh3CD88ek0miOr1og35BQMhUIs1vSlJzcayK0xTFrAvpL1z5t0G1El%2FnJueErRcwBnaR3c0pNZkXhd%2FtnWqn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649d41c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/56145.19258dcaeb421600cd44.js | 188.114.97.1 | 200 OK | 213 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/56145.19258dcaeb421600cd44.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size213 kB (212738 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/56145.19258dcaeb421600cd44.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"33f02-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xgWjKUIxFcDyzRxIEtldpmZ0ihIG%2BHFYIuWtqS0TBMa%2FGFaBF4FKPIPuhGo3I7ivV5ngDdg%2FIONm1DE3G28AoT21dOUeSRWXnQd8LhzAe%2FNazn9gIKk0eRRSGHC%2BI7m%2FFhPEL2O2djQCyPtG%2FBOp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf568a371c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/58409.1811376ebb7f14b0be53.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/58409.1811376ebb7f14b0be53.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (13964) Hashb04469c4ff1a1e4369a1238f1a6e7e13 baa699271e0bad0d5d568f5d0cb2dac21f5a2d0b 2dc6a1da0d49480f89ccab794ec25a14cab0ca4034039ae26e39faccdda82a50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/58409.1811376ebb7f14b0be53.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"36c3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=etKQRRJNkcfIGN0YgVdnHvpDzrK9bkQizFjuKdJ%2BQC7iZghisk083A4cLl6y%2BFg6pQ8eIvZxjrS4QS9%2FKGFzH04OVPaJADICav1f4T8AEyhlhyQZiUL4zu0sY%2BSZu%2ByHWxFhX7wuEwY7%2BVQZD8n7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639c11c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/94288.dbd73ecb6b1482a870b7.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/94288.dbd73ecb6b1482a870b7.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (9979) Hash38d4ac71291ec9223ae33b9ebb5a4e89 7282b3fb164396d9510224b3040a89902c825546 9a8d5847b100e711a41231d5c45682b01b8173438f96c52667fd872976c18cc9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94288.dbd73ecb6b1482a870b7.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2732-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rDmmA%2F33HU6FOJ7rtr8BtklRzF5ngF%2FyB0Urafya3IvLp83Y8%2B%2FZAPCqMsrxYgB4noe5nm6ttwk4bjDVvyL5aKBSB3eGeLzDuILGTp0hjM9w%2FPfUe8c8JDZ6W4sCrsNo7EoYl1Gn%2BG4Sm5ITLTrW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf578b4e1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/b9811218b3a54ad59fb2.woff2 | 188.114.97.1 | 200 OK | 65 B |
URL GET HTTP/3login.restorecord-bot.online/assets/b9811218b3a54ad59fb2.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with no line terminators Hashc7621ccdd6a8ca9b681b2def747d72a7 61c3dbec477606bebcf5d6ccb58f26659651d0e2 135667d8b38dcb9372bf4d65eaa44fa5438d0b06831a2cd562eb82b8d44f4098
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/b9811218b3a54ad59fb2.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: font/woff2
content-length: 65
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"41-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YtSInpeWwu7Bz82cOL%2B%2Fgj6DPQk%2Fmci7hNYjQukhZqkP5er7wUkJMMVc%2BPwf9oGiilkLNfHKAcCJxeKSHbv3YHwOfn4wNO2EZeiJoD1f8hSx7tTTqIbeqqAfTTBB%2BnpeD3%2FzWd46w8fdIjxzsxTC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf66aa761c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/6eba4b5678bf2ff1c053.js | 188.114.97.1 | 200 OK | 45 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/6eba4b5678bf2ff1c053.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (45008) Hash837a213770a91c0bac5bc9e9c90010f2 0607bcf00f83d5529a1948a9214e8926dcf7348f c615595bc0fca0392ff1f30597dc0ab1cc6bf06493ce2f283bc30736a3083c30
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/6eba4b5678bf2ff1c053.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"b001-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gt0tvg%2BeaYZyBY2ki4uQjF5Ar9o6BevWmMGXgRJjU%2FDOhZER7u62deexie4fjnzwNLewhi%2BrZbGEafZ7ikPT92yZRPJOAXDRDqFPAaqtBFK0dmNxq7BQOeftm%2BxW3ocmxTwvgxohPYBiLp0avJo2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a3d801c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/?v=2 | 188.114.97.1 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1login.restorecord-bot.online/?v=2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?v=2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://login.restorecord-bot.online
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: NnbcOGMp5ApVbqBRewFFGA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 01 May 2024 21:08:36 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FYzsymFGYgvklwI8yUwUYMsa/QM=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NpP5LM%2FcAIKbG%2FOhtChuyhscm09KThE9XaK%2FgoDTazxpTTrQ%2FbMfkNmXW%2Fb4DZttVnCt65GmQutN4xLbmL8W9Bcftcb0RtEjjhj2wXWdlNHoLEG964VLBanPPaq3nMWhlcBZEKOswlcp7nEuaqnF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87d2bf70698156af-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/53509.d075f1bff85f12b95485.js | 188.114.97.1 | 200 OK | 9.6 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/53509.d075f1bff85f12b95485.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (9755), with no line terminators Hashe9eff6bdc6b8bf132d282ab7e5a01c35 089fddfc575d1e95f64830332cd239ed1bd373fa 31a2beb20e1900be01f696441242a8abbd9f3f40dd8e9146d61bf141b36b4cdc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/53509.d075f1bff85f12b95485.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2592-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o9yuqU%2BFLrzyM8ZGAe0iILRwpYfRlF69AsQCG%2FIw5h18NoGNXeH9rw1SXksCqjefKBfNk5NWatBLEBWtVjV1YipzsC8JJCKHyxzEVG4DzATxicB8XQlIW8rKN%2FOY%2BsBmhGNSrE27h0RmMMI3ep7V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56eab71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/14875.31e886d6d1db8a56b5df.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/14875.31e886d6d1db8a56b5df.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14036) Hashb73ea7c5ff12b5ac922cf837484b41d4 ecb0e464f4dc99dc4c2a88a0af3a5e80c8cbb0a2 558da14d878234c5150f3875e25a8049954a5ac6446595d3f58ac828620a6389
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/14875.31e886d6d1db8a56b5df.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"370b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvVMv%2F4M1P7gik04T66DuLHBBzY211MI7fIVBIVy93sF0RSxweBoe1ABKWBKw8ZISoFeHKoUG8rE2RnBG9lW8jFMm3jZ2ElWoNcURlNP9tCfXJQ7zWYF3F6ieXqWlGaxthbtLjVlLFB6qKvtUwy5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649e41c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/31897.ec700144df6b20f401cb.js | 188.114.97.1 | 200 OK | 6.5 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/31897.ec700144df6b20f401cb.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (6675), with no line terminators Hashc541881b1eb8c6fc9ef167b40d30b518 b18e4deb44d3a876d671cd0c32c1cf60512dd342 b45ec7b4dce9bbc331cb5b4af670a517c046f91c6cc8d32f04c143456f3bba9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/31897.ec700144df6b20f401cb.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1970-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8AOM4cD5ZpWLzfC9J7rXIhjnOysnt2lKeOHQ6Hb%2Fz59AE8PWCYyZF3OB%2Fo7g1UvLd9Fn0v93DrRupJZRZZQYzvh7X5WaUtOgpaRztYD9O04Fjlgy1cLTUVThr3cuH1D2BtYQ0qmg3xYlD%2FP8CRwn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639c21c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/8240.59954d342c818ac8b70f.js | 188.114.97.1 | 200 OK | 81 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/8240.59954d342c818ac8b70f.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash18dcf8fa835cfc1860e0869ae9711d8a 372560e730d7725d0d486544b57f7ca5a1e740a1 3bc562cf2f8191b1220d710ccb7cfba8dd0eca628055f0fc4bf98b0f8e7289dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/8240.59954d342c818ac8b70f.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"13b4b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i6pPrf9LeiXV31yeQLkBf%2BKR29Ka2fgqihxGoM3EWXxlBavpztLE3aXLnor25OUrlwUSp87N6mHc4NwxusXgapiHAsvUZA1NymA24v26ZXC0RN7k7bgS%2B8aYohZC5xtCQpQLzScJ9%2Bmri9o0l6a0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a141c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/3341.1a1f8595a0c8fc9f99cf.js | 188.114.97.1 | 200 OK | 8.5 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/3341.1a1f8595a0c8fc9f99cf.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (8843), with no line terminators Hashe26a8efc5dde624130372229258ab5c8 6fb44998a93cba1ead19a776409849a6c50bebe7 6302c624d089c3bcde5638a15d621c0f664857468478526bcac9b419ddc6d81f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3341.1a1f8595a0c8fc9f99cf.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"211e-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KrAHP%2B9mJQIPd01YpqyBW2dknhk70Be4Rq%2Fjof9KGrfuEXy%2FxUcaSd8Zzhl%2BpRpl3%2BOYLNHsaA11LYPWHgH%2BvqDsJxXl%2Bw7Tv4%2FWTOmJiJlz1A5YuLEEHj0Hg93Sgx7ESeRibyAC2rWP3IOyBP73"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf578b3d1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/a826e445dff97cf15335.svg | 188.114.97.1 | 200 OK | 2.1 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/a826e445dff97cf15335.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hash1ff7f50b770d68712d36c79ae6121521 e3fe855784e971e2c57de12e878aa073da7d31bd ad965cb39af806b0543af5c32ae34cd0b136dda9272e6d877b067cd00563e048
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/a826e445dff97cf15335.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"80a-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hl%2FlnK%2FzV904ZfaIUsB8gesR8U4ZcKD%2Bc0SbBuhuTsqofBbRxdSu5micM6jYDG7jczNSGXgIeAHWgbFpdfMYUT97ioTAAuTiAVNQLPZWDxN8izmJOq3RbHxh5XrcW9zytqsjrhB9gdHOCiilIn0y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a8dca1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/?v=2 | 188.114.97.1 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1login.restorecord-bot.online/?v=2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?v=2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://login.restorecord-bot.online
