| login.restorecord.pro/assets/7273.654bf842a369e2d3de94.js |  172.67.150.238 | 200 OK | 111 kB |
URL GET HTTP/3login.restorecord.pro/assets/7273.654bf842a369e2d3de94.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size111 kB (110959 bytes) Hash8da1faca35a6cf1029dfc42e48b9c810 45f463dd73d51dabbb399d6ae6a4c1f16019e50a 14acf9e94dd9a0cb4dc91e43f797654258398f2c91ce40aff16960d049111125
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/7273.654bf842a369e2d3de94.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"7626b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSFhfWGa%2BVe%2FUgMur3DCWRxHQVPwnMcdqYniSboHgYfDbYZbbns00Njbxxqwzne%2BFLhStggfdxclS%2BnRUSgIjK5DuIh44WWDOUremoQCFRVyk%2BEJgGWM3kNmecIa77xJi2Yf55yz0OM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5604e7a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/b9811218b3a54ad59fb2.woff2 | 172.67.150.238 | 200 OK | 65 B |
URL GET HTTP/3login.restorecord.pro/assets/b9811218b3a54ad59fb2.woff2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with no line terminators Hashc7621ccdd6a8ca9b681b2def747d72a7 61c3dbec477606bebcf5d6ccb58f26659651d0e2 135667d8b38dcb9372bf4d65eaa44fa5438d0b06831a2cd562eb82b8d44f4098
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/b9811218b3a54ad59fb2.woff2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: font/woff2
content-length: 65
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"41-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EgrnDRBNMMAuSOG5fQejdWMZYbMXThsH9T8veIovJ7ML3U%2F8%2BphxDQej7WisSOUkb5apy5e%2Fr1yg%2FHxtzZehe%2FsmX%2BgywbYjtqu2Cql0pPTid2hiyCQ3%2F%2B7RObDYJo7oTzK1IeO2tM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd56f8ab75697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/21396.259a270b7e3f8803a333.js | 172.67.150.238 | 200 OK | 5.9 kB |
URL GET HTTP/3login.restorecord.pro/assets/21396.259a270b7e3f8803a333.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (14756) Hashc74d5b820b3ada88a22cf587816c396f 6234d885e01df794f61cb4f40f67b2fb9f7adebd f693e1a4e6fac3c7d5a97cf8ebc5e28ec4c1aebeab83580734ca143563efdb14
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/21396.259a270b7e3f8803a333.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"39db-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nWv4p%2F613WY8yQWFq6M%2BZIXD%2F1Ns98rS7sb44RNaroHhoefNtTDZyBgmtWhCPHJqhhvXsP9zzaeTYG%2FqiozXJhQPujHCaBLmnsQm9cLcGTRpPPzZMR0Q5eyk6lIL2Li7fmXjrlQG2Vk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eac395697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/app.046be1857b9835ad19e7.js | 172.67.150.238 | 200 OK | 190 kB |
URL GET HTTP/3login.restorecord.pro/assets/app.046be1857b9835ad19e7.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size190 kB (189543 bytes) Hash548bf6aaee7185ceee59b635b557dc9a 75c298df5f2397e4218d17de297d781fe169b461 4a0fbde1b61188ce3cda8fdce6f655968b6264dadea210b0434dfbb667f1a4d6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/app.046be1857b9835ad19e7.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"a6f9d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7fW30%2FFT4P6D7C%2BGAjHDTj42kBj06r90vuXErGmNc%2BVwHhCjxPGnLgt0rjRKWqMC6DNP43k6xNlMJ9uP%2FN0hRWIwLPxneIWMw4V8rjW0gyWPaD%2FnctqxsYkZ9B7amcInrRikvv5H%2BSw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55e9c335697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/22843.1bda3edd4dd152273661.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/22843.1bda3edd4dd152273661.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (20995) Hash3d7d3c6641376eab526dc37c2a3aea87 9a4405500ec4685d070b940e3e58dbe95ebedf94 8bd28e45bdf228abeeaec72fec246300bf1a2d85ed2bec3710889cb3ad8b72dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/22843.1bda3edd4dd152273661.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"523a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LGF5fVL%2Fj8A1eXzutMhpvxNotXWPLC5hKShNEVttda92Q564t%2FNxETLb17QCKZRDlG56VDreWThfQHh%2BfqenCe03vrfLVb7ti%2FtN3QbY2sGLMQlmeqeBwwxaIYw%2FvtWcv3h8RCTWDEA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc875697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/shared.20ac0e19e560421c41a2.css | 172.67.150.238 | 200 OK | 90 kB |
URL GET HTTP/3login.restorecord.pro/assets/shared.20ac0e19e560421c41a2.css IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash91d3066a83d6d7f15b7b13c4399d3b3e 92083ad5968058123a27b9d00afd506305de0caa 78d0f8bf7df1c0cbcc7e155a1c03d46552700b155f06e754ea365039ea39b6a6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/shared.20ac0e19e560421c41a2.css HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"73f30-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gtiHSnAcQ3t%2FaxK8u2BC7bH%2BG%2BzJ0CW6xCimCJbi%2FfFiy3VKXTMbFzcp2Ut9fG8cz8mvvuz9Hr%2FaMqntArKIkiSZY68pU6mAbwinSW25muFHiADLMW%2BXQTv8covoe3zncbjSi28QxvE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55e9c2c5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js | 172.67.150.238 | 302 Found | 0 B |
URL GET HTTP/3login.restorecord.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Fri, 10 May 2024 18:01:18 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2BxV4UGJ8hBP1UK0OGFKgAKuSXtB%2Fc2oLdzncJYRbLXs4qtRQ4rwmtiNT11MqxHwq%2BB5sq4SwH%2BKgaIAe1T2fPsufyX%2FP0zPHO7Xzqt9E5UFst0mRxerTj7enI2f4RgYvuZLCYhRtqk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5732f375697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/13942.42b3309fce7f57e5eb63.js | 172.67.150.238 | 200 OK | 214 kB |
URL GET HTTP/3login.restorecord.pro/assets/13942.42b3309fce7f57e5eb63.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size214 kB (213614 bytes) Hashb57f45095b443009c496ab1c1471be7f e9af53d0e3e3ab155abafa07d23c79dae2c71f2c 408ebf752cddb6bc3782d7266fa4a7aa759bb9d4255f8d17cc7aade0ecb971b5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/13942.42b3309fce7f57e5eb63.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"225a5-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KVoKXrEbCG%2FeMRexxMm8IKmzghQCl8KbCo1DX1rbEzc8xc7Zy6fGk6Og0GGHaH%2BgzM1AcQNmtzjWNR602UGGcxGGzC62WO%2FpapslM%2BSr46QoBcMHlCElUj4bjD92uMK43zyhq%2BFNNx4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc8d5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/api/v9/science | 172.67.150.238 | 204 No Content | 0 B |
URL POST HTTP/3login.restorecord.pro/api/v9/science IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /api/v9/science HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Fingerprint: 1238551456508940419.SWaa0CizTp-7ICI8CQGbc7gE0Gs
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
Content-Length: 1025
Origin: https://login.restorecord.pro
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 10 May 2024 18:01:19 GMT
access-control-allow-origin: https://discord.com
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2BGq1LKLFn9Ib8KnUJsfHWHSLrTwyNx1zbPoveOALkNnVpImOb%2F15KEo07PsZ0CQ188xqu6mzizJ2TQVF%2FikNsH63vDMVv8OPI9yGKAbOhDNCs7Dmn5oMvc5HQ53"}],"group":"cf-nel","max_age":604800}
set-cookie: __cfruid=8ee44d745315a08dfe3394ed341379bcd24f2c86-1715364079; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=J.4gRFVKl.Gy9RXN7gr_JPXaBUnoItp.gZFtief5zis-1715364079239-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google
x-content-type-options: nosniff
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
server: cloudflare
cf-ray: 881bd574b99f5697-OSL
|
|
| login.restorecord.pro/assets/3c723e3c991fcd7cce58.js | 172.67.150.238 | 200 OK | 187 B |
URL GET HTTP/3login.restorecord.pro/assets/3c723e3c991fcd7cce58.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with no line terminators Hashbc49611951afb170abfe4cf7c4dbc8ac 84cb7d7782c9921dd209f5e508530d4a77e882a0 e1ffde7256445df9240924e2b221f3cc2e4e271a6050338085f4eba2faeb8692
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3c723e3c991fcd7cce58.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"a4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hf6cZe6atvJGW241uPMNHgF6X7nKykEqdZy5gFbEexhlUEtGhmMW%2BsPWqdlip1CDtI%2FagRa%2FPpjXZIsdX9QlhGKSj%2BjB5ExiLfiuLoJDAMvK7UREtJhb3jMP6lJ0vMqu%2BsTJUcxRWPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd574086f5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/22918.9f2b9d54bbfc371a4d92.js | 172.67.150.238 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord.pro/assets/22918.9f2b9d54bbfc371a4d92.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (18420) Hash5c6249fadadcf61985346cfe7e1b7245 0cd8c3cadd55dea165b09b350937732c9c63081f 79f170c6631891285f067a393d02bdc4aa9e270c83c2c0fc144882faeaeb71f2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/22918.9f2b9d54bbfc371a4d92.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"482b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IyatDMIMsnp0yiIuISk8H8x%2B2H9tICP1fOCdApP%2B6l2JKlLVaefFz5K1CENBJm7FnrLFifZQH6miZiYafjB8syf0G67QKWZ7V90qraCoz%2BpgTMBI6BAaaHavZxB%2BhoCOHEXodFK0XqU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eac3d5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/63550.a619020e4c7b3d5be7ac.js | 172.67.150.238 | 200 OK | 2.7 kB |
URL GET HTTP/3login.restorecord.pro/assets/63550.a619020e4c7b3d5be7ac.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (7909) Hash597ea58e25651a7e25b338e9010ccbe8 672aca6e2e41d448400704598673662c614ed353 a4d47eaedf384eb30c943a55aeaa4e6526ee627eec7fd479ae18ac2416f0d9bf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/63550.a619020e4c7b3d5be7ac.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1f1c-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cZyZoZ2Afg9iAfhD%2BioMyBjEd8f2APeaHRSNRRGzNQqtvxWlYvstun4yDx1B08eANF8IDf0qtzwfji%2FOGPEeRx1f4Jk24gN95MPB6dqh5KT42MPga0gk8FdJZRGz3culA6AAv%2FnVouU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eac485697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/68560.e27fd85667a295676749.js | 172.67.150.238 | 200 OK | 17 kB |