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Cj3dIVnsmSSMM7WQww0Qxw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 01 May 2024 21:08:53 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: y0u8AgsYVagon9yKcIgaPNnubhw=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hY0LdDfZb7G8uH9GaaJiUsdMEW0S3s8F3P%2FYzJfIoD68Xa384aZampMHNT7b2YNhx%2FJW1Ie1PDVwZJ7fcXk1qw62j4PdaAj3nY4MgIg78rGuz8LzIU%2BwHXc2KsM2K2Is4YMOQ8h4JEa%2Fi4qJJ2J4"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87d2bfd4aa555689-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/22918.9f2b9d54bbfc371a4d92.js | 188.114.97.1 | 200 OK | 18 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/22918.9f2b9d54bbfc371a4d92.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (18420) Hash5c6249fadadcf61985346cfe7e1b7245 0cd8c3cadd55dea165b09b350937732c9c63081f 79f170c6631891285f067a393d02bdc4aa9e270c83c2c0fc144882faeaeb71f2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/22918.9f2b9d54bbfc371a4d92.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"482b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AAy5Gk%2B0IuljMwl86XZV3gxAxvsOI61OW50FmHH1TYWNs81GVAWPLKxDN20T3VOjV0KTRTyj697n89jkFmEU%2BV479ythyLnCBPXJiraPGjcZEF%2FaDCrzx9zcLEVg2oP3j4plhD6DHXu4YomFoFYA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5629a31c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/60499.862663374dc7b2606eb6.js | 188.114.97.1 | 200 OK | 18 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/60499.862663374dc7b2606eb6.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (17610) Hash4ccfa2e22aa81b9717908bd2e198c04b 77c537671daf78c65664c86b2348a8901076b2f1 b7094a75dfa107fdacecb7d4de84339c5bbbdd4f7d138de620e58fcacae645de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/60499.862663374dc7b2606eb6.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4501-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0m%2BfCrelxkxoDJNNPe4NCawnEOUyxW%2F9s3dPelmHGJG8ZZ4cCGVdIO6gpqSWOPW1%2Fo%2F9gR8FDceu8eN4eZizO5sCgDESyoNdpm10rO3RywLdapgTemGHSGK1dIlDSwL%2F%2FhG08L8HW066%2BIOetK4%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf567a271c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/37102.04489c88475d6b93636f.js | 188.114.97.1 | 200 OK | 19 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/37102.04489c88475d6b93636f.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (18523) Hash6a056d7583533ca1f6f22eb59c25f71e fd9008c3477be5b59118cec1d51e0d5942e9511a 93ac8375ee2ec8788c40ffd8afb828f87d2e3b7a718f346cd92d353f32cf3754
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/37102.04489c88475d6b93636f.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4892-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yv%2F9XBhWP%2FIk5PStyphSv871jGCheyanaVX7p7LA73MWabMKFoXBRS2ARG6LdCj6naV2YDAjCltHzg9WU7tCKk8OaWySrBtaeddXS9oZeYPo%2FkEmPRyovmpsfmAB6zqz8ni6NxNSw1dBUkMLHjVi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf567a281c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/33547.5c46865f95647d249cb8.js | 188.114.97.1 | 200 OK | 61 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/33547.5c46865f95647d249cb8.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/33547.5c46865f95647d249cb8.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"ee2c-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W1jLLU1EL3eyxCZJXWOBkXER8%2B%2BSR4KkgCg4aJcjz%2B74RPwOcDXBTKA3%2Bqy6E9S7x7Wg1vFTmhnMhRVOZV8JIOnq8klcukMK5E7dafXBEpVX0GfQC5WFYsLy2Vyu96wKur%2FfdLZy4BeNM8118Pox"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56daa11c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/63550.a619020e4c7b3d5be7ac.js | 188.114.97.1 | 200 OK | 8.0 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/63550.a619020e4c7b3d5be7ac.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (8041), with no line terminators Hashb03a74e4793c52da60a440f2b73aea20 a845f9c25a2f8fb2a10e67468045286a3f0d5851 d64c4d797460c5e849a45bdd00b59075f1a415c2be3a2de56f719e7372534101
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/63550.a619020e4c7b3d5be7ac.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1f1c-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QO6KBXNfg2ZEQu1dGQiNBkp3KCr3lVoDEiV7ltJ6%2FdXAJuuHBjgiIhcNGX1uDXif3q1lBVRrOrdVzGDZgEbpLp4UhHaOrH1K3duGeXP6yFVf5FMVBzAAuckp%2FxxCs4dUfW9ur8nREP%2BV2UBdtfxb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5629af1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/21396.259a270b7e3f8803a333.js | 188.114.97.1 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/21396.259a270b7e3f8803a333.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14756) Hashc74d5b820b3ada88a22cf587816c396f 6234d885e01df794f61cb4f40f67b2fb9f7adebd f693e1a4e6fac3c7d5a97cf8ebc5e28ec4c1aebeab83580734ca143563efdb14
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/21396.259a270b7e3f8803a333.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"39db-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pAKwrjoWL1nx8Tkxr0KatJsk%2BkLzzL4O3K0MIR2I%2Ff0ImgE0%2FawWOsPOZqOxZILFANsS3uxgKiz32ZHGvioXGyal0yDdvZKthBaKNzLDm3KpqkF6crLdm8bvFC%2F%2BfDK9VOQ%2Fa%2FuUkrcxq9ktFWcC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5629a01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/47146.d5c177e816a2cf054d31.js | 188.114.97.1 | 200 OK | 44 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/47146.d5c177e816a2cf054d31.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (43856) Hash2dd911fe6af5b351702811c2d2dbdb35 6d22418ce848dafc32e9e0f8224fc6ce13a8efaf 40e9ecd17a864fde103d7ac450a265ed91814c0dbf4ab22f26df913e1f724969
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47146.d5c177e816a2cf054d31.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"ab87-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oqt8QbzYsOB1Xps8i5Vs5dmSY7RqI9g%2Fnp2xvquKzg6DTxgXQuUhHgiV4AZPc%2FY2d%2F7uk8E0xKNZ6P3jaG%2FErJ%2FnB3ahejzeRw0HgXSn6Xusfb9N8pB5%2B5uq5%2BSGthTN4QinwVx9RHC7TGkXvYHD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a131c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/58166.4ec31e1810af6eda852a.js | 188.114.97.1 | 200 OK | 38 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/58166.4ec31e1810af6eda852a.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (37774) Hashce66262030ddf4d78cd0600c1706bbca 195a3af6bbcd112990859fffef3a9b92a777788e e8d1036a715eff98d533a5edf5e91f079e9eb7482fe9c2eabd6df44d51d3eaf7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/58166.4ec31e1810af6eda852a.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"93c5-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hRDpDPqLvWOV2ET16WHm86iLi9OJcyj0S35pvwmVUDpOmCzB%2FCcA8c3MImv3A25kNcMq%2FIxaymBLKbjWQtgsmayHmIxovPUUU5Jkdfij1yKShZ0lZbFTsEnftOzplUtoKdK1%2FR%2B9elsGrUboBBtq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56fabc1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/65800.d803fbd4c225782b31d6.js | 188.114.97.1 | 200 OK | 40 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/65800.d803fbd4c225782b31d6.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (39520) Hash6ebe1a578a746f1da064f34508d700bf b27eeeec818818be41f90df32894c3c618d183be c5781d163c837d6d2c72081b42e6ac0b513ba744a8a2ef95b62a4be628fd0168
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/65800.d803fbd4c225782b31d6.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"9a97-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=doaDFwKwNSKl%2B9rrP96gze%2B0FEZmEp4chhRM7bIj%2BJ8RkR6WIGah1crAGCQCFfbQVpHc9smGcbXIQKCY6Dl4wGbYoQfpkdFE6gx0BseVsi6SjHjWj2GL2YD8yzct9lFdu%2FBQYmFN345WvghaA2bK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56fabe1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/22843.1bda3edd4dd152273661.js | 188.114.97.1 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/22843.1bda3edd4dd152273661.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (20995) Hash3d7d3c6641376eab526dc37c2a3aea87 9a4405500ec4685d070b940e3e58dbe95ebedf94 8bd28e45bdf228abeeaec72fec246300bf1a2d85ed2bec3710889cb3ad8b72dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/22843.1bda3edd4dd152273661.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"523a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RuXHT8cMdtyJ9MpvGR21gKM40YxvM3uIpMYB78YWStoZibvGMNXKomRlH5GDzQvhtypayIDLhPfbQv1WuajQ2SwbldnMEsaXXNiRiu1spDgPrK%2BFD2rSW%2BsEon6iwdEKp3sOPEnh0CTW5jJR%2BTmu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf578b4d1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/799ce01abdb0da7bdef1.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/799ce01abdb0da7bdef1.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (10064) Hashf9eab234b26ace83cf074c0e8ee41795 7400543cf80242671ca9f63aff06b4fe7e33c3e2 99c1fb6a35c0b13536fb0ab5c1afb16fa359fa23e56d7c50fa86207f10e082cf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/799ce01abdb0da7bdef1.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2781-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wMu3YR65GUw7SmvPxGR4jlDj18QsRAEVm0rbukqagr%2B1H3XLF5JsxlkIH4foPNyknJ00kwpQtpyvGHJudM7HXSkLz7bP8MrM%2FUgKBYon9fPyanMHYRHRvVRzWOTnv%2FFx6lLqJUqLb3xUf3zB6n4q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a2d721c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css | 188.114.97.1 | 200 OK | 2.0 MB |
URL GET HTTP/3login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size2.0 MB (1982257 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/app.efcb8c8bc767b60fbdd8.css HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"1e3f31-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ithj0u83Kjx8%2BcEzLt95H3UlyZXJgSXAml1FryIwJ5LiJ5eSIZN7rvDyvFNWnEyAk%2FzKV4Yfj409fG4U2hJCoyYOKf%2BOQ6DrnfJ%2BYoRyCzx7U2m25cjgUpgC6ytN%2FkuErfD5%2B7b9p0PHffz%2FCo3b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56299e1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/80083.7fd81fb4889aa662cd19.js | 188.114.97.1 | 200 OK | 26 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/80083.7fd81fb4889aa662cd19.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (26162) Hash0abbebabbe917f168094124bb3cce39a 9de38e8e88c1c3450db921ccfcaa3afb35563194 21dd7691eb613640f3b6e7ca733fbb99374430c34523f31fbeeb877ca8c5c494
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/80083.7fd81fb4889aa662cd19.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"6669-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IqQ6Hcs9%2FzP7dYhsO%2Bv5b39QuTZZ2ekCT8%2FIEBkzEp0gAx6Hdxwo89jaa8R4BoF3nAD2h0yiwK7bY64ET1xvzu8t4kMA%2B%2FwGXvjRFJfXrhTTXBnB%2BICdAGmmE%2Fy0DBgM2gbwfQs%2Buisrw%2FXYr0Mc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa521c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/6086.2af42e57fcf6739db519.js | 188.114.97.1 | 200 OK | 19 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/6086.2af42e57fcf6739db519.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (19374) Hash6fc5e9f209e47dece5d8e86354e38916 78a29b4cf26974c725b5952e0b65baed2e3309c6 014e1cfc914dc362f3a55113e3aa27163bcd88c8323905e7d8b43c7b16ae821d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/6086.2af42e57fcf6739db519.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4be4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RrfYe8prMIl1ehWrbg9iTAdXcXrfTQMkcgfdcxlB9Q1YVpnP1hB0zSTPaypaVh9qcTlw3KFjIeE3y6WCDnPuiIcAItSRWcbm1ahQu0VzDifIgZpwBA8pFKNdnIT3A%2FA%2B5cHgy8xxlXZQgZaF7ECv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ca8b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/23992.0430129d8ed977cac0d4.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/23992.0430129d8ed977cac0d4.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/23992.0430129d8ed977cac0d4.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"37fe-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hA3apUfIlhLCmDJEVZrbBYCK4aenmI0IIAs3KLKUG20J%2FxdOtyqN73HJei5jTtnVC4gmpUhP%2BUGQj%2Beo3umyrrelTOVisF7Gl%2BAu11dqN8LEtvIHbSSrcxWHNxww%2Fw5ignek4CEY%2BeauFbsPtnDa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a4d8f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/44d5e1639bc492dc8d62.svg | 188.114.97.1 | 200 OK | 3.1 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/44d5e1639bc492dc8d62.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hash02799b7410be627fa7a88303875c8132 4cd594b6972f1081641e15ec286e9bf5a6786b2e 004f3b15b564c0aa1283e18e84b1f4bbc714f5ffedaa5dabd7281c01b08a559c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/44d5e1639bc492dc8d62.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"c4a-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ALEktFKL3ZPV%2F%2BX2qU6NNbDpjPUEUYzA1nc8UG8CMRlQ3N3oRoh5bl7pAstdBOqExSPQelxqLzMWkvrV%2BXwXGCHKywh02Zo1qpprGNUqs%2FS1hE5oTWIdL6jicPXPtOQRu1%2FBGKwXhaPlWywFgMok"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a9deb1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/3341.1a1f8595a0c8fc9f99cf.js | 188.114.97.1 | 200 OK | 8.5 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/3341.1a1f8595a0c8fc9f99cf.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (8843), with no line terminators Hashe26a8efc5dde624130372229258ab5c8 6fb44998a93cba1ead19a776409849a6c50bebe7 6302c624d089c3bcde5638a15d621c0f664857468478526bcac9b419ddc6d81f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3341.1a1f8595a0c8fc9f99cf.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"211e-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBXE0GousjtG9an62Dv39QVCq%2FrrRiIH0sr%2Fd9xem%2BzVWPmsvhUUf3Kzo7P28JHy4EDV9tkpfI9pd3cH4zsBTLn1fpfvIiFxdJ7EcEr1NktpERsQG3btsLLm9rmdehasOm%2BvzRziNYDU%2FW2u%2BGEX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639c71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/18407.d0257553d76c1da19de7.js | 188.114.97.1 | 200 OK | 63 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/18407.d0257553d76c1da19de7.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (62630) Hashc6070a74fc7828610536a88f4ef0ac00 58ff20e6b81343ce9fb04c9a3b98e96eeaced06b 5a52fadd5efd62ecee80f803d600055810fb7765497d80e95e8f61aa27286cc5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18407.d0257553d76c1da19de7.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"f4dd-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jQFUaN6iAoL7Ar0tOO9VnewX%2FgSXmRaQ%2FcaAqY6lnAH%2BoRyxlm5PWixTP0E43uhlpcS7qttsj0az%2FMHtOJnPHC%2BPE6IfAYBrorZH5sRBYMjD%2Fz38E1LlXfc0%2BSjoXWWOxhuN3b80a0%2By6%2FxNfVQA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a061c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/64612.26d2bf1afbde26a43a76.js | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/64612.26d2bf1afbde26a43a76.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (15643) Hashe889f804c915f5278e961cde93d50e20 25e94c62cca79bfaba361e27e49cc687e72b74dd f3649beebf41954e8e4aceed2d74c5fcc81a61e1123b4190efa9a02f785977fd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/64612.26d2bf1afbde26a43a76.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3d52-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J023QWjVh8drkUkbCOIE23yeoge9%2BmUV4F%2FaLnHXsVXo8%2FmcxtpT9j7vvNdrNALI2jqOcfqSLce8w1T1IcOP84sWv5LBa3u33cJA0a7izE%2BJC5i212LwLpws2s21ri8riB3kIONfb5LRLCuOka2b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ca8f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/?v=2 | 188.114.97.1 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1login.restorecord-bot.online/?v=2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?v=2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://login.restorecord-bot.online
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ogoPEvHdiCg7QPZh3CLj4g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 01 May 2024 21:08:41 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KMk8gFZ3TzsUPmDCemrdHPcDvdc=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbulIqBQaaPfU3GzSg1oHkRybf8ixVQb0nvUaTxy4PJeWdKj3l6XwfTueu%2FElAYg4txJ16I64Ou5VJa21oqe0OQiEg95Qav%2FPNwJ56LbDWg%2FATmLCfSumJGfIOnkyz5qV7hPrpMr8E936EzViNdH"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87d2bf8bdc27b4f9-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/75851.82c9a7f8176d778029e3.js | 188.114.97.1 | 200 OK | 9.7 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/75851.82c9a7f8176d778029e3.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with very long lines (9810), with no line terminators Hashac6ef2a39ee1dd9bfd9906c593a8ffc6 0770b44a9791f7bb2d95b3c44c79a96fdf08ac4f 99c9f93237bec55428a7d0199a1a1c33239ff4f3afc72f09a03c860961430ad7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/75851.82c9a7f8176d778029e3.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"25ed-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMI%2F6%2BK90XSl9RtlJRrsiwI4Aivsg8kCqHE02ZoUv%2FteUBRsBVkhmS1k6oYyw%2BdvNGdHnwoO1P%2FFUmp9hPawQEKMS9YK3fDXkbO4Ax0aqr32G6rsSbaTfXaQg70tYpBKrpDtaBhs5sdKYK7SXTkl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659ea1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/17605.396d4d0fd6f31f0ccbc9.js | 188.114.97.1 | 200 OK | 149 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/17605.396d4d0fd6f31f0ccbc9.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size149 kB (149407 bytes) Hashd76190debc34ded2033eb596d275c6e6 1d65e4a7e5bc735bff02c5fbb1dbc89d31cabb6b 8069a865a2a03e1afbe4b88edf980d24295d5643a48e180f71f84373ca3d76d5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/17605.396d4d0fd6f31f0ccbc9.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2479f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CYTOMF16dgCu1e8aixOfzb8U2ueB6202zxBu%2FFn1QhAoUKSR1Zwtcl5A4tv0Ekbp8MK2ExavpURleW04kE2qjwFCFQPD7Yvl6Lg65ozt5ebd9fGePmU3IeJ0tJxG412y5iGwiCOveA0xu0%2B3zeef"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf569a461c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/a9639edf37cbf3bc290c.js | 188.114.97.1 | 200 OK | 5.8 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/a9639edf37cbf3bc290c.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with very long lines (5947), with no line terminators Hashf392c77642c2fdc2ad568c6141c40966 8f9529db4fcc332030fe2b066220c4d5752e2cc7 9c96486a4197d9bfe932ae15364d60dbda2ce77fb28f6e53319f5a9b6b25b486
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/a9639edf37cbf3bc290c.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"169a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Db252ZRIcSLGyvxkYutBPplPMB1UqAerD26ewOy5mqw5ZOPruX%2BFq4gVIr9R6brAtCf%2BRGvAcREb1tCtpulYY0gpTnoQYiHTXF72L109Nni84YED44iY7wadiy8kddNhfgMSaNYCzz%2BRnhflwDw7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a7db41c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/20ac37ed2576dd48d7dc.woff2 | 188.114.97.1 | 200 OK | 65 B |
URL GET HTTP/3login.restorecord-bot.online/assets/20ac37ed2576dd48d7dc.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with no line terminators Hash84b7416cff14fd88e25c7a5e808f96e7 141dc0f5c13044dad660a2add445baf5c472dffb d8c6f38967f6cf2d568e34abe3e04c2c2c195becd596c1cee7b9b83822dd768c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/20ac37ed2576dd48d7dc.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: font/woff2
content-length: 65
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"41-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0VoxLyTh7MG8Tbl7z1gfCbIW0GuftGKlspzbWsGK5dHXN56r8wMC8xTc7Zyt%2FzmZ7%2F3KV7%2FZmR4fW2fxiuPD9taJ1KkGlerMz13TJRfFzgFqLMInzckPM7Q6xZqG1QdL6rE4r3dUnA3kAZPtEeJg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6ffcbc1c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/13798.6a2a5ac1a86675c94b6c.js | 188.114.97.1 | 200 OK | 7.9 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/13798.6a2a5ac1a86675c94b6c.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (8182), with no line terminators Hash81548497b4c074d04063c9f226154ade 3548f8053d9df0534168b499bf42407d8e573e2e 13ac083b959b6c894e5118fd5a686a4985575125a984190c1f7454264cfedeed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/13798.6a2a5ac1a86675c94b6c.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1eb0-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Op7snwd50Tq%2BKKomBMUDyziJNeJ7WfRy5qYTijTx1EBOGC8JvM5SGVhxtXCZ4uUQQyOB8JJFbgSIQFF46uRgtYC45LqTcU%2F8fBmJ7NLdc8mJ2XSvVom4QDGgnSC1ZRivOEwe5IjF8pi%2BAABVyxUM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5629a91c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/47470.c4ab7647d25b8ac58ca8.js | 188.114.97.1 | 200 OK | 312 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/47470.c4ab7647d25b8ac58ca8.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size312 kB (311789 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47470.c4ab7647d25b8ac58ca8.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4c1ed-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lJ04cjftAavkhZpvchnZV9ozGfGzAt%2BrPvwmmeToPhU8rlimVl4POxVdw6Rpl1DminrAO%2Fzca%2BZ7ETRyXFYqfrV53oIvtFh3ApakeX9aXjw3xxAHJN%2Bzh9d6E4JaL%2BUTwZedflYr6fhaW2gI%2FqZx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf578b471c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/3205da2e8f78633583d0.svg | 188.114.97.1 | 200 OK | 688 B |
URL GET HTTP/3login.restorecord-bot.online/assets/3205da2e8f78633583d0.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hash845877ca568da4ce63844760bd808400 c25334314d5646fa7bdc85e171bf96d3d4c6e794 cdded65b4ce8893fde73a93b00ee2061dbdabdbdaba65f0fc61631c17ce980ef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3205da2e8f78633583d0.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"2b0-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2nu%2B%2B2a1bBB3Fc7M1u21F05zuKLQJfxcHZKwl4h0%2BFLJ%2F2LntN8Vne7%2BX738g0dGJzr%2FMnbt7CzWwOEICI6potKwodyhnQIP85wr63ahyP%2BJTHLLqgf34EjVTIusZlAUaAqMVERvUup4kbT2aUA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a8dd71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/api/v9/auth/location-metadata | 188.114.97.1 | 200 OK | 111 B |
URL GET HTTP/3login.restorecord-bot.online/api/v9/auth/location-metadata IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashf921b73551e0451c381ed860c4ca4922 52f139f4193504c4da1f239da19f9cd85223ca95 2f622b242ebbde3f82e58ca870bae510d6becb48aa2d465949912eca98db1e09
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /api/v9/auth/location-metadata HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Fingerprint: 1235337099390095483.MVVJUgzmab0F_02FJxRaG0nKH1g
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://discord.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-Resource-Optimization-Level, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WjSbYjrJHEyC92Fs6MFy%2B6d472tKeqjtXH13fIq128gk2bTw6r%2BK6231TPEa%2BdHXYnrOHDXsp0VqqVG9gvOYV74oB5HgI%2BakLousAHrlsUzxeWd8wqaEPOC25HFf"}],"group":"cf-nel","max_age":604800}
set-cookie: __dcfduid=f9e9a7b407fe11ef9ac0ea9c9dd2dd38; Expires=Mon, 30-Apr-2029 21:08:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __sdcfduid=f9e9a7b407fe11ef9ac0ea9c9dd2dd383c39e61f9561ecedf9ac488b03b619b6e62f19d256a6f406ca660ad18477c9b7; Expires=Mon, 30-Apr-2029 21:08:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __cfruid=6709e3eccc89d1ae1cad204ac57151ee67bef759-1714597716; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=xvS2lhX_.MA9vOpPtAusqdzuXUcmswcqMBzJlaT8UkM-1714597716785-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 google