URL GET HTTP/3login.restorecord.pro/assets/68560.e27fd85667a295676749.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (49324) Hash264fdf0094b5d416ab5fcb70a1f52ca4 f76c8aafe7d2ea911de8ce22bfbaa66d974cd348 73487f57bc5d9a1a20ca844eea8d8e14799184ce34fdf2e31c70a502955b0380
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/68560.e27fd85667a295676749.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"c0e3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j7%2F7pw69zJk22wKiw2O7HBRUeXilJBN8j0csfBJgUPzsstxerevNuFLAFQv2hO58%2BgWQiO8T4%2BHraDp6ENyFcqY6IOM%2FesilQMFI211UOEaVImFFCXgmROqn8dd3UgBNoHE6C56v9uM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573cffe5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/1182f0e14eb94a3d391e.js | 172.67.150.238 | 200 OK | 9.9 kB |
URL GET HTTP/3login.restorecord.pro/assets/1182f0e14eb94a3d391e.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (36601) Hash52b599c4aedf6b6ffe9c2ed3d2b352bd 936cdde615c933061158424d3b8ee939c0f862c3 17968598d9e70c9e4261422b17902c0d3cee59654d9fb070842f392d2f760ecc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/1182f0e14eb94a3d391e.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"8f2a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CKg5RM044Fn7btS1%2Fnbop9kwZatOty%2FjZhbvtS9CSpsvlXrJe8d45mTGN5a%2F2HUd1LI6IzTmYL8GWdJNGoA809SeFdyFpvXMptpxon8R2W5RstZq3assbGymil1XtCxzFt5Q30mqVOA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5739fc75697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/9a02726c2f8410020238.woff2 | 172.67.150.238 | 200 OK | 188 kB |
URL GET HTTP/3login.restorecord.pro/assets/9a02726c2f8410020238.woff2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 187596, version 2.459 Size188 kB (187596 bytes) Hashe55012627a8f6e7203b72a8de730c483 4c43b88403ec9c3053d74b4c502bcaf99f594c57 8390503760c8f26556001a28e7d95e4a237a4780e7ceeebf0853ce252fde4ba8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/9a02726c2f8410020238.woff2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: font/woff2
content-length: 187596
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:24 GMT
etag: W/"2dccc-18d28d992a0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YyvaPhEUmbv0Q5EftoAoK2xRVbGC529xUfxv%2BPuaDOtwbtnMOI%2FuIQkiLk1WdROvAYm5yOg82oSHKTkjZiIqI9Lmje8m5apgaFCKrjeOJrk4CLGrwm4h9qbhZUmBAmJE94pI0Hhmkb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd579afd05697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/64999.3c0486790babc24c66a4.js | 172.67.150.238 | 200 OK | 248 kB |
URL GET HTTP/3login.restorecord.pro/assets/64999.3c0486790babc24c66a4.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size248 kB (247791 bytes) Hash8cd8d0bc5b146f190f282cdada0cadd9 1768219c0acb75e23d32ddc744dba4a7f5a2c69b 0dd66470fb37396f660fdeef19d012a9e00d99f03680a6a48cd55a9add5aa923
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/64999.3c0486790babc24c66a4.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"31182-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AsE2DFAQ5F3rVzTQHQ5Sf6YFoHzpJGV3K2rXB0olRHu038ona0cbhkBacSLonksQqatqR3S77eqAAOy8OBdXQxbYCkk3iA34grdepF3LBTwdIMNq6bZXAAFSitE0nNEwPEdUn2UDeD0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc845697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/20117.7c4ea5cd4685b0442b9f.js | 172.67.150.238 | | 195 kB |
URL login.restorecord.pro/assets/20117.7c4ea5cd4685b0442b9f.js IP172.67.150.238:0
CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (55750) Size195 kB (195027 bytes) Hash3a328a58679dc7c65aede3025f694875 2b46354311cf752e3c734ac9e5f803bada1eea8c f6cee9961dcde12c0dbd889adb3579ab836fcaa34c99828f36856b5f1de9bb90
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/20117.7c4ea5cd4685b0442b9f.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"d9fd-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UkaxgNgeoLwEAxl4S%2FgSBbTWZNdlfarFNoETSyTJ%2B71h4fgI8fuKRqllabTW0QxWDcwhlEpyzNCNhAU25%2BU8SG9k6OKarJSm4mLAJEMOVONTtMWAlzrACCwJ3Sqw6MVAjWXpzBV%2FFTk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc6e5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/5486.e277dbe0f48aff03f253.js | 172.67.150.238 | 200 OK | 8.0 kB |
URL GET HTTP/3login.restorecord.pro/assets/5486.e277dbe0f48aff03f253.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (18439) Hashda488d066f499947444eb7a2c835e1fc 378be16a36214b56e040795885974a4e7d5635f9 1dfc9020a696de7183246e819d88bfd70298526c4bbe9042b5b39d3628cbaebd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/5486.e277dbe0f48aff03f253.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"483d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R5n6gFLH5v4lt%2BLP0WkWA5TLr%2FhQ7IzGfa0sBIncAAC95II06P%2FMBUaEv6nET%2FFKY4TjZJx3mdmF9QTbZvPBByXkUY%2FUKtZUUCLc6GtpQnUdk7GMJ6hwyC9v5KboXNfBRqSnFqm4qeI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc975697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/api/v9/science | 172.67.150.238 | 204 No Content | 0 B |
URL POST HTTP/3login.restorecord.pro/api/v9/science IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /api/v9/science HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Fingerprint: 1238551456508940419.SWaa0CizTp-7ICI8CQGbc7gE0Gs
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
Content-Length: 399
Origin: https://login.restorecord.pro
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 10 May 2024 18:01:22 GMT
access-control-allow-origin: https://discord.com
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b3Rxxzwe%2FkHk3A1d9KNGfuLsrDDMwisaCWjQ4j0ITmUwHPG6W40S32gomy67vRJw8uA6avE%2BT%2BDAn7uuLsAlZVOka5r17R5hDMTKD5D%2B8GmuFeVNAvpkrD56ZhEk"}],"group":"cf-nel","max_age":604800}
set-cookie: __cfruid=b13d20974aecd370257070cca04b74d6ad177012-1715364082; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=31YgmNkQoU1yL4WCqPrt4QN9CRBMBenCBlR1K_moj7A-1715364082115-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google
x-content-type-options: nosniff
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
server: cloudflare
cf-ray: 881bd58839ed5697-OSL
|
|
| login.restorecord.pro/api/v9/science | 172.67.150.238 | 204 No Content | 0 B |
URL POST HTTP/3login.restorecord.pro/api/v9/science IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
POST /api/v9/science HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Fingerprint: 1238551456508940419.SWaa0CizTp-7ICI8CQGbc7gE0Gs
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
Content-Length: 751
Origin: https://login.restorecord.pro
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 10 May 2024 18:01:23 GMT
access-control-allow-origin: https://discord.com
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zd2Kqt2feuTWcMm%2BpmOInMQi2PMsRzmVXaaqZZgpzHlphosrxIs%2BomK1h5hgYmcD0Wr4ljbChiuodUzAU9m1UGkeT2Tz9D4Uxd9x7pEM0n7fiN42%2FssLSdzt1xiK"}],"group":"cf-nel","max_age":604800}
set-cookie: __cfruid=088fbd94cd2f2ceca34e15e5f3fb15b83e9407b1-1715364082; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=.WBxRrQsUZVcljDfBUSNLms4Na0YUmNVHdVBS_NzsnY-1715364082817-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 google
x-content-type-options: nosniff
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
server: cloudflare
cf-ray: 881bd589cbcf5697-OSL
|
|
| login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ | 172.67.150.238 | | 16 kB |
URL login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ IP172.67.150.238:0
CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeHTML document, ASCII text, with very long lines (8134) Hash95a4ce54cf97a8509be9a66701984e4f 384a32399873a045e0f8ecedbf80edc815d9c089 4ff05b910d8ae875dbff0d7261102e7e2064384d571265531a4691853d6c88c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 18:01:14 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
last-modified: Sat, 06 Apr 2024 12:04:42 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BxDz3VI76oQsm8KX6S6UoKOL8iAvErQ5fggu7z5wm4eAAWf1L6K9DQbzi97slGuvHk08MTnSeN1xxvo8vc3jxLAtKolxLyivNz1NL47dZ85mGzvjFR6BmVbnmfNJluO%2FbgEsoc30lRE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bd5592c200afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| login.restorecord.pro/assets/shared.6fd41c763b4cd504862f.js | 172.67.150.238 | 200 OK | 45 kB |
URL GET HTTP/3login.restorecord.pro/assets/shared.6fd41c763b4cd504862f.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashf2444e4ebe925f193c83f692cd8766e6 9d0c75a19d0693743e6429ab8da62f70184426ab 957af5a5dbcbbb943faca25af701c1a3d8839ad98d55ee5aaa401aa2f117ea8b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/shared.6fd41c763b4cd504862f.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1d0ce-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kwN68X5AjgWlhkkxsy23JUHLWD9gxd%2BRYub4fp4%2FXqnh91BopHGrLEdxMLFmCIj4YlCw8kZqKhx26IgcuZUz%2FJbWc19G%2B0Rj7hCF0EobzwuXmD2NRyVtfp4qekRsKFpQWJHaOKDlFmg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55e9c2f5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css | 172.67.150.238 | 200 OK | 414 kB |