x-content-type-options: nosniff
etag: W/"6f-M/+vXyWC7oCXsRG6dm+pckrDDek"
server: cloudflare
cf-ray: 87d2bf701ce51c16-OSL
content-encoding: br
|
|
| login.restorecord-bot.online/assets/48059.86a954da9c9a44ee9dee.js | 188.114.97.1 | 200 OK | 121 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/48059.86a954da9c9a44ee9dee.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (120793 bytes) Hash0913b93dc0dd7e4beacfbb0303501b18 e2fa12d63460ad8a54218971c444b085958ced88 9f32de28a06abc9233adf200a94a4d637cd39ab3b3970390175b42e09e5820fe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/48059.86a954da9c9a44ee9dee.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1d7d9-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7a6XjFXxh2RoFLSE0AC979kSRppe6mMe9Yx7JTWTj8L%2Fo4owvZ5gKWu9SWgzDrxwoaA%2BJsdcfy%2FQtZbcfCNfwo1lPRfaUx%2BRWMHcYImtdlGpCLscNb2tC%2BbmSFdhxXY5uCPb1Gql682wELfVHKe1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba811c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/30982.a6d605c291ff090be83b.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/30982.a6d605c291ff090be83b.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (11446) Hashd06e1097bc0b493b61ec8ccb6a3c1338 d69f77887e7611c330cff1fa7aaea9dafbc57ed5 1587658b44a41e7384ad7bd8d2e747e98ff01403347075b0205c68463b87dac8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/30982.a6d605c291ff090be83b.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2ced-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NNH8jmZ3bO7BW8BnO5lI55DuBvZmZnHPmrwVMaWTBCiRYn08yUPguJsWUscRndka1cWjLd2g5X%2Fyo%2B0yp4KJqCTp733%2Bl8sq9DPyoeBea0VoZk5JDy7tcW2fCiM45htu9I7Qwi7gi4v6BpL%2BDOdW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659f31c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/62768.3bd3b009dc2945b07d60.js | 188.114.97.1 | 200 OK | 40 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/62768.3bd3b009dc2945b07d60.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (39620) Hashb6b6813d1e66352c0decf44454134375 95a172f9805fdeee7bf82568b66c493972b35ad3 b07bc7d7d0a9086f1b02065c938b99544f7d651295ca2c860b22ff02c482a239
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/62768.3bd3b009dc2945b07d60.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"9afb-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3D4UpGBVmta%2BjzumE9%2FS2fA8rjIDuY4SoDBRQ%2Bq4oaKtA%2Fd8g%2Br0EGwf%2FP6V1%2B0R8heco59qMowuz%2FD9qc%2B7LdyPdMK9E8UIvgn1NEm3kuGANFkvgLbDFLaatkyPo6ZLz8nISfhAOVPaB%2F%2FInPoR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa501c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/78995.c052e63a7b5574176cf3.js | 188.114.97.1 | 200 OK | 19 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/78995.c052e63a7b5574176cf3.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/78995.c052e63a7b5574176cf3.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4b93-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XLvvL8w8fF5es2WeIzye421Oow%2FrylsYccI%2FKpHHYlS%2FadYlK2wk75vPdG4%2BqmeI7EmJa47IRV59pgwKKKzl3ebaG%2FKDkA8IHjbeQkc5p8CQYybmH7dVb%2BjNOQ%2FIgFkrY6xT6lfM%2B5jIhE0C5PM4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a1d671c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/images/favicon.ico | 188.114.97.1 | 200 OK | 25 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/images/favicon.ico IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeMS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Hashec2c34cadd4b5f4594415127380a85e6 e7e129270da0153510ef04a148d08702b980b679 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/images/favicon.ico HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:48:45 GMT
etag: W/"5ff5-18d28d8fa48"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=puoOoFPW8TqUkonGb2eyPxTRGzxZ8K0OVRbURBgEINakKpBPwieKR8bcWY%2Fp37eVWIzYOAdy5BPZei4hwQBZvP3WnSZjz7%2B4l2gl3983CEPq4wbRPsye46lGkVSttEPvlomxnsuFYnHXEFrc9FdD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6f4bc71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/65000.e1b9099437a0cb5444c8.js | 188.114.97.1 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/65000.e1b9099437a0cb5444c8.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (21036) Hashabc619bd0b72681ed95131a5e0489b12 50f98a563f0b7771b5df533e8dd75306f37606d5 0384028309684382f2d9e791a778dbe1a4a0e9bc6e6756bdfc3d4f236ae3bc66
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/65000.e1b9099437a0cb5444c8.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5263-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7g9lTV%2FLQjTmU%2BlQrUaaMuOnkMGy51Xw3XOOh78gh%2B7tEZk02HxYuc9SJ0kXAMYARKdpbz93Yyso8JIm9Oc%2Fw2khDBWkpUFppyxy%2BW9FTrHGG0T1SdKnl4isMY%2BM3NCOwEadXx6K73gXOrYfU47"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639b91c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/66701.1a83dd6990836d80fe7c.js | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/66701.1a83dd6990836d80fe7c.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (11178) Hashb2c21f2a66a342876b66fe2ccca32047 d6c8eaedf6bac6cc072935d1607b9387d912e2a4 82651ceeb7e2bd56422c831f2557e259f8e3ce6cf4e47020e5f0b4f13c81562f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/66701.1a83dd6990836d80fe7c.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2be1-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9Zb8lOunDfwI6Dbl2Mt4UvdnuHewBXENO9GvOvy2tdQnpTqAbiv0LhF9muS0RSNUkMSwYC2%2FX80VygnbWomEa0F8KTvbq5G8ixbPrcySAgQGpr%2FZnjIFiAmKzWpvsu47GyvD01c8%2BcdoGYsot4%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf567a1c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/22198.f5f5aeb061c44ad3e071.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/22198.f5f5aeb061c44ad3e071.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (12232) Hash037eb3fd7c79a6a5da8011e606e917bd 078368fc9988f02a9d9b2faa6494b3209ca6f8a1 b24340e4a45954dadfd82c820035335f0d27ea454fdbbb263ca273cd590d5a23
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/22198.f5f5aeb061c44ad3e071.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2fff-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LtmVAd3annVYhH0ifv4uPW%2B26o6HHxZ6fQbLirexmtXCpBf4%2BP0TEZurI1R2Wv0uBIh1fYbjUXi%2F5RGdCMZSuF5tDcVkmUs5Z5uVV9kwiDVKnOrB2WQ%2FQ3Ghl7%2FT1Lhgcbxr6ihBrfHewW7Y86KA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf568a2c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/81161.16bd418e776559e11cd2.js | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/81161.16bd418e776559e11cd2.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (15686) Hash3c97dbccfd4e8411ca557fa727fd0a19 f35fea6cecdc989d2850b9a1f7abd2330aff5133 ca76d86c4f5150906a316d1ca088cd09eadbd882971821fa6e030127b81eac32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/81161.16bd418e776559e11cd2.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3d7d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bbDlq3JkUOM181QHMley4Zg2VHqgxjV4oMCtnqESxkOn99gQlPUBMIQNLxuieT1OIGxPL%2BTCKk%2B8rGqhwv4iGajH9%2B7L2X%2FuUSLKPWCJNljqGC3o9NjQMdoWa%2Bm8p50em8fH1eod5UXQu7lNHuto"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba791c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/4650ae2583f4cebb91ab.js | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/4650ae2583f4cebb91ab.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (10990) Hashaefacf14a0528576a759837b74b8054b c3769250863d85360b36096f544b1e9c9904c9bc c0ea7413413b3ee925b173f94f67a7753ff6a77c00759b004e417b865ad9b727
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/4650ae2583f4cebb91ab.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2b1f-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eZmG53KSZrIcUmbc5omNf%2B%2B%2Fqq0Z14hSstYEZSXy%2Bjq%2Fz%2BjUgGFU1TaTyBr8Jgm9w2SC5vhkRiZNoZlH%2FwlLk%2FUWQqj%2BnORq9DA3FLEw%2BLT9miBePF%2B68Sj%2FedBYzUZfP4aH%2F0kQNENQowxiNIn9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a2d6f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/94751.a83f5d49f2a33eb3efc1.js | 188.114.97.1 | 200 OK | 1.0 MB |
URL GET HTTP/3login.restorecord-bot.online/assets/94751.a83f5d49f2a33eb3efc1.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size1.0 MB (1006633 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94751.a83f5d49f2a33eb3efc1.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"f5c29-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DWDSxtCVbAaE6oUKZ5k5OT%2BIwEhbfs9WeMG9xy55tRtROqgK6PHE4i2xqnkD%2B4%2Fp60ldbRgSWrkRtVAQ8F5YDIEk936z31cxjgWKvhHjN2aQ9Of3%2B2CdxanQij%2BhUn3UWmXy11X3vyU923ZnKniy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649d61c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/cdn-cgi/challenge-platform/scripts/jsd/main.js | 188.114.97.1 | 302 Found | 7.8 kB |
URL GET HTTP/3login.restorecord-bot.online/cdn-cgi/challenge-platform/scripts/jsd/main.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Wed, 01 May 2024 21:08:35 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YlGlqF6PzvPActKTazRl437AUCUMm9JqITMtU4oe%2F70BAd%2BUFEdD2tvpOE5MPiD4aQLuQNGeP5EiSDudBMVqRN4Jlq%2FFYlPK56CKUMmt5%2FHPQ0AV1wG1RshhxkdViaHScHNGBIPVdxvj%2FkStuRVS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf69dd271c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/96634.06d9840e14d8b8f41b43.js | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/96634.06d9840e14d8b8f41b43.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (16229) Hashb924f4be14a3e2330a86646c12dd033e fb8f63674d6d1b4a937d5e293bb46a10a384bc03 d65f5776f04bea788fecab1869863fdbd743604e16b45c40a3a5c91029b80057
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/96634.06d9840e14d8b8f41b43.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3f9c-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sej4M2lt%2Be%2BHD0dmN6cGMWhtSg%2BbyIKqVm%2B3vNzRRG6w%2F3gxefkzR5LAxjgSL7xFmoJ0G%2Bh0KPpySfRqopQh3xToLZ0YC3HheNMpTLmPCipcCXPYbSxZvro4UeYM0An5uzOpTpEdWme2zyF7s9eh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a3d8c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/31717.335393f06f604050b43d.js | 188.114.97.1 | 200 OK | 65 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/31717.335393f06f604050b43d.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (64808) Hashf21348f766d7fce1d259877b826da099 73baf8dd6916a60dab75cd1879feda4b29a090a8 bfb3e51c1397bb6498dd873eee144f50271c74c4630bb8ae0d55a1da8aeb9863
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/31717.335393f06f604050b43d.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"fd5f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gz55YgF5ZP1LIJYVtNy8470%2BP13KnOQ3sBSfcm1dW6PWQYVB6XB7Edb%2F5%2FQv1HCyenNiVioAbiDw0pfQPQ8tS3m3P4aDhMdhYNJo4F65jUy95CUrmFPrIrKkcXnXMqa5Xskw6D0c1WuwtYfBrsAf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659f11c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/49191.4c47aae235ac3c0cdcd4.js | 188.114.97.1 | 200 OK | 13 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/49191.4c47aae235ac3c0cdcd4.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (12692) Hashd4ce6646e8d5ffda699497912a3eebd1 4a805ee77c49b82538f97e189c6fe64763b596af 27303c6d56e622d841fdf0dbe19d3b61ba24b4d9ed0f0063554d40d051419a8f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/49191.4c47aae235ac3c0cdcd4.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"31cb-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0lnq4j59bX5Gxq6FY0dS7Upa3siNafCFOr%2F5gEVhu1o9vDj9gkn8VUJZrwgN31q%2FbDGc%2F5vuL5kFM5dh3TODUsgzdbB60DbT5Wy%2BcISXUCC8h4NsNqXDcvPp63sNMFk3hTSHvvUGTh8cFse3I%2BFM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf568a2b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/55639.406bee7d3e2064cd65d4.js | 188.114.97.1 | 200 OK | 28 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/55639.406bee7d3e2064cd65d4.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (27753) Hash75d1d4ed4e9080766fea15d7548a9472 b64d354f4c71d5176d3cb52dc7e55e752b48059a 66e11c8abc27f8285a8a7a8179af491f8b5d8e797b92afe6bd4a2cd710b2e122
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/55639.406bee7d3e2064cd65d4.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"6ca0-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=57i5436ojl%2B%2BAbl42kS4nEbkAXrgWPA2u7ym8qsILtxKak41ihjrbKUw8hoTer9vxypOqeFL3fl28AWFxMATuZ%2BDjoZXonsT2bBdTjHhkn23eNABcavkaEOztNGgWDmZqmdCZXrWw%2BhyH1rU5iSm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ca861c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/21251.87af35fe00e980d9651d.js | 188.114.97.1 | 200 OK | 22 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/21251.87af35fe00e980d9651d.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (22100) Hash87ae3712843239cfd30ac976bd99940d f94f35e5ba76aa102c14972c75cd67728f6efeae e4f129ecb25b26e3644847541c531e34f3e0848bfdbb9f0f00fe97347bbd9db9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/21251.87af35fe00e980d9651d.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"568b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2Fzi%2ButFvLE%2Bvpaf4d6QHf%2BiLfHTiaEiYeAaG%2FknAZOYa2jrsg4Ic5o4Vi9BxBIGQzkyBoQRTiObUfwhjqe%2BKyaUaCYP9cGItjSr9Dpj1HV1sNSyeUaqniuB8sGqeKRqZdwY1%2BFJOH92oBhS8iQg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659ff1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/47387.b94323b63bcf5c32ba76.js | 188.114.97.1 | 200 OK | 80 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/47387.b94323b63bcf5c32ba76.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashb235b236312169e0db519e60c0d7eea1 6d34c175ce387b8bd435ce463d44706f08e9137d 03c0d5a0ff0b821c4ceff908a8fd7e62ea9b881711023244449f71455215d00e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47387.b94323b63bcf5c32ba76.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"13927-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bWAr2CxAnCG1sOvxiajzuRXIhmfZOQJn5%2BHFO4erMbekRx9o%2BF81l7dixPuf3k5U%2FalJk7zOzDwIXFQCxsDitaPgsbZcYtsiSGovZgDd%2BOiQgWHVw74ZjH3jB0d7sftD68w7EhU%2Bf4%2FTBcwdQcPH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659f01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/6575.507fad3ad28f9e5198cf.js | 188.114.97.1 | 200 OK | 1.8 MB |
URL GET HTTP/3login.restorecord-bot.online/assets/6575.507fad3ad28f9e5198cf.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size1.8 MB (1792121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/6575.507fad3ad28f9e5198cf.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1b5879-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MsYygL8jJ25oWy6GJXz87%2BtKu7yme9lR8O6Tvp0t6N3c3tKxqpMl3SJ9Qm47hhr%2FTe5m4A9PIMxKoOcLngeKsnSKSZrDjxfW2Q1C8%2FwPZj6hH2s3JQfMrJUsTEN89LHx%2Feq%2FAQ%2FYewIPSj%2FGYLAp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56fac41c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/40413.ee00763112ee8df65f08.js | 188.114.97.1 | 200 OK | 7.9 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/40413.ee00763112ee8df65f08.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (8028), with no line terminators Hash0b2eb75acf108aad28037290505f993b 20c3bca016fb59ad79e807f379078b71d12da15b b603d4be2b12cf965a38fad6eb246c3cabc86f6b4370e7733d7495495a7ae0ee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/40413.ee00763112ee8df65f08.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1ee3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u8vE6CgiZ3xNz%2F4nRi%2FAbfIA9AxA%2Bljdu6EVihozMa6Zj3PQoeoe2KwpAO0sgy7S6%2BBKZCV87sI4CvEcmnSlxWDk31XCv9xXI1GMzx7a5PjFhOmTRHLJvky5Gga6bRLvPAvjTI5ZtKbzYaChBu69"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a1d651c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/321a07cbc6f5919dbce9.svg | 188.114.97.1 | 200 OK | 139 B |
URL GET HTTP/3login.restorecord-bot.online/assets/321a07cbc6f5919dbce9.svg IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeSVG Scalable Vector Graphics image Hashd8307f61f76f425f8834fd27a04c1b3e 5fd275de4826b418e24dfb34abca1dd2d6397b78 e05e223815347635e74c037681ab5036542fbd6c1a0f08a9c923153ccf837441
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/321a07cbc6f5919dbce9.svg HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"8b-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAv%2FYf%2BFfT4toHVEpWtMyupo4MzGKtojLsHjey6tX5ykG9E%2FYxeskJrvZz5M%2F23U6%2F5GJ%2FCP0Mq2JA%2BXAqBT%2FDtAJ8ASssxi77AxEx0YYu%2FrFPuNcx5Zw%2BeVyfmoDNIiOJgLtCKDOpkJue6aPZhw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a7dc81c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/3f46bbecb4287c0a829f.woff2 | 188.114.97.1 | 200 OK | 65 B |
URL GET HTTP/3login.restorecord-bot.online/assets/3f46bbecb4287c0a829f.woff2 IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with no line terminators Hash8e0185b3d3272056b90fa759b629b4a1 f80ecdd55cf374b1f5520fcd64e97883c1f514d8 7f2fc9c03ac5cee4e206b61d510b427ba6e8f5c7554d1b5db42c5caa7cf2307a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3f46bbecb4287c0a829f.woff2 HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: font/woff2
content-length: 65
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"41-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvoWJEU8eZyeytMgp2A9UMRP%2FIwzAGO1fvMR85oBFZKwMSCzXSq0RTyGx%2BvMWAq2K33z5tddKBmgfiCS5wLmCmQ%2FWE%2F2Tj16jxeEiGTQ8UYd3vw1al%2Fu%2FDfkyUO9mNsFMLwEh2g0kF8i1pmLgyax"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6ffccb1c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/17820.e883271a8a21d461b3cc.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/17820.e883271a8a21d461b3cc.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14165) Hash3eab1ae6e3a0d5dd18c280bb01fc9426 e09de192241afa3b47cfd3420cba919f5d5bee7c a7400219aa005e47acfbedf2ca55d9da87fc8d4386888f6c995c03358602793a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/17820.e883271a8a21d461b3cc.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"378c-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJucbVMkCvqElV6JNrnRJ6vra6UYJQQ1PvvahvUESUUFSWMWdqK3lmkZM8erDv2QGBu4qy7zgwMeof6ezloi%2B5cMUpnioIIcBwyIOnvElm1LHq%2BECzVe4eY%2B7p6op4Qg%2FvG%2F3Ab7HcNVhqvhkWXN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639ba1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/41611.7d797575820892675652.js | 188.114.97.1 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/41611.7d797575820892675652.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (20820) Hasha290ac62b9753650e23d6e78ea4af855 417747142045ca3f2e616d389c0e678c3d6bab48 7140411b3e59a097ef31914fad63941fcc863cbc7fdf7f8aca5ddb67f9a6388b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/41611.7d797575820892675652.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"518b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vix%2B%2FbpvbYiRLfzLLdOCKgHcCQpEW%2F1s2vzQKF4ltmLiuIxhKRJZRFzyNF%2Bqc4%2B8g8BL9rAsrvTMmcfw%2B9oQ%2FFiH1lhrxAvOwxbrP7pCUUHSXgbJoYVk44FVoSWrL0QmGBZvgwqm4i2Brpnslenz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf568a2f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/46541.c33eae8d471e53d0e4b0.js | 188.114.97.1 | 200 OK | 11 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/46541.c33eae8d471e53d0e4b0.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (11221) Hash5ae0a08a3f12c1e8188baa3c52edfdd0 f557a1633dafe82e67dc1c79430a29e8c2770c1a 8c9541c705b78af92818361f371dffe2932fe667fe5bddfff23a10a94b0e9491
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/46541.c33eae8d471e53d0e4b0.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2c0c-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6ZAKETYbTetwF3d2j5Qhahl9%2B%2BH2p8evQxipUqyA3CEFXZQtiLqOGLfIlUkRuKaksLBP4Klg39rWXqn91uzniT5zzd6Ta86%2BDER4TmOM%2FDwBrB4pZ2k4tVlB6XFH3LdEDs%2BaugoHy8OxFP1HoKn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa591c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/sentry.1e20f9b7b3b2507e0dc7.js | 188.114.97.1 | 200 OK | 8.0 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/sentry.1e20f9b7b3b2507e0dc7.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (8219), with no line terminators Hashf6c12b3561afb0c5be1c10e2085c10bc 82e6c80f75bd4500d11b8a8eeab09258913fbc04 1fcf9bcb46efa6f11a6f1b081012b0dfa29746b084197a8b57f6cd0288e6646b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/sentry.1e20f9b7b3b2507e0dc7.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1f4d-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eezwN9c2E6%2FEVrM3wpt4lay3rQo95Pf7OiLnm4UJyCxn8Ty%2FZ8lANH6hQJHvY%2BOP5e5zJxElL8nf8fi1Ntqp9mDb5Q5akrCGkPWTV68UtChe%2BzmZjqeumOVtHiHN2RQnRajimK8J2Eq4i7klHQSj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf570acb1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/1182f0e14eb94a3d391e.js | 188.114.97.1 | 200 OK | 37 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/1182f0e14eb94a3d391e.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (36601) Hash52b599c4aedf6b6ffe9c2ed3d2b352bd 936cdde615c933061158424d3b8ee939c0f862c3 17968598d9e70c9e4261422b17902c0d3cee59654d9fb070842f392d2f760ecc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/1182f0e14eb94a3d391e.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"8f2a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FuX%2BTF9hHYC%2B8klC2argQwcgqvF9Fa8j3aerZZqjUNkb0Oq7IrPZQUrDGwI4C6MgQguV7KCxwXBiNWBfru2MDLDHSwY3Uh5U6gepvsRdICZ5cutM%2BV4BWUFIb1Rn%2Bnz7qnKabJhzR6g95TwfTqMT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a2d7b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js | 188.114.97.1 | 200 OK | 7.8 kB |
URL GET HTTP/3login.restorecord-bot.online/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (7819), with no line terminators Hash6e049c945866b24236c767015f7486fc 7f0b1215382e5add7a2ad63a9770a6f122193e0b afb202077dda3d62816a93a293f63a7b6328814b97e2ccee2f36026e2267a728