URL GET HTTP/3login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeUnicode text, UTF-8 text, with very long lines (65533), with no line terminators Size414 kB (413879 bytes) Hashcf359de6b210f54d11231900de9c35ae 8125863f482cde1fd95f4596f9d77de14d2252ba ccebc2bc21a0ec232abad7f2f808b0cf1c6976ca6856169636ab9225bec4f51f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/app.efcb8c8bc767b60fbdd8.css HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"1e3f31-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qarldonI5nLbYcTXQQ46UA0qDCs7fCUHWXXI8baKy%2Fn50ZJ8SHdp%2FhZy4gp7ylGXR2%2FP%2B8e9borTEfWEe0WMonPvI%2F3yoYr%2BMAO8IjRHK2JglZUv3ZbDj%2F5ilLWf6OKrcdBOELDSbGU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eac365697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 5.8 kB |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typegzip compressed data, max speed, from Unix Hashaa33725c2d0a3d1c2f9c878d64914807 6e83d13ec860384a977738b04ff0891a01ab519a fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:01:33 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=oEX-FcgMlLCZ-LuvEB7pxNVLfKeFpEpEZGYR68o5BVSTuhAbyOHzaUuMX3YIZ_tqjoPEbTwEW-hm47YgKRKUkYq9PtXcJsgKsJ8EXxb_1NgnAa8eLQbqH54VvyhMDWwR
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| login.restorecord.pro/assets/26737.36ed5a81390b304d18a5.js | 172.67.150.238 | 200 OK | 9.4 kB |
URL GET HTTP/3login.restorecord.pro/assets/26737.36ed5a81390b304d18a5.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (9496), with no line terminators Hash95d4749bd78c2a6b73af4d40c1072db0 d84ff435507b47269b7877de20e2b5637f2ada02 37b9c1afe404b4c5e7e36ce3374735666c8f23665a3c88ba38e3cae0192c1e46
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/26737.36ed5a81390b304d18a5.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"249b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A8PcTtg4vNvTVnT0Uscr6Pnxa6uNqIyvDdE8EgdsBjbgtrkMAewLPVxQNY6kOa7p%2BQTMRDFd221skHUUIyiCYDsfYuaOmaAlZpzDJioQXk1CIl3syJRmmUNPALJkM7QJxHRLdmQuzAI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f3d1d5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/78033.af8587a9881dd8fba471.js | 172.67.150.238 | 200 OK | 1.4 MB |
URL GET HTTP/3login.restorecord.pro/assets/78033.af8587a9881dd8fba471.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size1.4 MB (1402833 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/78033.af8587a9881dd8fba471.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1567d1-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d80%2BS7EKPnWoiRhxCxLS6nKZA5J5DChaYP6py3TrEKdz%2FxtGdRFhEgwZJeJ9T3A3URfqwK%2BGi2Or8O7JiwCQSaOUKUHYQsjbIfJUJ5fsTXC9VbR4%2Facto91zLlS2E%2BWx8Ug4aTdBOBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f3d305697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/47498.38da6b2cf2f487359536.js | 172.67.150.238 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord.pro/assets/47498.38da6b2cf2f487359536.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (10010) Hasha4ff99b0bbadc5f521c2a07f0f1e3f93 30b17f14702fe71f825a3966b652f65705ec3c93 6e2b1b73e8b8dbf90920572224e0edfbf56fa6e20d0cede00321cb2ac91c1254
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47498.38da6b2cf2f487359536.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2751-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I4DNLZPAK8wp3hHaAiROpu6D%2F4R1a5d4j31RtwtgWzSSYo6q2N5x1dnIB4iibhDWu2JNVL1XOnsTOwjVudH5%2FhUGRKY0EBFFyipfxlZYjpCGSa3kbBqbQHKy%2F%2BJqPjx5hsZW1XkpYP4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f3d325697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/78995.c052e63a7b5574176cf3.js | 172.67.150.238 | 200 OK | 19 kB |
URL GET HTTP/3login.restorecord.pro/assets/78995.c052e63a7b5574176cf3.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/78995.c052e63a7b5574176cf3.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4b93-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4eo0uxeSq9uAB2mx2dlIKa2p%2FtPrufME%2Bk7YBfY5zFLy%2BpO2lN0eggCaAfnjAdnzamm%2Bvad%2FW5%2FfdDxbKAn9ZwoS9AdjHR4TQGK61T%2FxbWHnSyfRQn%2F7LMepTM1f8kDdgkGuWmp5yQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5736f8e5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/21251.87af35fe00e980d9651d.js | 172.67.150.238 | 200 OK | 22 kB |
URL GET HTTP/3login.restorecord.pro/assets/21251.87af35fe00e980d9651d.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (22100) Hash87ae3712843239cfd30ac976bd99940d f94f35e5ba76aa102c14972c75cd67728f6efeae e4f129ecb25b26e3644847541c531e34f3e0848bfdbb9f0f00fe97347bbd9db9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/21251.87af35fe00e980d9651d.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"568b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jB2paC7ac0Ia1yLJBPOvwrm0jC%2F4YvTxr5A0ynzahxVVhtLkFY6BfMePDIw4HYIusmUQQ2jtFN3O1wfpoTzFLartLnMPrDuRZJscfqAVD0PJVwI9d7WFLa2nCWfDqfUh4MT%2BlQRMJ24%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eecb25697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/75676.8481ee3ef6c0d7c670c6.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/75676.8481ee3ef6c0d7c670c6.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (13527) Hash502ff8e5505ed7ca0324277b0bc89a44 d72fbdd0644c128b92e705195be59364fe41d03a da6f72756a57cf6b4ee7fe8d1ffa539976246470d740b0434e62ce7bb3d4a60f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/75676.8481ee3ef6c0d7c670c6.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"350e-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1zpZcKCp8ZEjP4W2VzJjm7hDy0dPuOHbwFm6d6mPwEnv4SgXW71HPwe6RyrHIjIj%2BNl78W6L3urxGJd7adzWafYVzTEH5nWvGDBKlnZEZxaXqgOpvF240LjKTtff4v%2B8%2FYHEn%2FF7nHw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55efcbf5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/14786.f948127b41553ade279f.js | 172.67.150.238 | 200 OK | 179 kB |
URL GET HTTP/3login.restorecord.pro/assets/14786.f948127b41553ade279f.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size179 kB (178740 bytes) Hashd69e56d43eca67fdd7b58880418dad05 2c978cf96ee924c1eaf3a8e7f4f7a1df8a67bde7 1e625e5053b23ddf6c8c3c0775e2b7f865ad1fd8e34a3b67b0b12b714dafddd2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/14786.f948127b41553ade279f.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2ba34-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WBwHX9uPs5rM33smnH52DqudFDAl8h6XTXScw4YBT8z2CL%2Fi7qO8TyGeMF4XpimkGM9lGD5dEgjPvbJfZgho%2B36FX4aj3b2pR1S9N0XZ%2FWmd%2BdPudW8Abvgjg6R7D8nDMUlTgTDvADQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f2d0f5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/10991.d742d0d238c0d99e96ae.js | 172.67.150.238 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord.pro/assets/10991.d742d0d238c0d99e96ae.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (10475) Hashfa3d9476408d24313aaaa8d6794932fc 4ab50205305c760862e0892cdf69e397a73fab7a 1f9dc95a0409e1d5a703e72a1f03578ba3b0c28cc1e7177a2b7f46cd7056cd2a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/10991.d742d0d238c0d99e96ae.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2922-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3trjuo8tXYptz4LoFnWBF5lHzCuyp62%2FyjhfIIo0vvSCvKxufChAecKv3m3HaXUYA8Psqw3LpaIKSdPIYw%2FZZTQuTdtpRY1h1lLav4ndfbsMatZEVvM%2BnooRnq80ZzWticxqAKWv6Pw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc6a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/18814.2887004806e3f2dcb541.js | 172.67.150.238 | 200 OK | 17 kB |
URL GET HTTP/3login.restorecord.pro/assets/18814.2887004806e3f2dcb541.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (16511) Hasheb44fdac0aefca117662f9db435ffc09 bf2224f54fd833cad9374ec73e35425ca7850d0d 8e7a022b3c6e28ed485a3e73ea49864a44b188c56ff7f3be7ab7cd268662a33a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18814.2887004806e3f2dcb541.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"40b6-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TsgbhaNaABTlN%2Fs0gL8GKtwjeDppz%2BdZnrcyio7j2liBfFg1HZr5Xz%2Fr88nlJ1hJO2F91ODPNQhlb5COI6UxSWkdRe1NVo%2BSF7uSQaSfXtMPwmdz9GejhOwdPyAeFPXLY68n2k60NeU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f1d035697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/65800.d803fbd4c225782b31d6.js | 172.67.150.238 | 200 OK | 40 kB |
URL GET HTTP/3login.restorecord.pro/assets/65800.d803fbd4c225782b31d6.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (39520) Hash6ebe1a578a746f1da064f34508d700bf b27eeeec818818be41f90df32894c3c618d183be c5781d163c837d6d2c72081b42e6ac0b513ba744a8a2ef95b62a4be628fd0168
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/65800.d803fbd4c225782b31d6.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"9a97-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VOoZsRfMdRzrz7fV6hq0rQ6eGD%2FW7tA7DcbWI7tiuUqNn2FzXS%2FI4inNRV0VKz0w7zh9OetUTJsWN%2F6jq49Vtu%2FlDwoC7viI9g8jCd%2B9tgDAClSQeKJV7d1higjtiUx71YPfVc6uL%2F4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f7d6c5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/41831.ad048c0163425aea4d2e.js | 172.67.150.238 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord.pro/assets/41831.ad048c0163425aea4d2e.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (15734) Hashaa0f56ed2b08f1029037fc3d27925069 87365d2e6e51333ebd33cdc51cad33fa7aa5fc44 84267bc281052f153133ac0dacddd98dfbf3edaa99aa2b60f0ed645e90d1c0d1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/41831.ad048c0163425aea4d2e.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3dad-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eLHQ%2FXmoUKwccW0Xxbq1tJ%2B8gIqioQ5a2LAY9Z5nup%2BlRN6gHNK%2BkTvonSlpRA7ZZdUDxDNiEXRPprybMkhYBkAMLx9Bnm4DDnATHkBcgUbXuGuAYlZhsOi99AqjtBGK%2FGpuxr6Dw6Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eeca95697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/33547.5c46865f95647d249cb8.js | 172.67.150.238 | 200 OK | 61 kB |
URL GET HTTP/3login.restorecord.pro/assets/33547.5c46865f95647d249cb8.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/33547.5c46865f95647d249cb8.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"ee2c-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fcnEexgIWk9VrTlN5o7vAyLlpNrO7bs5ofMOiUXSBL0mWQNTX%2BU%2F%2BhSRWm2neQeJk0hnwCqRSEWGvwXBKX5GWTV%2F8StZt2VN2aQhh6pDCZh21mF6fA5Siwq0aZQOWeeCBcQaVYo7LFE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f5d555697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/47387.b94323b63bcf5c32ba76.js | 172.67.150.238 | 200 OK | 80 kB |
URL GET HTTP/3login.restorecord.pro/assets/47387.b94323b63bcf5c32ba76.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashb235b236312169e0db519e60c0d7eea1 6d34c175ce387b8bd435ce463d44706f08e9137d 03c0d5a0ff0b821c4ceff908a8fd7e62ea9b881711023244449f71455215d00e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47387.b94323b63bcf5c32ba76.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"13927-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SH%2BTO4vpN95k7sIft2BCdyyxAfONC%2FZcZAi3eK%2FEKt4S34WnLKvyxur7MdRrhrbpEIZh%2BN8z0mlJto%2F1sxU8yg19XXHH8QzG7PanEYdLuSjVOIce469G1jr8BO513QaAQOwPIWSV1Os%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc9e5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/40413.ee00763112ee8df65f08.js | 172.67.150.238 | 200 OK | 7.9 kB |
URL GET HTTP/3login.restorecord.pro/assets/40413.ee00763112ee8df65f08.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (8028), with no line terminators Hash0b2eb75acf108aad28037290505f993b 20c3bca016fb59ad79e807f379078b71d12da15b b603d4be2b12cf965a38fad6eb246c3cabc86f6b4370e7733d7495495a7ae0ee
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/40413.ee00763112ee8df65f08.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1ee3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pvX23ANCuTR%2Fuwulu3UMcoF4niFYi%2BaA4P1jMvX5Rl15k8WosoyiJGuZ3%2FAhgMGtITrs16j1QQRZD20Kst8i8Fykwnln8B%2FxjSya2pd5SGK4oXdS%2FM9jD%2BuQVcy0RGe66f%2FMqYi%2FesI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5735f865697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/64612.26d2bf1afbde26a43a76.js | 172.67.150.238 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord.pro/assets/64612.26d2bf1afbde26a43a76.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (15643) Hashe889f804c915f5278e961cde93d50e20 25e94c62cca79bfaba361e27e49cc687e72b74dd f3649beebf41954e8e4aceed2d74c5fcc81a61e1123b4190efa9a02f785977fd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/64612.26d2bf1afbde26a43a76.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3d52-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AES9TsZoHvTi%2Fx2kN4EdMCYZZIsjCviUAvywnCKkelOkG3J8WF5xn91z3P8yD7nt3%2FoU2fVfqrrdodCopQjBbQEsAyKu%2BdBB92aPolMxhb8qpTs%2BB2Gkf9KkUe4CEXowguFYGy17NHA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f4d465697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/20ac37ed2576dd48d7dc.woff2 | 172.67.150.238 | 200 OK | 65 B |
URL GET HTTP/3login.restorecord.pro/assets/20ac37ed2576dd48d7dc.woff2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with no line terminators Hash84b7416cff14fd88e25c7a5e808f96e7 141dc0f5c13044dad660a2add445baf5c472dffb d8c6f38967f6cf2d568e34abe3e04c2c2c195becd596c1cee7b9b83822dd768c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/20ac37ed2576dd48d7dc.woff2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: font/woff2
content-length: 65
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"41-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PdesIeIkr1UCYCZ7cpDlOtmmAPIW1UtdBLnTvSknbuFWEV4ADb2tbmAJF0CFBkpWQX8ZehlIfcoyuQ55yKx9JRTOk7Z4ECsNHCqZ0besmfpmfxEoUuU5UjVuh6vl1k0WKKwwdfnGfgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5782de15697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/18407.d0257553d76c1da19de7.js | 172.67.150.238 | 200 OK | 63 kB |
URL GET HTTP/3login.restorecord.pro/assets/18407.d0257553d76c1da19de7.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (62630) Hashc6070a74fc7828610536a88f4ef0ac00 58ff20e6b81343ce9fb04c9a3b98e96eeaced06b 5a52fadd5efd62ecee80f803d600055810fb7765497d80e95e8f61aa27286cc5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18407.d0257553d76c1da19de7.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"f4dd-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vbC8XXN1fl7IBTp85%2FXc0VKS6e%2F8BkiGMYf83xg%2BFwOicWFwQeWs6eqxX8MtOkd%2BYyWsjHkBojuLaM1pKrcYyhrYxpaVO1XJF64pWEGcLXuuxR9NPcDDSQ6LdUYSfRJ25y02DDDI8qo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eecb85697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/60499.862663374dc7b2606eb6.js | 172.67.150.238 | 200 OK | 18 kB |
URL GET HTTP/3login.restorecord.pro/assets/60499.862663374dc7b2606eb6.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (17610) Hash4ccfa2e22aa81b9717908bd2e198c04b 77c537671daf78c65664c86b2348a8901076b2f1 b7094a75dfa107fdacecb7d4de84339c5bbbdd4f7d138de620e58fcacae645de
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/60499.862663374dc7b2606eb6.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4501-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QHFVj5i%2BV45kzLQWRqXfJKpFP%2Fw2yee7iOBliXN0SIbw%2FPzcFXZI5SOnAnVjlF2wZvq%2FOg7P0E%2F9azInuvugsVS2Jkn2f853qYdNs8LSqCumCi0%2BwPYv3lGzFFVJ022vcpzdnOIwJA8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0ce35697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/17820.e883271a8a21d461b3cc.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/17820.e883271a8a21d461b3cc.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (14165) Hash3eab1ae6e3a0d5dd18c280bb01fc9426 e09de192241afa3b47cfd3420cba919f5d5bee7c a7400219aa005e47acfbedf2ca55d9da87fc8d4386888f6c995c03358602793a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/17820.e883271a8a21d461b3cc.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"378c-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lLI%2Ba054EZH4Fc7Wg9EsoGcqZEKQXuwDQ46Z3w3D68esxuXFkQwo3eauIdnJ5E6E5kYHDZIRXIyxM%2B3HigHQNC9fJG6TC7MLjvAkpJXEt0GbSSM3IiY4hg0CD7JEDDQILftoVPxd6F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ebc605697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/75851.82c9a7f8176d778029e3.js | 172.67.150.238 | 200 OK | 9.7 kB |
URL GET HTTP/3login.restorecord.pro/assets/75851.82c9a7f8176d778029e3.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with very long lines (9810), with no line terminators Hashac6ef2a39ee1dd9bfd9906c593a8ffc6 0770b44a9791f7bb2d95b3c44c79a96fdf08ac4f 99c9f93237bec55428a7d0199a1a1c33239ff4f3afc72f09a03c860961430ad7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/75851.82c9a7f8176d778029e3.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"25ed-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTUNMMejJ0ORLuaiO%2F1kri%2FM3uC7oGynotETNwRxx8rBuLy4AP%2BAp99%2FQdkJ4Rey801rGjXUp1jDQyqa7dmzeMq0sAmhJjMMXjqxTQaUV%2Bz%2FjCXVrBuga6ix8DMx3qiluit2hpNTN1c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc955697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/api/v9/experiments?with_guild_experiments=true | 172.67.150.238 | 200 OK | 37 kB |
URL GET HTTP/3login.restorecord.pro/api/v9/experiments?with_guild_experiments=true IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hash6fec2919e5a60315215234e5040e8680 df963127d88c0ab710ab85a064bab7fbef3866ed 788b2ced88c0e0647732cbd8f85eee0c5eca2fb7ed1e8d58b68da0c0db6be035
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /api/v9/experiments?with_guild_experiments=true HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Context-Properties: eyJsb2NhdGlvbiI6IkxvZ2luIn0=
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://discord.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-Resource-Optimization-Level, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujRANgyTupc2O5UuPAZiSAEoagX1gPUGfbKOUEblUuMsnFyqoeqc%2FDMyubbNZxnbU9%2BivpXXfRMZW8Tm6L31zEFBJZ9QFJZV99Ay7rrVfBDh4%2F8qFBgiUcmTK50R"}],"group":"cf-nel","max_age":604800}
set-cookie: __dcfduid=4d0f89000ef711efbf3b7687852448d8; Expires=Wed, 09-May-2029 18:01:18 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __sdcfduid=4d0f89000ef711efbf3b7687852448d8f3a1c09dfe72329b604afcc32b53024a5b284c673c6753a0d933e3de1fed4794; Expires=Wed, 09-May-2029 18:01:18 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __cfruid=8a034c90b27778d504f0206dd550b94428ead2fa-1715364078; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=A74UYTm2cb9Eo1OgsBL2wtXmu0iKcRJ_dllrEIF28aU-1715364078459-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 google
x-content-type-options: nosniff
etag: W/"912c-35YxJ9iMCrcQq4WgZLq3++84Zu0"
server: cloudflare
cf-ray: 881bd5711c7f5697-OSL
content-encoding: br
|
|
| login.restorecord.pro/assets/8e64227ebe6f34850334.js | 172.67.150.238 | 200 OK | 2.2 kB |
URL GET HTTP/3login.restorecord.pro/assets/8e64227ebe6f34850334.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with very long lines (2248), with no line terminators Hash4000d28d0f8e4feefa8883aec22cf353 f8f67e124e53daf7414e941168e01d2a9c812e85 817abe560796ce849f16ac01eaf0f4ba1ce40ccda95682cf3433dbdfc80db071
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/8e64227ebe6f34850334.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"88b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBRbFeLhgNKiuT%2FDjeoYT881oe%2B2GG%2Fk81bPZ7tGOtyfA1MFA65FSJK%2FlYavonh%2F2w5Yxsrh7eWtrKpQ9FzGt0ILqZVrNNcUXoL2c%2BHdOz%2BxCn2Gf456jkZ%2FIjLmKEOWXE8dtdVqTnI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5720da85697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/d8d8bb7602e34b57bbef.js | 172.67.150.238 | 200 OK | 164 B |
URL GET HTTP/3login.restorecord.pro/assets/d8d8bb7602e34b57bbef.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with no line terminators Hashf82bf1c23c9485e0017406246ad5bd7e 6edc2406e77fe53d60d5c955b76b6f34a5b3cd59 f110fea7669d1c9ada9bc6f23ebf0fa2ef1d58f2fc98b30d6d25de027a0b8afd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/d8d8bb7602e34b57bbef.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"a4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sLUEpUzSWpjJADROZJ9wzzWwANhsIm2LgdUP63T71cf41YYTs6mofadOFSjaCJv%2FdAtpa9qLXU3QydlYtHPWVJFBgjThyvBkEpMoCTqXMcLQZTpysGNUIHurXNYFcQaLzaQ5JpgZywk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57408695697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/1f3e315f020ed5635dc1.svg | 172.67.150.238 | 200 OK | 180 B |