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VlMQsNeyGKeVKzDwakEdbLvGNo745TcO91XIn66OwQgXzEpcXCedaR1Po2s%2BkSq7YAoDfxhoilRnYvs8NLpi5KDTgU4q%2FHWcvpLXEIdWZ024lzbVTxHNyI9VH0FDKc2nFdgULHVYFlNdxVXK4ZKU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d2bf6abe1d1c16-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/55695.a2abd2a754a025899810.js | 188.114.97.1 | 200 OK | 959 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/55695.a2abd2a754a025899810.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size959 kB (959311 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/55695.a2abd2a754a025899810.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"ea34f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AZxRUI3MsZ8sLVzH0HQNl%2FUckEmbzGtsWaMTWGoS3ObU8p03Xy0fhgYgVvA1LxYoY7NbpRRHye5nG388F65L9oGNTqyb53npTX%2FOqv57rwuigHR4fXMtfcT0dBJm3STVJ2gdKahJYGGnqjkzGm92"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639c61c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/75676.8481ee3ef6c0d7c670c6.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/75676.8481ee3ef6c0d7c670c6.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (13527) Hash502ff8e5505ed7ca0324277b0bc89a44 d72fbdd0644c128b92e705195be59364fe41d03a da6f72756a57cf6b4ee7fe8d1ffa539976246470d740b0434e62ce7bb3d4a60f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/75676.8481ee3ef6c0d7c670c6.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"350e-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p80yJimuFfySJVX%2FCRRPdCDjlvD3fGqE1043Gn72BwL4N4r%2BLbflsmj6Dh95Oj7%2Bv0Vf5m4oTu66Vybyb7DP%2FXxbf3W4wUM4SiMioBHYkgWKfEhTmhR6Kd6TzFUt%2FxX9UT9PIbB9WWlBVRGgbdPD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a101c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/65225.45a68e44217bdc89eb40.js | 188.114.97.1 | 200 OK | 76 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/65225.45a68e44217bdc89eb40.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash5ccb90b22d94fa973ac33a2890fc7929 bb8b8e3a4a475920dc76225e76dad6c1305a76e8 e06633cbe7f25420c71e6a28fd6ccab71404df0d3fcf630e26cdb040e0e0ae2f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/65225.45a68e44217bdc89eb40.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"127f6-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r1wOa91gKfBYuHbzJfqyuorbKXSOwm5KJl%2BFIKMFfv7iJHkJF%2FDAeiVTHSzX9IiVC6wpkt9uORD5FaLrIk8EvCvXHWz4gFJAYz8YliTdqHOBQPpPS%2BpM6L2Y5PyogFTdSXonGZgnkReHg%2BGQxLpy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56da9a1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/8e64227ebe6f34850334.js | 188.114.97.1 | 200 OK | 2.2 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/8e64227ebe6f34850334.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with very long lines (2248), with no line terminators Hash4000d28d0f8e4feefa8883aec22cf353 f8f67e124e53daf7414e941168e01d2a9c812e85 817abe560796ce849f16ac01eaf0f4ba1ce40ccda95682cf3433dbdfc80db071
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/8e64227ebe6f34850334.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"88b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R4Ea5%2BO30L5MA3fgnOqJZfGebHRW54yhFRcEUCwWAlEYiTfDv9grx%2F%2Fd84%2FHO8QJCNTrBM2LGCEs%2FTKtbwc2caGsBv2asiLYtYktCkHPW1tnDw1o216kmCCIZWiZ35vVPeEan0BVOpGwvtQo61JP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf68fc641c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/68560.e27fd85667a295676749.js | 188.114.97.1 | 200 OK | 49 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/68560.e27fd85667a295676749.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (49324) Hash264fdf0094b5d416ab5fcb70a1f52ca4 f76c8aafe7d2ea911de8ce22bfbaa66d974cd348 73487f57bc5d9a1a20ca844eea8d8e14799184ce34fdf2e31c70a502955b0380
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/68560.e27fd85667a295676749.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"c0e3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9dYcWwsbXXXFl5UawAqcQSmFhNlrVr6ryjZEKctNsesVwxEOYjDkcNNec2Rl1OSf7C6tH0XDOwDvEasiUJwW3Wa5P592YYBHycKg8FK77I9OB1vzM%2FXORC0iI%2FMQqQ%2FfEuu6ASOV%2Bz6tyhp9LJdr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a4d961c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/22843.1bda3edd4dd152273661.js | 188.114.97.1 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/22843.1bda3edd4dd152273661.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (20995) Hash3d7d3c6641376eab526dc37c2a3aea87 9a4405500ec4685d070b940e3e58dbe95ebedf94 8bd28e45bdf228abeeaec72fec246300bf1a2d85ed2bec3710889cb3ad8b72dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/22843.1bda3edd4dd152273661.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"523a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YwQ5dyTG5le76FnIS6eV%2BIreMyY6Tw8uD4W%2FA5E3lHIQyDH%2F2YAAF6FTo1ra2NDmJcBHCE5Po93T321J1xeGyyrsAi%2Br6ybALBUSwY4EUsmIvp7uNwBHyjChFtVMYW8C128XAK%2FjpDdZnLgd21ib"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649ce1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/74970.ad098636400bd7dcbe6c.js | 188.114.97.1 | 200 OK | 28 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/74970.ad098636400bd7dcbe6c.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (28091) Hash3c3526a5242b8edbf4465c32aaf8fa93 577aabb70319ddb82ff368904993a42b33867d13 56d5c52d9d7ee3aa25c7670d3a69b9d711c20ed56e61f26f21cb459640fbf3d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/74970.ad098636400bd7dcbe6c.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"6df2-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rh0NzjwudRwPESa0O39ScU%2FWGDAfWYbXIKFqJ%2FCAgNB17%2BZnqtkmf%2Fu4JEMwmUSB2BsRB92lHzTnYG%2F7OkHU7fxh55haTLdnoeHkbmNGdBezC5fsSBMkvARFVrvwwLBbbeSrnuMA5tLck5z7%2Fgtv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a161c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/68291.687557b9b660607399a3.js | 188.114.97.1 | 200 OK | 18 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/68291.687557b9b660607399a3.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (17615) Hashdd0045a215121572125a5304c3133a15 3ef4f53e521272322eac0952cf5b9b7f7b01ceee b491a88ee2a3533fc0c2eaa6a9f23a5e5d8e431a06aa9cf36e4c36fdcb0c699f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/68291.687557b9b660607399a3.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4506-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sJO7m9Na%2FUNcyE%2B0dshPimztcEKq0zWCCsayTeNoocYSsPKItUnzgadDBZbxZAl%2ByFLqbmn%2BuGL1Hnw8X9VvIUezg88GkzACSP9U4r1h5BblZBJM4tZZqwvluP7ZoVKQgCi9DavjqIuhbUi%2B%2B6ZK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a0d5c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/fd3f659b46061bd95594.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/fd3f659b46061bd95594.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (12472) Hash1f26d0370e5e43ea29dcff7c1c53d661 dea8cfb895f9081bcf0b5c6eaa2608c0da58393d 8f23b16a70005926318364b1757e80b28978294775227047866f5a64f1683fea
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/fd3f659b46061bd95594.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"30e9-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OCavaQZRoAQ9i7IRgYRoADO8TsL%2FWjGGvJVqCElcp10rhGsL46gEkFu7lLVEv46glzcUG7gCRwrLQs6I2YQWOwKuwVITSDOngUUUydu%2BC91fEo0eMyU64XnPYdRQqRNUU7YkjpKv7JqOETfRxgtg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a1d6b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/399f7f1238d1fe8b2b51.js | 188.114.97.1 | 200 OK | 109 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/399f7f1238d1fe8b2b51.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size109 kB (108609 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/399f7f1238d1fe8b2b51.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1a841-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BCvi7cA1xZhb%2FeyAyxIfgWPF8vRFpJPkfyNkSTI48B8eGK%2FoLve%2F1V7z3Nz8p%2FDEUI43%2F0lI1l9Uxl8v6aMNE0GlshsKZTL2OF0Pkd24IswvCX2NVApZR6meXivMKwp0Jpa8RgssjH5qEpzbFDzJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a5d9c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/94288.dbd73ecb6b1482a870b7.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/94288.dbd73ecb6b1482a870b7.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (9979) Hash38d4ac71291ec9223ae33b9ebb5a4e89 7282b3fb164396d9510224b3040a89902c825546 9a8d5847b100e711a41231d5c45682b01b8173438f96c52667fd872976c18cc9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94288.dbd73ecb6b1482a870b7.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2732-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hEwEtEtmWbw7vInywsfVXPcedjOj1%2FKXiSBajpY6qEMa5Hpnh0eX7aC5F6cn%2FM2lipEis8VRIjLU0yC3K3A9pg8ZrS6ILtNdxneFCbFn640oEn%2FhZNWg6JSbacagXSo%2BeermiDwBRtJk9KPMwH11"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649d11c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/app.046be1857b9835ad19e7.js | 188.114.97.1 | 200 OK | 684 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/app.046be1857b9835ad19e7.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size684 kB (683933 bytes) Hash548bf6aaee7185ceee59b635b557dc9a 75c298df5f2397e4218d17de297d781fe169b461 4a0fbde1b61188ce3cda8fdce6f655968b6264dadea210b0434dfbb667f1a4d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/app.046be1857b9835ad19e7.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"a6f9d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b6dk5zQ0Jm6Zs7%2Bk8cewlnLYx2tgyxUgOR%2Fgq4xkDZ7S07WZ7gk5KTcVHd7BLT24DquakwYsnly240ljUCPgSKQEJRiCTZjpoqQvLSnl3Ec9L2pZNVlh1htsWqEWPu1QkaUXHkndM07k1lnN3vqx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56199d1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/18814.2887004806e3f2dcb541.js | 188.114.97.1 | 200 OK | 17 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/18814.2887004806e3f2dcb541.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (16511) Hasheb44fdac0aefca117662f9db435ffc09 bf2224f54fd833cad9374ec73e35425ca7850d0d 8e7a022b3c6e28ed485a3e73ea49864a44b188c56ff7f3be7ab7cd268662a33a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18814.2887004806e3f2dcb541.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"40b6-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gi%2FeO0hVw19%2Fw9AmDBUnFZkzPCvA9Et%2FXEs4THPOF9CdL%2BCpAvD3egs%2B02N8m5TbQFZ6nYXpcfLKsUTRuvDPw1RhT%2FbOrg%2BEa4WjfaoFN6DULiFOenuEOfGXn85nIrfD3ol8IW05PoFe35vwEuWx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa511c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/71554.35bafd030ac297a37d2b.js | 188.114.97.1 | 200 OK | 100 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/71554.35bafd030ac297a37d2b.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size100 kB (100440 bytes) Hashba52e5e9910264fad8c8cc08677ff419 2a8303994f8bf6fbce44a9198fc69f39a41b8af6 e6eebeabe896bd729ea9001e3049ec54e5438c7d5ecc845ae6a3f8d5c51e7f2c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/71554.35bafd030ac297a37d2b.