URL GET HTTP/3login.restorecord.pro/assets/1f3e315f020ed5635dc1.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hash7be3d705f8fd758f30fdb6d593364954 469caeb23537d7152c40fca8e5a8c9a03013eb07 907d7bc2d1af895ac583237f9005822ad480c51fd03618f5a7819c3d71b62424
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/1f3e315f020ed5635dc1.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"b4-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hF2oKcrElfn9s%2B%2BTTE0SfYWTZRJGp6%2FvVJLYuMgsGZjOMOVhQEvrX4oKV%2BHWA5FNIoBlUIGIL9EgYb4EKivSIAmBxwgeXDdgMWtduA4bJ173Wp8qjlKCu7evafo1SVlGQRoaRIhdeB8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57408885697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/1af9bdf041e000508e41.svg | 172.67.150.238 | 200 OK | 137 B |
URL GET HTTP/3login.restorecord.pro/assets/1af9bdf041e000508e41.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hashde7079c084523cbb534e908927ab5519 cd4e81dfbcc142ff38ac775c9302f26d3bd28fa0 b5d51114897461dedb697b36086385bdc8b62f56da6914fcec198644a96aa65a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/1af9bdf041e000508e41.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"89-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QcED0sYoQp1yA7hON%2Fp5a6NPloDtekC4n6Rb3YEff3GtXr1Id59TgIc4YWredTiCctwvghrOSJMFKwpthdVwZCqgrl6ydqNbpLJPd%2FnwnIiXOasX2JzGp2zanccVqp%2F8yw%2BV91L7Gyk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd574088d5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/7442b576347c1d02886f.svg | 172.67.150.238 | 200 OK | 395 B |
URL GET HTTP/3login.restorecord.pro/assets/7442b576347c1d02886f.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hash3e60ff1de94af19ce4bc825b9d2fd18a c5a4ae459f6596bdefe85021f198826e316b4198 8a32440759eee1d213b1561c980ebe7856fcaffa11588a4b7131cf83fb1c2092
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/7442b576347c1d02886f.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"18b-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sIQaf1G18IUxMfQXkQkZfyPbaY618xNc%2BMQCiZP7mJaXMSR1TeR7oNCMuPcodZPYgQVkX1RUFYCKbuSed7aAjU%2FqCyivBZEdAk2hPk2e%2BM%2FHma9SeYAXkCj3GiaIVwd5wkGB9FdVlWk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57418935697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/25f1e66664a140ac84c9.woff2 | 172.67.150.238 | 200 OK | 182 kB |
URL GET HTTP/3login.restorecord.pro/assets/25f1e66664a140ac84c9.woff2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 181532, version 2.459 Size182 kB (181532 bytes) Hash980082c4328266be3342a03dcb37c432 4179f54fd61655067a20a2b37224fde3d8e5024e 1b03dae61d613604b3d41d61cc4bc2e05f19bd27c7ff2638242f9036f2b8794e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/25f1e66664a140ac84c9.woff2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: font/woff2
content-length: 181532
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:09 GMT
etag: W/"2c51c-18d28d95808"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EzzZIZdR6OaRDuTOUiLTiiSpnQbhwhBg0wZ8XI2Q6uDDO2ieKNTZv6NkH51490bwKVTWmkuLTSEIbz7MmucWLhJIXmvX07s1IcwK%2BnUsUawkMKq6sq6MR1LXcPPW0WBP8DdRpS0cCHo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57438d45697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/71554.35bafd030ac297a37d2b.js | 172.67.150.238 | 200 OK | 100 kB |
URL GET HTTP/3login.restorecord.pro/assets/71554.35bafd030ac297a37d2b.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size100 kB (100440 bytes) Hashba52e5e9910264fad8c8cc08677ff419 2a8303994f8bf6fbce44a9198fc69f39a41b8af6 e6eebeabe896bd729ea9001e3049ec54e5438c7d5ecc845ae6a3f8d5c51e7f2c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/71554.35bafd030ac297a37d2b.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"18858-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pQQH9ma4yR2ifG6UQx5el2Dt%2FodaLgr53IUMDYMiJ5p6GBFsaZrQSrUWat3PxV17UREhYqq4VV83%2B3HWCbg4fOfVxEX7QbC9%2F3sLt0ScC4xRaPSuO4VFLhRZk8zjHq%2FOh1EqVahdS58%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f2d055697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/81161.16bd418e776559e11cd2.js | 172.67.150.238 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord.pro/assets/81161.16bd418e776559e11cd2.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (15686) Hash3c97dbccfd4e8411ca557fa727fd0a19 f35fea6cecdc989d2850b9a1f7abd2330aff5133 ca76d86c4f5150906a316d1ca088cd09eadbd882971821fa6e030127b81eac32
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/81161.16bd418e776559e11cd2.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3d7d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYSZBYduRl6GqrDxbStOWhVpFuR2QV6QX%2FzRnNck%2BeqCYz%2FORfX2EIliwAAdeTis2sWKm3gLF5QNMlr%2FuUIm7kN1LsombcUvEGINo7xS96FSz3HMIGw9on%2BaA1hihK5cNhRTs%2B3Tajg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f3d1f5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/58409.1811376ebb7f14b0be53.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/58409.1811376ebb7f14b0be53.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (13964) Hashb04469c4ff1a1e4369a1238f1a6e7e13 baa699271e0bad0d5d568f5d0cb2dac21f5a2d0b 2dc6a1da0d49480f89ccab794ec25a14cab0ca4034039ae26e39faccdda82a50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/58409.1811376ebb7f14b0be53.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"36c3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K44amlJqKfekwPrpNAVTPuKfX9J%2FyaDxO4ah1adOZEUrV8K1340ukOFmBZwKnOy74kLQeGoWR1cPfMzMAZtVxafVnWRa21oV8HAEgWc%2Fsrri8YKAXdj9Ve%2Bjyrm%2B3k8dQeBEslaji8g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55fcde35697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/96634.06d9840e14d8b8f41b43.js | 172.67.150.238 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord.pro/assets/96634.06d9840e14d8b8f41b43.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (16229) Hashb924f4be14a3e2330a86646c12dd033e fb8f63674d6d1b4a937d5e293bb46a10a384bc03 d65f5776f04bea788fecab1869863fdbd743604e16b45c40a3a5c91029b80057
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/96634.06d9840e14d8b8f41b43.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3f9c-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oz0myzwXVeu0CCPKfzP2YhirVzvrybht%2BbSVc2O9%2BzuoBwKBSfiURxvFoxDa%2FTyZ2qAt5tqhN%2FE1ATqGY4NEEJ5IzrpwlWACuEPJx2YjicizHjus%2FLufLPuxQ26zIC1cZ9Syh%2FlmSeY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573afdd5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/13798.6a2a5ac1a86675c94b6c.js | 172.67.150.238 | 200 OK | 7.9 kB |
URL GET HTTP/3login.restorecord.pro/assets/13798.6a2a5ac1a86675c94b6c.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (8182), with no line terminators Hash81548497b4c074d04063c9f226154ade 3548f8053d9df0534168b499bf42407d8e573e2e 13ac083b959b6c894e5118fd5a686a4985575125a984190c1f7454264cfedeed
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/13798.6a2a5ac1a86675c94b6c.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1eb0-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kXfSyxudnoJAUJR%2BkjNkgeDex5ICPLdKzDLzL6VFIfhpcYNXlrAQMcU5Mwl6oST8W06nmGN8F2mwq6t2Fb0Aboi86XGeW7yI9DfCWJ0HEn59fMSQpcCIcJ8jf9A7Mv9o5ce%2BmJgsVsg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eac455697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/web.a572a92ab0a38d32b311.js | 172.67.150.238 | 200 OK | 116 kB |
URL GET HTTP/3login.restorecord.pro/assets/web.a572a92ab0a38d32b311.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size116 kB (115711 bytes) Hashb97d0dbd751b156ed94ff7be9e299ec2 a7adab0116d09edf46e2fc7ddce04b410cac250f 866bf767de1021c0532594c9493db97ea678bb09641905230423d3276937fc9c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/web.a572a92ab0a38d32b311.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1c3ff-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9HqXpBAlfqetFaElqAJ7HanlsHEZ4IbTt9c6uRYUYAO33wnhztzAGot5KR%2BrVRVPU6x6vU37GbGiNpGlVgMQIgtI3UpyYwUVUzU0f%2FMQ5mXfsRsEzOgQBJt1Sa3X%2FkaiRzDt5qPv4fQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f7d7a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/31717.335393f06f604050b43d.js | 172.67.150.238 | 200 OK | 65 kB |
URL GET HTTP/3login.restorecord.pro/assets/31717.335393f06f604050b43d.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (64808) Hashf21348f766d7fce1d259877b826da099 73baf8dd6916a60dab75cd1879feda4b29a090a8 bfb3e51c1397bb6498dd873eee144f50271c74c4630bb8ae0d55a1da8aeb9863
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/31717.335393f06f604050b43d.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"fd5f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tIuiuFYbgn16IDHIYhXpgcfWBbAIK%2Fqw9CS8gRS3PC6ibNOHCiem%2Ft9osqE9V45Tpv7q9mP1WDwpP2fKs7RMQKIxWWHHNb4xv1dc0Ipiahaj1PcVwrnOnXdcdsLqn4JiCZ2LQuL4rDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edca05697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/44d5e1639bc492dc8d62.svg | 172.67.150.238 | 200 OK | 3.1 kB |
URL GET HTTP/3login.restorecord.pro/assets/44d5e1639bc492dc8d62.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hash02799b7410be627fa7a88303875c8132 4cd594b6972f1081641e15ec286e9bf5a6786b2e 004f3b15b564c0aa1283e18e84b1f4bbc714f5ffedaa5dabd7281c01b08a559c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/44d5e1639bc492dc8d62.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"c4a-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rDwcUxEgj4FRsT3hOD%2FmpJI0%2BATGvvdbaH2j4RNbcp9Doqtx5sHwvtY%2BmB3P7u8Yq8XzBS0zhR35OkcyyIFCVSartpQhZUi88oc82d0SgADUkmuTJhpLIl1e%2BZOCbAmczJWoVZcyrmY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57418a45697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/sentry.1e20f9b7b3b2507e0dc7.js | 172.67.150.238 | 200 OK | 8.0 kB |
URL GET HTTP/3login.restorecord.pro/assets/sentry.1e20f9b7b3b2507e0dc7.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (8219), with no line terminators Hashf6c12b3561afb0c5be1c10e2085c10bc 82e6c80f75bd4500d11b8a8eeab09258913fbc04 1fcf9bcb46efa6f11a6f1b081012b0dfa29746b084197a8b57f6cd0288e6646b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/sentry.1e20f9b7b3b2507e0dc7.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1f4d-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwJcM5742P%2FAhHSC11W5rG%2FytC4TsnkvSEOwM%2Fv2jhglFaX3eLXe95nkKmaEYvCspSWQQsDSUvs3MWpgP5wEVk%2Bm2af3XdY4e7S987k9tmiCgVflvVITIfUD2jey0VXWNE26h0Sw22M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f8d805697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/09563300dbb31ab193bc.js | 172.67.150.238 | 200 OK | 164 B |
URL GET HTTP/3login.restorecord.pro/assets/09563300dbb31ab193bc.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with no line terminators Hash8e42afb6be6c7e5cb3f80a429a9b38a5 9f69a17c261ecb637260673bf19224d146446522 e99ddcc2b404b34c865bf9b0476cbf22be543672d12349f58aa61d5905898014
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/09563300dbb31ab193bc.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"a4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LUm7%2Bzi8mCJmW0QxGicZyzOYceVzQ9vMmYFbM5GIt7cI5%2B1eXZ4J8A22yMOIA0N6hcMvvG0o%2FQRzwlCVex7dipZey7ht55Rty4Z1shzBlEtO%2Bf3TKCnG1gJ4JPVwAcWJ9zGDlgjheb0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57408665697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/3205da2e8f78633583d0.svg | 172.67.150.238 | 200 OK | 688 B |
URL GET HTTP/3login.restorecord.pro/assets/3205da2e8f78633583d0.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hash845877ca568da4ce63844760bd808400 c25334314d5646fa7bdc85e171bf96d3d4c6e794 cdded65b4ce8893fde73a93b00ee2061dbdabdbdaba65f0fc61631c17ce980ef
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3205da2e8f78633583d0.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"2b0-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D2ac3nWWOKvIbunrQ%2BC1TZFh3jCQrdPErz51ZO3Hy2fQZsQq%2B1DsyId79kkY4UDZ9Ee3T%2BuaBnPnjX8a3vZnoc7gfL0jJyOtbLYIPm6%2B7Z7JKg1azj34AK55RV7zvD44ZOhdvvK8pcg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57418975697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/66701.1a83dd6990836d80fe7c.js | 172.67.150.238 | 200 OK | 11 kB |
URL GET HTTP/3login.restorecord.pro/assets/66701.1a83dd6990836d80fe7c.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (11178) Hashb2c21f2a66a342876b66fe2ccca32047 d6c8eaedf6bac6cc072935d1607b9387d912e2a4 82651ceeb7e2bd56422c831f2557e259f8e3ce6cf4e47020e5f0b4f13c81562f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/66701.1a83dd6990836d80fe7c.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2be1-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TghcNxtTpBx1reuhftDAaNuQre%2FlVAcw5OeoC4Q%2BM%2FrHKlTc3GQyR7yMWCeA4UcfD8G8t7IO9JmoK%2B8t%2F68hS8ABk5ou5YRTpaSaIJIxpvWEL%2FTo1%2FtvZJ0w2x%2F6UnYjzdH7gE0xHwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0ce05697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/37102.04489c88475d6b93636f.js | 172.67.150.238 | 200 OK | 19 kB |
URL GET HTTP/3login.restorecord.pro/assets/37102.04489c88475d6b93636f.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (18523) Hash6a056d7583533ca1f6f22eb59c25f71e fd9008c3477be5b59118cec1d51e0d5942e9511a 93ac8375ee2ec8788c40ffd8afb828f87d2e3b7a718f346cd92d353f32cf3754
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/37102.04489c88475d6b93636f.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4892-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHRTAZhlQtRDo2U3Di4mJxCkCxEqZWxftB6BIfa3%2Fp86pkin3YdHMVVpbK9VaI3LVa%2For97jFPCCEXR5yJHVIwFRX4sIeHAWMaWI1xG7gLRLlvEFZ2r1VC0HFQ6pC4W4NMxuTkUIzW8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0ce75697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/41611.7d797575820892675652.js | 172.67.150.238 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord.pro/assets/41611.7d797575820892675652.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (20820) Hasha290ac62b9753650e23d6e78ea4af855 417747142045ca3f2e616d389c0e678c3d6bab48 7140411b3e59a097ef31914fad63941fcc863cbc7fdf7f8aca5ddb67f9a6388b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/41611.7d797575820892675652.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"518b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4fBB0k1GyUESwZWJg4yW5nMvJMZf3Entbv2RvTEar2helJOSM5%2BYH0CQwITb5cPE%2BYTxWGfmB%2FQ8HQMRDWpDlebaS%2FA9ss%2BCg369vBraVhtswiprQ%2B0OCf4dtPpwmeiUynNEuXeIfyM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0cf05697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/17605.396d4d0fd6f31f0ccbc9.js | 172.67.150.238 | 200 OK | 149 kB |
URL GET HTTP/3login.restorecord.pro/assets/17605.396d4d0fd6f31f0ccbc9.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size149 kB (149407 bytes) Hashd76190debc34ded2033eb596d275c6e6 1d65e4a7e5bc735bff02c5fbb1dbc89d31cabb6b 8069a865a2a03e1afbe4b88edf980d24295d5643a48e180f71f84373ca3d76d5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/17605.396d4d0fd6f31f0ccbc9.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2479f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dUZWNGb%2B1w4eBmvlB3Y09hKLjRc%2BklxHhGwbQBw1ASr2MU%2Fbkh%2FsVg8ZuVJhoQcXQwfYnHASL57SjC%2BmDt%2FW30i9SJnUQKQfUpkYfDdN1baOc8Y448Xibn0ExF3XuTfADFULbkyNV14%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f1cfb5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/69628.7b15742208fc0d4aa02d.js | 172.67.150.238 | 200 OK | 91 kB |
URL GET HTTP/3login.restorecord.pro/assets/69628.7b15742208fc0d4aa02d.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/69628.7b15742208fc0d4aa02d.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"164df-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=habjls6a6BSp0H%2FvDa6fNPvUKy1X29TxJ7MuIEcmoUcJhMCrY6VoLQAmQueYXBNjwY17LFjTeuJJbjQYWTWq7L5AXFUqRd2mJhYOyBV135pd6s9Io6j0WHTZx0s%2B8Reoi6sI67%2Fl%2FwI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f5d525697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/58166.4ec31e1810af6eda852a.js | 172.67.150.238 | 200 OK | 38 kB |
URL GET HTTP/3login.restorecord.pro/assets/58166.4ec31e1810af6eda852a.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (37774) Hashce66262030ddf4d78cd0600c1706bbca 195a3af6bbcd112990859fffef3a9b92a777788e e8d1036a715eff98d533a5edf5e91f079e9eb7482fe9c2eabd6df44d51d3eaf7
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/58166.4ec31e1810af6eda852a.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"93c5-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XgUnkKy0lAQRdduW3ZzqIYeaFBDYVISx1VrRbB461apa6Z3MRi8r2klsiGZ6q0wa7%2BK2MAYJqYxDwoGk5Aw9g%2Fla2S3lLpWyZaUKRkT119ZM%2FPyVGV5oHGiIFIm2bgWs39VpMyJT9dM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f7d6a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/55695.a2abd2a754a025899810.js | 172.67.150.238 | 200 OK | 959 kB |
URL GET HTTP/3login.restorecord.pro/assets/55695.a2abd2a754a025899810.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size959 kB (959311 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/55695.a2abd2a754a025899810.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"ea34f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fruVWdMgwAgs0op8pLWcBdo9n%2BJW8LsuzaqAf0se7Lgd8icRrNI2NM4azuipbG9wilDQXUT7pn1Nfo0O3X%2BA3oXia9Pr60odUuSwIyC%2FBNsWOwXvPh7ENmcWEBQFxA3wQRrRV7Uofn8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc7e5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/25653.f1981721227784f0166e.js | 172.67.150.238 | 200 OK | 164 kB |
URL GET HTTP/3login.restorecord.pro/assets/25653.f1981721227784f0166e.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size164 kB (164235 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/25653.f1981721227784f0166e.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2818b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZloXDMghE2vwZJbhpFbErnXyYClFNB7r5LRzJJJ9y4tP1zoWvn6KGMGnC1EhaKS1cX8%2F7M5zbDf%2F2%2BJq7MaoBOTZKNDwxjqyoBsRUcXMOnFveNGVzOZRzaVaW0S6ZPgMlbLV2QIdRxs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc895697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/94288.dbd73ecb6b1482a870b7.js | 172.67.150.238 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord.pro/assets/94288.dbd73ecb6b1482a870b7.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (9979) Hash38d4ac71291ec9223ae33b9ebb5a4e89 7282b3fb164396d9510224b3040a89902c825546 9a8d5847b100e711a41231d5c45682b01b8173438f96c52667fd872976c18cc9
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94288.dbd73ecb6b1482a870b7.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2732-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MVaGGV7Mq1i9Q1ZEfJaBBd%2FY1RDjErbri0azl6NeqVf8UjWrzI5qqYKTyUKw9vUHUeRxShZkjBQXqCcMu1JJ7MuL6PRuxcJ8Lg6y7EZteM66tXdEJzVviV%2FoXCgw49bfRwxznB%2BVdsA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5604e765697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/799ce01abdb0da7bdef1.js | 172.67.150.238 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord.pro/assets/799ce01abdb0da7bdef1.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (10064) Hashf9eab234b26ace83cf074c0e8ee41795 7400543cf80242671ca9f63aff06b4fe7e33c3e2 99c1fb6a35c0b13536fb0ab5c1afb16fa359fa23e56d7c50fa86207f10e082cf