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"18858-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKNHKWEB4%2BptvwIRL45MXIKjmb1z8MYXQ%2BXr2MWlD00y%2B6ZAowtwRMTQTa5FZLUNnrN%2FtJ%2FHLyz%2FQnjlwfepa3SCnuxTpyMUQMbyo2Nn5CU%2Br5BS4N%2FAwRAV6nzshJtbFGkI0Q%2BmyNr%2B%2FlvRcHk5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa541c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/31421.ced40b898074b2c19b15.js | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/31421.ced40b898074b2c19b15.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (12060) Hashce1c4ffbc40c7e9bf65f4228013a5819 5032e464391b595927baf62c1e4bf0034ef66d26 131db5cf2b0741365470de35e02d94da3de2b223b8c18e3ca3dd7c26af23d6e6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/31421.ced40b898074b2c19b15.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2f53-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=noHKENexArlvfBv4%2FBSCW3SfgtJjX4F6hv7oyomgFAJmjM60mHf%2BWIYc4gKFqnE%2BZiW1F1yNv0hq3qlkL3cPcxMUMDqAgbqx%2FzDEz3nvurlP71kbmGSOlkSaJymUoqGhVYXlLP2U0UBRAZTMYiM1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56da961c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/25653.f1981721227784f0166e.js | 188.114.97.1 | 200 OK | 164 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/25653.f1981721227784f0166e.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size164 kB (164235 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/25653.f1981721227784f0166e.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2818b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z9lJ6NnOdqPfl%2BfCvozPkhNnCCUqoAgH8q%2Bnz2GVcZuDXaFZGFBaSULWh8ChcJW0tcB0%2FAEcfW8QDAOlGdtwaSVpEpRBF%2F9twIHSKT3gaqak8tsESMxAAbisH7S9UIDEHAxdgLjN85uObdXUHdDz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649d31c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/94816.637e7c0b320aab380f7b.js | 188.114.97.1 | 200 OK | 87 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/94816.637e7c0b320aab380f7b.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94816.637e7c0b320aab380f7b.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1553f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NMvyANgl9eRLFG5rTvq6mzIrUWwl69WdnkA5SX%2B4EeJj59R%2FAwmOIs95zd8UGR9MCMVxgXmvcKBMvAY6ZNgzBa9xIBK9kC5hhstLpfvpXn8JwzH01GUOa3pQ9StqcJ4WwFJwfZ96mfIydBKQ3Ltp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf567a201c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/77015.48150de6efe657e3c6e2.js | 188.114.97.1 | 200 OK | 34 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/77015.48150de6efe657e3c6e2.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (33607) Hash81c3fc72ba9d6399582bf44261a7d3ae 1c226b78a91b94e41031384e952806a0f7df56b3 5d14345894349f81168d5cbac6e2427d0390773574634f6936e06680a832d282
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/77015.48150de6efe657e3c6e2.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"837e-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2BR4u9i4r8LyVP5vgIM6%2BDDaGiP3l6YHJMTC%2FqCs9fYL1Rw9Dh8rPIcamsT%2BE7HitsavfVGGUhI0S%2FMRsopykuBVd%2BcvOiOkc%2B2C%2BcZtoU2IFiTg29lTw67Ga%2BXdq07MH5ArCU4oHa5CgtofL7rU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa4f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/64999.3c0486790babc24c66a4.js | 188.114.97.1 | 200 OK | 201 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/64999.3c0486790babc24c66a4.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size201 kB (201090 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/64999.3c0486790babc24c66a4.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"31182-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RfAv%2B0r91Jqr7s3afe0QuiFoOPg1o%2BtUG1IKRiD%2BXe38CWCACjF2Oo5bXuSOZI1eQTB%2FolrjkeSkC%2FPsRFdPOE0%2FNlskvx9UQSjYea0t43rgAaNAURhNF9fqJABY0LmsSrWzKNU3qTzG5qyZiYk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639cb1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/5486.e277dbe0f48aff03f253.js | 188.114.97.1 | 200 OK | 18 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/5486.e277dbe0f48aff03f253.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (18439) Hashda488d066f499947444eb7a2c835e1fc 378be16a36214b56e040795885974a4e7d5635f9 1dfc9020a696de7183246e819d88bfd70298526c4bbe9042b5b39d3628cbaebd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/5486.e277dbe0f48aff03f253.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"483d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K2v5IvauCZkluzOTB7aCOugFHZUN3TK3IvPW%2FlKndHDbyQ2E2itfESetdgmYzWqqGCJK%2BLnx9VxyK7IhZvxmzPvbGn6dt6n832gpxARPrQoj3LViQwbLUorWTRGhkyotOMmFxy8hb4FYFYnwrOrE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659ef1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/48590.9d5fbcc5aac137b478e1.js | 188.114.97.1 | 200 OK | 38 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/48590.9d5fbcc5aac137b478e1.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (38172) Hash43c0247c5fd0d2aca49282b1f2e8b884 9c3d283f016f69a880edb60ebc384c9f39002a56 998a4388e4821fd233dad8d1faf2700c0c47741c4843925dd9252b1bd3dc0c50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/48590.9d5fbcc5aac137b478e1.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"9553-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YiQTgzLlyjTlZJrRemPEEnk2gxp4V9eUgo20VCbTGtEDJnIrcuyZKmR%2B%2B0j%2FWMujv9Ijiae5TgzBzmmawc1q7Hkc7fV7GZJqGkXaiwORDvIAFp3ctz9dwdRMP%2BwFyd9sxZ8Jfg76e9KkxQaMMRNu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf565a001c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/86480.ebf8826a7f33e22a6aba.js | 188.114.97.1 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/86480.ebf8826a7f33e22a6aba.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14887) Hashefa64bf325b069f9cddd3a1e224e7679 c18d2104d2ab6cf8599c57fc52d01faf8c48aec9 94139cd642069de9ba7621638c1dd08ff2703c859f69df7e24ee109f4f3cd250
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/86480.ebf8826a7f33e22a6aba.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3a5e-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=seBQX5VqPSJyAf4uRED8fz%2B8%2B3wDt8C4FNydby%2FLH%2BaIFXR5%2BI0ap1XlzJV%2Fw0TcTEqYIM7jF%2BG0csUga4Qc7q%2F2op3ipRw6qQHnGHylvyN4Uso8oWjlE%2FTrFaqxbiLI1L38LfWhW1WpMoh8iMtJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a031c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/74836.b991877dde75f9619c99.js | 188.114.97.1 | 200 OK | 20 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/74836.b991877dde75f9619c99.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (19958) Hash5de4f60b4efa8bb9454edb13d1cb9d83 5eb21a1fb900d78a23b781b715ee7f3eeb52b672 b6399a12a07f326a303c82e16981091cc42b529ea9f8b0c6986a0d7e91036692
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/74836.b991877dde75f9619c99.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4e2d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eMOXdnGiU1lIJw%2Fg9XkLG38qXRhCn5FlfWYLFwJdtwaIioD%2FOzti4R4RLm9xDZRSIFMRMl62nfKRVjJXPlsCbYH6MDy6ClSzXxpGXGzOroGl5vO0ayrfHMsO%2FhaaAjTJ3ygQ6JkLqgv20Fjo4TsF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf566a171c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/23777.2a4fc059cb5b5caf5307.js | 188.114.97.1 | 200 OK | 60 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/23777.2a4fc059cb5b5caf5307.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (59652) Hash264bf832f52128869c50c91968264bb4 95a54d2525f093719198bfa0aaa1c7ef8574cc4f 515cb4b2b1c5a8190e7a9f74c13a3539aa2f758af17a50a71b9832fe53a88f9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/23777.2a4fc059cb5b5caf5307.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"e93b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rFY9JNX1%2B90nl2hoswH682rDCTGm2Glwrl58E%2BEorCvFpLDXbyk2BDrxN%2BjJYLQ8CKLll2QkDbIo2%2BpUmdiD%2FY5R10NTcvVRZ67bGS2tFfRp4tdZukpbxl0EZcTYjhCpi%2BOIQ6NHW6%2Ffrc9FoXQq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf568a311c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/66888.79756ea63981ab2a6341.js | 188.114.97.1 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/66888.79756ea63981ab2a6341.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14863) Hash1d86b77c518ea58ffd94ca73f4ecf8ec 46fdebd87f50f9aeb25b1908c92995e8d39212e1 a2740f55ae9c5911162e7891dab7a0a23ceed7ff351fb7956bf02f2a46e68f24
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/66888.79756ea63981ab2a6341.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3a46-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iu6pSqXJxOP%2Bo24BPwEQeHTdVFJcQrEE%2BWz4HTVYpciPCoGXIC7C%2BjRASKUUA5PuUuetiAmjMGia4RbuVfUSQS0hpfI2kl9voETeqrUuvSNJxqpoB%2FVAQTJDAk8NsTA%2BM2JEtfY2RmJy5fO3OJdj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56aa601c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/26737.36ed5a81390b304d18a5.js | 188.114.97.1 | 200 OK | 9.4 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/26737.36ed5a81390b304d18a5.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (9496), with no line terminators Hash95d4749bd78c2a6b73af4d40c1072db0 d84ff435507b47269b7877de20e2b5637f2ada02 37b9c1afe404b4c5e7e36ce3374735666c8f23665a3c88ba38e3cae0192c1e46
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/26737.36ed5a81390b304d18a5.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"249b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UPpAZd0c1MBwSpxEkUxrJHqU7oxkcks6Ea97QMzmqjmezO7fGi73679t6hlvBd%2FovDqBjd3KLkNi5qk4XvKlM4Ma2Ej%2B04M%2BZuAF0Z%2BwUttlUjSVCas3fvZfwKZZL3MdLF1QWOb1f3ACXb4gaojM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba731c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/10991.d742d0d238c0d99e96ae.js | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/10991.d742d0d238c0d99e96ae.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (10475) Hashfa3d9476408d24313aaaa8d6794932fc 4ab50205305c760862e0892cdf69e397a73fab7a 1f9dc95a0409e1d5a703e72a1f03578ba3b0c28cc1e7177a2b7f46cd7056cd2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/10991.d742d0d238c0d99e96ae.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2922-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8HmKRfa2kMG4CDJ4C6iYvhappsTUxVDUHi05rVPuWgzllRFr2iZ0Ji6dPtPWX3NPIPXyGTH2z%2Fv2oWLS4G6YvcTFQykOZP6Lk1ybnyQUmhbvY2%2BjZTVwgWtjpDz6hUkLBNJaQJDWMMZKN%2BmIIyLR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639be1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/18409.4b935bbdaf404e1ee4c3.js | 188.114.97.1 | 200 OK | 9.5 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/18409.4b935bbdaf404e1ee4c3.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (9914), with no line terminators Hash5aa60c5a1722502712e8c6df505d4633 81a39b0f30fc6a4cf1dc23df5c165fa4d9dcd474 6120d464aae1c7b09b57c26824fd3fdd42710850090bd9e7221a526713cab5c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18409.4b935bbdaf404e1ee4c3.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2546-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLZVLhSbJ2kQHWQ4214eFmOGQ3BgbyGOm%2BkN2H5XWOCNs8jks3KTSDee0etm7t8RFm9dzhg4knHJqRkkqWOwZn%2FS9OPiuILJ07l0mMxbVzB0S899LXDSpRA%2BZMZ0kRqS7Zw%2F%2F34gs4KryVLNR5jc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56da941c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/58409.1811376ebb7f14b0be53.