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/799ce01abdb0da7bdef1.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2781-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oU7TlWNFGSyX7yzUpe2%2Fh5ye3tMVSqJaQqnpV9A%2FHmQD8wNWvrrlcR2V5oMDORbEG7EzCUFm0WCz%2BG3zmNBrCA%2FzfEjj5O4ePsB4Mh5QmEvGuwBQHAGaewiRG%2F2BztOf0%2BwAZIHWcDU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5739fbc5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/321a07cbc6f5919dbce9.svg | 172.67.150.238 | 200 OK | 139 B |
URL GET HTTP/3login.restorecord.pro/assets/321a07cbc6f5919dbce9.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hashd8307f61f76f425f8834fd27a04c1b3e 5fd275de4826b418e24dfb34abca1dd2d6397b78 e05e223815347635e74c037681ab5036542fbd6c1a0f08a9c923153ccf837441
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/321a07cbc6f5919dbce9.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"8b-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4CqCEIqvoQSK0q0HCSdIZo2hY6JAmDFoClzlvgimTXZdcSE5iadpreF32t8s5n9LRmat3SaAvlkCwKbp1egITiZ%2FPw1vL%2Bx3sU%2FwP%2BzghZZ5NaONq5pOtvhw28xIJKj83%2B%2BF6PJNcJk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57408745697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/94491.6feea119a246906e42da.js | 172.67.150.238 | 200 OK | 30 kB |
URL GET HTTP/3login.restorecord.pro/assets/94491.6feea119a246906e42da.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (29770) Hash2b097f530ff3ef39552a90e18a8bd883 326b60321000b059a090e4ef046b9421d64962f5 dd4f80fbf943312c9ed47c07c0cd767cfa20d3657f0b50a5787704991ee85f00
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94491.6feea119a246906e42da.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"7481-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RSqg8dXoAiwN8nnlMMLDAEcLbrAo0j04xXW8KDPlbGNu2zj7lavdGDFbGlDlsA4Y%2BDysy2xgaYsVPhT76UPXNOGLT64WYt5iK5sFiXGlmOpZqfHaJNV0HJkORFeNhH8lPcaN2e%2Bi5O4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55efcde5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/44504.4c4113c3ec609733dacd.js | 172.67.150.238 | 200 OK | 60 kB |
URL GET HTTP/3login.restorecord.pro/assets/44504.4c4113c3ec609733dacd.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (59916) Hash34be6172cc28f54550f737535ee7406b ae6f7a023c57531df95cfce4b8c2faf862b922c5 419e3eebea240a838aa818a0ac9b57d607a52c7547cd9ee876bfb2bd84226e8b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/44504.4c4113c3ec609733dacd.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"ea43-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U8cxcDpuKh%2FjUCAt%2FYDoa7xY91PM%2BxknJBbuuZtCNwAHUknTObK7VjU8Z5szNC%2BTAZPP%2F8vgaP%2FR1favnsBr93UXLc71iMGTbKpmIRMaUbw%2BLfuTjgLWRvrRo3yjDRP4fH5ElogPF88%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5737f955697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/99b391e2f74aa1e0d266.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/99b391e2f74aa1e0d266.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/99b391e2f74aa1e0d266.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3558-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=29YmBjKRbwsgNVBppnqwK8pCdvojtUmj0L7nECVsUKlIge0xR7zSm5c8QiCwPyCDClnHEdhVZoRD6PbPMamgw2pNCYlvmTHssZndTRFeyUI7YdN7zPn1lbgQgw9Jh5M9jq8QLeg99Y4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5738fa65697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/94381.75805595bcb471e9283c.js | 172.67.150.238 | 200 OK | 17 kB |
URL GET HTTP/3login.restorecord.pro/assets/94381.75805595bcb471e9283c.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (17283) Hash1d9461b1a5901db3a1913721102de7f6 b5aaaaf164bd8d45b150d86ec7580dd08743efc3 8fee5c60698b99ceefb3b9443339bf6ae1b610b3e5df65ef668eb1dbc8643dde
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94381.75805595bcb471e9283c.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"43ba-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SC4gb8qEfqo75gyhe7wh8IuzeAUMZw4GGS4HyEBZUm67BHpaOYU1PPB6sgenVkWQzezZUjxFWwP1f%2BuTaQRdpQqXNBbppgYAWHBPzbOH7S%2FqPkwqruHXrA5E183eHnK5jwM%2FinauheY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f6d5a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/65225.45a68e44217bdc89eb40.js | 172.67.150.238 | 200 OK | 76 kB |
URL GET HTTP/3login.restorecord.pro/assets/65225.45a68e44217bdc89eb40.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash5ccb90b22d94fa973ac33a2890fc7929 bb8b8e3a4a475920dc76225e76dad6c1305a76e8 e06633cbe7f25420c71e6a28fd6ccab71404df0d3fcf630e26cdb040e0e0ae2f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/65225.45a68e44217bdc89eb40.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"127f6-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=doc3yk0xfpECEXGKHSZBmO2T%2BI%2Fgi%2BYusInOF3rpgJOX6fN%2BRlm5AmKKaZP65hvwSZAw%2Bam6tbcy1WBTOVMykmVgZHpd%2BPWwOH9Ks0pCCTrV8XDmdbFLkfnE5pntM4VBqaswWmVfsMU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f5d535697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/3341.1a1f8595a0c8fc9f99cf.js | 172.67.150.238 | 200 OK | 8.5 kB |
URL GET HTTP/3login.restorecord.pro/assets/3341.1a1f8595a0c8fc9f99cf.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (8843), with no line terminators Hashe26a8efc5dde624130372229258ab5c8 6fb44998a93cba1ead19a776409849a6c50bebe7 6302c624d089c3bcde5638a15d621c0f664857468478526bcac9b419ddc6d81f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3341.1a1f8595a0c8fc9f99cf.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"211e-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3EuIR13tElZXw1wuTQZ7vv2%2FIzkR3M48fpawp3XiRM%2BOiDs3L3jmkiLCSbCW1rmP57R%2Bb3KYUPGbNsuMdW5wPm8GmsBgio0eNZIL8m0tpqVlDAiA3%2BAysyvdQv5N34%2BkvfGWxCpTw4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55fdde95697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/23777.2a4fc059cb5b5caf5307.js | 172.67.150.238 | 200 OK | 60 kB |
URL GET HTTP/3login.restorecord.pro/assets/23777.2a4fc059cb5b5caf5307.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (59652) Hash264bf832f52128869c50c91968264bb4 95a54d2525f093719198bfa0aaa1c7ef8574cc4f 515cb4b2b1c5a8190e7a9f74c13a3539aa2f758af17a50a71b9832fe53a88f9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/23777.2a4fc059cb5b5caf5307.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"e93b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VSZSS2JfviLfYx0GjE3FsDGKvx%2BtYb7F2cd8JBoex%2BNauMs8hmxIKYhOyDZvIOra%2Fqf%2B9imURR%2Fidntmr9vYRfv4F%2BJbTaw5iWBiHnaxA7knqBlIx4ysCeoNHHYmTV7gtsdWLktAUZA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0cf35697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/55639.406bee7d3e2064cd65d4.js | 172.67.150.238 | 200 OK | 28 kB |
URL GET HTTP/3login.restorecord.pro/assets/55639.406bee7d3e2064cd65d4.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (27753) Hash75d1d4ed4e9080766fea15d7548a9472 b64d354f4c71d5176d3cb52dc7e55e752b48059a 66e11c8abc27f8285a8a7a8179af491f8b5d8e797b92afe6bd4a2cd710b2e122
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/55639.406bee7d3e2064cd65d4.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"6ca0-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LOLlKUQqryK4%2BqU4LGY1UxNdlsBBl9cdquQs0fx9CsjXtX8cu9S%2BZoWoGIgf3szcscKS7PTsgO48DMeQ0XOEhTM5QpS5SxrBUZBk9YzNycRbyrsyu%2F7hmMpXK2n45Ve7omiV7%2ByJrRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f4d3b5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/23356.ac12463556a44bd7b330.js | 172.67.150.238 | 200 OK | 1.5 MB |
URL GET HTTP/3login.restorecord.pro/assets/23356.ac12463556a44bd7b330.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size1.5 MB (1470465 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/23356.ac12463556a44bd7b330.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"167001-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OLB5QRu7xK%2FN63Ig3OWFPlKak%2FAn45TTctu4djrEcSPkG01031HlhJwca6ZPcd68%2BlYmzx3XbUTNnciMk3A6ghK6qPcMxhXAnVnME6lS4pTvKpoq8hiytJbVLNxWdR6I9q356cCskqQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f1cfc5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/6575.507fad3ad28f9e5198cf.js | 172.67.150.238 | 200 OK | 1.8 MB |
URL GET HTTP/3login.restorecord.pro/assets/6575.507fad3ad28f9e5198cf.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size1.8 MB (1792121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/6575.507fad3ad28f9e5198cf.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1b5879-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ANqmzQ0JhhtYKD9m%2FAuk9KS0Cw%2BVsxcgIFuWPf1fzWWu6i5Jy6ylyn%2FW1peVgb3kq0QsLYcRZtXFcWcMJ2rPaHPRKCv3H3AbAVjowVurcs0vi8%2FUpE6lgMdwbUqXHUFzvIpGzrMo3Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f7d725697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/23992.0430129d8ed977cac0d4.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/23992.0430129d8ed977cac0d4.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/23992.0430129d8ed977cac0d4.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"37fe-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N1%2FDPDraybUVroAtSPrEwwOpK65Xm7D0wCq3xHfswOEEPE9xxVJHaGx6kUuWtMGIilp68kf46pTlMm4YfO9Q7SvsaMtP8NyaLD0HjT9zZJr83ZD0OXyb3%2FLr%2BfmbtjzX4GKji%2Fdf1fw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573bfe75697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/65000.e1b9099437a0cb5444c8.js | 172.67.150.238 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord.pro/assets/65000.e1b9099437a0cb5444c8.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (21036) Hashabc619bd0b72681ed95131a5e0489b12 50f98a563f0b7771b5df533e8dd75306f37606d5 0384028309684382f2d9e791a778dbe1a4a0e9bc6e6756bdfc3d4f236ae3bc66