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/58409.1811376ebb7f14b0be53.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (13964) Hashb04469c4ff1a1e4369a1238f1a6e7e13 baa699271e0bad0d5d568f5d0cb2dac21f5a2d0b 2dc6a1da0d49480f89ccab794ec25a14cab0ca4034039ae26e39faccdda82a50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/58409.1811376ebb7f14b0be53.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"36c3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yyd%2FoRpAPCrZ%2BzRw2Im4ZHIcEejmwuuooqDO0Dk1uDQhLYCQyJ8pzx7clYDIIwCUff%2Bwai17z0vD3hhWzAj6NHlxKuiXle5bokD0KstLaIBAM%2BXAObaKBtW%2FUxv9mMQ9jzukxXeAaPNmLB1Ah3bj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf578b381c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/27043.105ce50242094adf158e.js | 188.114.97.1 | 200 OK | 91 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/27043.105ce50242094adf158e.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/27043.105ce50242094adf158e.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"16445-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P3U6nBfRaFouFlbfJpqoerqUSap%2FLo7vnWGX4xp8dyEJkobL6uDLfYbQFVQA0f0zfrbaha5oG8rWuboibzMF%2FWBmMBWBgCFTgA6eaRk9kk093srMwaw59lfoYkK1bRwgj2QgnQsOkZRCfEbtQmqQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf56ba7c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/e9e649f003bbece806b1.js | 188.114.97.1 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/e9e649f003bbece806b1.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (15715) Hash6a513e08bb57247ee2a7f7f28392d957 9ad8a8814f81f63d7e6302f913b45a047f2e8985 e6a791274ec54c4a3ac6c8b2f7a2689d04e9579f00b218e9e849abae247c0fc6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/e9e649f003bbece806b1.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3d94-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b0%2BhaHsUP5sEPWFqWMl%2BlKlpi9DqICBh9qfsKm1bcvfaiLdsktUu1%2FwDRiQfY03NZuZtvxQ9i6fiSd7LYAO0XIBnd36sPhGXoUSedQQ9ch9gUBo7Oora9ckt4P3AE%2FMFPJYv4Alr48IG8ixk%2FQwQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a3d881c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/46318.26a20b3d6c9d947ee7c5.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/46318.26a20b3d6c9d947ee7c5.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (14296) Hashc31c995e6b740c207b3c24a0d1145425 922fd2d139a1ff8bfb89dfec828ed4e52946f359 8faf3e169db9dfba36885821526edddb14b4e0c3feeb1f20786c3f2c51115831
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/46318.26a20b3d6c9d947ee7c5.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"380f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GP0RDTb3oUEnJtufRYnMWoaK3%2FOWyv23IsGSuH5T9Jw%2BQ3oA0gCqZXTnC0zLhIwXtFNaBydJwbnMfMmoMoM8930%2BRcCK1E3xC8gbuYnUiBRDuL92lVbC3PKgpOSr4cPROT0m%2FDPLeJajRbuJWV8q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5649da1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/shared.20ac0e19e560421c41a2.css | 188.114.97.1 | 200 OK | 475 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/shared.20ac0e19e560421c41a2.css IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Size475 kB (474928 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/shared.20ac0e19e560421c41a2.css HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:33 GMT
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"73f30-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzCfQhN1L6Kr7Lb3cd8g75DMlBEXzra%2FNlQD5ZkpXY3jyo5z%2FsI63y23tWE0lTRD%2BNvWrnR9Kn9u8VKecA8j3%2BtXzPC058MQQ%2Fu8sGI3%2Bhvils6zZjf92vDfjiB1tnPSHDnM3ojC%2FQPtYahzOtni"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5619991c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/94491.6feea119a246906e42da.js | 188.114.97.1 | 200 OK | 30 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/94491.6feea119a246906e42da.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (29770) Hash2b097f530ff3ef39552a90e18a8bd883 326b60321000b059a090e4ef046b9421d64962f5 dd4f80fbf943312c9ed47c07c0cd767cfa20d3657f0b50a5787704991ee85f00
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94491.6feea119a246906e42da.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"7481-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWctMD00bwn0DDEDqPidtf%2FvKGEUX5fLWBVCzkcKMw0vt6bOV6Qw43U6fp25dZPv3k25ayNAv71TOCfPmRe65MaXkRQQvL1NShvWXpv%2Bl34xYprOtqwDJ7%2B3M1PrTNgdqYgQhiFuwxzJiV%2FgFTVW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf567a1a1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/3c723e3c991fcd7cce58.js | 188.114.97.1 | 200 OK | 164 B |
URL GET HTTP/3login.restorecord-bot.online/assets/3c723e3c991fcd7cce58.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeASCII text, with no line terminators Hashbb871017dfff7157e3481a5dff8e4529 36e5c0824c189aef00bbd5f35387a84b7010227d 55aacccdae49dac44e6d8fb3cf3041ba4873558d2d851d0abe9ecdf99dc1e0b4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3c723e3c991fcd7cce58.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"a4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOaihGIOhMpVj%2BmwH6ccDPtuEJ3Iw4D9C76LbChwVqYhUPiBmCXXT5b4i9Mh0m96aX0u5nAjNCMJo8obgBlWoO%2B9xD4WYpCTwFkLqcQYT89CUhhcvk0%2BygA1rrfvrczEiyFzsq3EhuOQpfdkNGDU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a7dc71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ | 188.114.97.1 | 200 OK | 12 kB |
URL User Request GET HTTP/2login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ IP188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeHTML document, ASCII text, with very long lines (8134) Hash95a4ce54cf97a8509be9a66701984e4f 384a32399873a045e0f8ecedbf80edc815d9c089 4ff05b910d8ae875dbff0d7261102e7e2064384d571265531a4691853d6c88c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
last-modified: Sat, 06 Apr 2024 12:04:42 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WFIp3xnP0FAc551zWvQ6R24XVUNv7TQ7%2Bc7k4nbu5TGulVth5X9dTtyrQl2vym655hnBNeytkT6mxO9tVSvVqe4MUJvRFrr2UsdMszmD55uJ%2BSuYM1ElgfG7Ad7rkIRZc8%2BhNPc8pVp4JIS2%2BFiM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87d2bf531b1356c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| login.restorecord-bot.online/assets/43870.0bfb9a80f88725fba82a.js | 188.114.97.1 | 200 OK | 13 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/43870.0bfb9a80f88725fba82a.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (12536) Hash4a5dbaaa2de36a47b31cfed187c7010d 2dc2fe96364b7908203d990daadb8a927b3ad490 fbcde0bc982ed39ff1a8f01ed530ec98f3dc846c75b6323dcae398779766af74
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/43870.0bfb9a80f88725fba82a.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"312f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qp9gggYZM2FzaiClswstczcNu1LcCd8RoMhVx%2BGev3Cft2xhwLS%2F8P76O3Xar7xFWJfN5xSvLGTpajRX6u5razYiwacMFUMcYYMnsbhF0CDZgpzM1%2B4JZZPOm7Hvahs%2F7a0FU7KgygYyE%2B%2BKVPV6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5659fb1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/44504.4c4113c3ec609733dacd.js | 188.114.97.1 | 200 OK | 60 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/44504.4c4113c3ec609733dacd.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (59916) Hash34be6172cc28f54550f737535ee7406b ae6f7a023c57531df95cfce4b8c2faf862b922c5 419e3eebea240a838aa818a0ac9b57d607a52c7547cd9ee876bfb2bd84226e8b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/44504.4c4113c3ec609733dacd.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"ea43-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDC1ANr1z6R48YAhDakGeYywiPeHUOn0VigmRaEPfmxczS%2BmAu7ZNJ8Z3fOsm3ZMTakrPDSEC%2F7L58o8YdGozkX2HcodvsXum7%2B25uV47FjcsTmOAiQUaliOH%2Bl3nf476AkLwZ9LkWjg4p1TVY6%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a1d691c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/99b391e2f74aa1e0d266.js | 188.114.97.1 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/99b391e2f74aa1e0d266.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/99b391e2f74aa1e0d266.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:35 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3558-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L70F2niQKipq7nPGVG%2BGy4U3hTCx%2BZ9oB9gmnA5NcveUSwqterUj9m1j4%2FV4maSZVlg4txX126vhpy1HyKw38rN5mx4ufgprInHqLdM%2FlQZdpMQTUQheLxvtpiiZ6fmGvV%2BHlPXjuebCe4T2CCJ1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a1d6a1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/62783.e18caa1168cc95380ff7.js | 188.114.97.1 | 200 OK | 100 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/62783.e18caa1168cc95380ff7.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasha98ad4c95668e7f4c84026bb92b67cab 7491bc769395414fb0547fd10164defb59634ee3 68e24e65cc7a6af0a0d33cac04f39aca1e1e670d0c137724abe4a917975ede8e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/62783.e18caa1168cc95380ff7.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:36 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"18608-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fxyMlWURn%2FlbuLown%2BuOyjpeuDyeHuIiVzlfkQtMbNBsRq4PVnTQ2Q3EJo7rnXO3XvbEKVBgz0Ox6jcdpQps1bkDHO81h%2FIA3oW%2FNfy7uIzytoUxfe%2BoKoqk95pdMAjgjahLEJtSGgw7Q999wtzJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf6a5d9b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord-bot.online/assets/20117.7c4ea5cd4685b0442b9f.js | 188.114.97.1 | 200 OK | 56 kB |
URL GET HTTP/3login.restorecord-bot.online/assets/20117.7c4ea5cd4685b0442b9f.js IP188.114.97.1:443
Requested byhttps://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord-bot.online Fingerprint5B:D2:84:F2:4F:6E:A7:5F:21:5A:7C:D4:5C:8C:BF:01:6B:69:F2:B2 ValiditySun, 28 Apr 2024 21:36:34 GMT - Sat, 27 Jul 2024 21:36:33 GMT
File typeJavaScript source, ASCII text, with very long lines (55750) Hash3a328a58679dc7c65aede3025f694875 2b46354311cf752e3c734ac9e5f803bada1eea8c f6cee9961dcde12c0dbd889adb3579ab836fcaa34c99828f36856b5f1de9bb90
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/20117.7c4ea5cd4685b0442b9f.js HTTP/1.1
Host: login.restorecord-bot.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord-bot.online/login?redirect_to=/oauth2/authorize?client_id=1234271199555747840&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state===QPw4WSsVzVhNXNyIWdRNjYpFzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMl2ZU10QKRlS3lEVKdkSUp0RKRlS3lEVKl3aUpURoRlSHxGVKdXWVpEerRlSFhGVKdEbUp0dZVlS3lEVKxmTYF2aG12YoJESNlXVDJWesJjW0VVbJZTSTpFdG1mYpdXaNBzaq1EerpnT1UFROh3YU1kNJl3YspEWhdHaYpVa3lWS3FFRPNTU65UMVRlT1sGVNh3Yq1EMNpWT4lUaPlWUXNFM1clWwhnMZl2dplUNFR0T5dmaOFzYE1UeZpmT1cmeNNTWU5UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 01 May 2024 21:08:32 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"d9fd-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mGsb5OcyBTgf%2F8q%2FWq0AwLk4STRhWyeGcBpG0zFd4%2B%2Bs9fOikdHmkK2%2FYKra2X3l5dQHFxy7c4JOS7MnlWPgRlcIria9eZIMcjVHRSvUSGMXafhe0oDnU7BQWBwnsQLZMuVHq67xUswqTj%2FU9JBn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87d2bf5639c01c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|