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/65000.e1b9099437a0cb5444c8.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5263-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N8JC9EJRvjtVT%2FggbWPMRZ3%2FP4PA%2BmM6GzmQPoJjlNWU1MuRCqQuou3GL4iQ3gjvYWrzdSb1SQFKWg9Lxe9WaCUR2RKWwZc0kX4e0uHfaE871jlVyv1%2Bi6LnA2bDD1%2B6TtoocimGais%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ebc5a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/47146.d5c177e816a2cf054d31.js | 172.67.150.238 | 200 OK | 44 kB |
URL GET HTTP/3login.restorecord.pro/assets/47146.d5c177e816a2cf054d31.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (43856) Hash2dd911fe6af5b351702811c2d2dbdb35 6d22418ce848dafc32e9e0f8224fc6ce13a8efaf 40e9ecd17a864fde103d7ac450a265ed91814c0dbf4ab22f26df913e1f724969
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47146.d5c177e816a2cf054d31.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"ab87-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g2Fo5Dg8rKIborCYkqDqWi6getqpEbr06YYWQ%2BSWPgjQt8Qs7o%2BZG%2BEp08oCltOqitaaKHkKHrWAebeMwAsFZDV4S9WH5Lk7uHKSY0Q%2BdsRlPlwjTCI1vCOkwNvePQWH7h4F4CWNAx4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55efcca5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/94816.637e7c0b320aab380f7b.js | 172.67.150.238 | 200 OK | 87 kB |
URL GET HTTP/3login.restorecord.pro/assets/94816.637e7c0b320aab380f7b.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94816.637e7c0b320aab380f7b.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1553f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FIu8mPYvHqut0LF1%2B71mrlLfg7MD79TTGQ%2BTebYj8bKnigcZT4ANDIPRJkQJ9P6uleAkDSWri1mHpuD4lG2IXsHgvtO2tMsPyZyAhGc9FPTgETc8X86r1rIJfORmPTb6W11nzm3aYw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0ce15697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/62768.3bd3b009dc2945b07d60.js | 172.67.150.238 | 200 OK | 40 kB |
URL GET HTTP/3login.restorecord.pro/assets/62768.3bd3b009dc2945b07d60.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (39620) Hashb6b6813d1e66352c0decf44454134375 95a172f9805fdeee7bf82568b66c493972b35ad3 b07bc7d7d0a9086f1b02065c938b99544f7d651295ca2c860b22ff02c482a239
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/62768.3bd3b009dc2945b07d60.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"9afb-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y1hRIEve3zqsaMt7YF7t%2BY8CDoHqyF5BPdZpFyp5LbSbQdxJfy1w6RUhl%2FWdFPBuqXiHy%2FpvZ03e9d5aUoMSQSg5aNnRepYMGNMbbi9Zme7MlfGftnwUwRhLUwCfkxX66LbEd66s1xg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f1d015697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/18409.4b935bbdaf404e1ee4c3.js | 172.67.150.238 | 200 OK | 9.5 kB |
URL GET HTTP/3login.restorecord.pro/assets/18409.4b935bbdaf404e1ee4c3.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (9914), with no line terminators Hash5aa60c5a1722502712e8c6df505d4633 81a39b0f30fc6a4cf1dc23df5c165fa4d9dcd474 6120d464aae1c7b09b57c26824fd3fdd42710850090bd9e7221a526713cab5c4
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18409.4b935bbdaf404e1ee4c3.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2546-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pvl6KzjIICrCRJa6tp9L0idgSaH5qowl8MjCrHhdb%2BsY0BTnsBNWw1foLp3cocXlFlTisa9Kw%2FSpjtxIoW9lqd%2B%2Bucer%2Bes7y0CSSG20evLSVvMXCBdFZnRq7dYwwEJrbJul2e%2B8yIY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f5d475697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/6eba4b5678bf2ff1c053.js | 172.67.150.238 | 200 OK | 45 kB |
URL GET HTTP/3login.restorecord.pro/assets/6eba4b5678bf2ff1c053.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (45008) Hash837a213770a91c0bac5bc9e9c90010f2 0607bcf00f83d5529a1948a9214e8926dcf7348f c615595bc0fca0392ff1f30597dc0ab1cc6bf06493ce2f283bc30736a3083c30
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/6eba4b5678bf2ff1c053.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"b001-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Wr%2FJl98nWOQlS%2B6IG4v%2Fzvip2rjNisGC%2FxRQjoSx%2BlpluFHyibOBiZinOJogW6ISqLsT%2BpucMQIgBwrIarCTspwQqHeeLjhasS4x5QJ071ah17bH6uRUIkebjCXUPBvhHhHaT9Aupc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573afda5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/99742.217a8e519977f9b5cbf0.js | 172.67.150.238 | 200 OK | 18 kB |
URL GET HTTP/3login.restorecord.pro/assets/99742.217a8e519977f9b5cbf0.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (18014) Hash1960cd6ad791e73cdcfafff546853923 0ad17a1e5860279e6885d8d94ee0e29a1730d530 13c1c620578fee12330a7c3c003da2ea56f487fe471125b76add74f74d0bc36c
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/99742.217a8e519977f9b5cbf0.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4695-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9s3LF9pMZmsZHF8KBf7wY7gYjicu5XPiPKoqPe0U9yVYjxWgt4mQr%2BP4jyF3mDUfU%2BTL%2B%2F%2F5HFkccASbDFzh5UBOFuMAhfPC1drEYsrk1pjRfWLgpV1%2B3mPmFgnCQA6hTMQ5OxuWqw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55efcc65697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js | 172.67.150.238 | 200 OK | 7.9 kB |
URL GET HTTP/3login.restorecord.pro/cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (7853), with no line terminators Hash792b571440be9f6d292aaac4916dcc95 53b4893a5662c14bb2e3b4ac029a27d820a423d4 60d01bc6e4c185171a773da94fdbd04fb1e7a2a168fb0cb6e294b951d8c77433
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/1b3559406bc8/main.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pblbmFx%2FimisuRSnkx3OChN1eU5V1U67rO6%2BO3m36VTbkW1P2g5oFKrspD%2BIdy0%2Fc5ytod2%2FpKVHsBYc2JWlruPHQvDHLgftgXgxp%2FKzKxkl4CGuw3BBNxqLpA0wTAukPyYwasAo020%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd574491b5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/94751.a83f5d49f2a33eb3efc1.js | 172.67.150.238 | 200 OK | 1.0 MB |
URL GET HTTP/3login.restorecord.pro/assets/94751.a83f5d49f2a33eb3efc1.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size1.0 MB (1006633 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/94751.a83f5d49f2a33eb3efc1.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"f5c29-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NtMbNYZGsDaJABKgMNN7qMLsAv54supyB3TSzgfhR0%2BVFxl8MBxebchGUMuCqFPAlIWyEzgtWHO%2Bmcx5M1kaaWAQiKIaLcQx2huHqccXhYfpoP%2FdcPKY%2BPhB%2FQ6r27Vc6Ctiuk6sOOs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc8e5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/48590.9d5fbcc5aac137b478e1.js | 172.67.150.238 | 200 OK | 38 kB |
URL GET HTTP/3login.restorecord.pro/assets/48590.9d5fbcc5aac137b478e1.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (38172) Hash43c0247c5fd0d2aca49282b1f2e8b884 9c3d283f016f69a880edb60ebc384c9f39002a56 998a4388e4821fd233dad8d1faf2700c0c47741c4843925dd9252b1bd3dc0c50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/48590.9d5fbcc5aac137b478e1.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"9553-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8LImjTD4XmeGkqQPmM0Q7I%2BVsV%2BTmECFm7EZf1qkUiNH5RBggCH4MehAZxgV5Iw1CsItZIHVQTnqVQrxKU26GbRN7%2FdcVlYmqlkgurnBAcHSojSYFOFFo4W9Wzd9SOSJfTAGLXiM5hI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eecb65697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/58409.1811376ebb7f14b0be53.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/58409.1811376ebb7f14b0be53.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (13964) Hashb04469c4ff1a1e4369a1238f1a6e7e13 baa699271e0bad0d5d568f5d0cb2dac21f5a2d0b 2dc6a1da0d49480f89ccab794ec25a14cab0ca4034039ae26e39faccdda82a50
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/58409.1811376ebb7f14b0be53.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"36c3-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5IF3OVKZS1LJGSVs0YUW7MlCkdDxDdgA7PCGSysBQHOJjp%2FcwYuNRKHErstUcx2iAQSfrA9xgvVKfRXpOR16oN%2FNWeXcb9%2Fb5vLj2y9rKC3hJG96966F2xMWyPi1bbu7v63hTPmh7yE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc725697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/77015.48150de6efe657e3c6e2.js | 172.67.150.238 | 200 OK | 34 kB |
URL GET HTTP/3login.restorecord.pro/assets/77015.48150de6efe657e3c6e2.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (33607) Hash81c3fc72ba9d6399582bf44261a7d3ae 1c226b78a91b94e41031384e952806a0f7df56b3 5d14345894349f81168d5cbac6e2427d0390773574634f6936e06680a832d282
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/77015.48150de6efe657e3c6e2.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"837e-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BuiX%2B6rGLRWFAQZo5%2Faw%2B69LV2KuA%2FpIZQGMWaWH9kwQd0AhXJiO6Wzh9b88j3h9%2BGnAMUHpcLXjWi%2FqHC7j8O37aBPVUWu2dp%2FPnebZmFaFy670dyRRN%2BTUDJMVVY2DhKYj%2BadyaRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f1cfe5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/14875.31e886d6d1db8a56b5df.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/14875.31e886d6d1db8a56b5df.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (14036) Hashb73ea7c5ff12b5ac922cf837484b41d4 ecb0e464f4dc99dc4c2a88a0af3a5e80c8cbb0a2 558da14d878234c5150f3875e25a8049954a5ac6446595d3f58ac828620a6389
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/14875.31e886d6d1db8a56b5df.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"370b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gsoOP6GLoaaRRGeE4fFAuhYu1oCC4OriMgI%2BvtsCvgUqqB2JSs1AH%2F4EPSx6giBwgCW2tbV6MAHExrUrxvBN4OC6NSzbVzDi9cGb4BUVVC9p9dSYmVSZWD00fNMMpZKynGP3wjcaFI8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc925697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/8240.59954d342c818ac8b70f.js | 172.67.150.238 | 200 OK | 81 kB |
URL GET HTTP/3login.restorecord.pro/assets/8240.59954d342c818ac8b70f.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash18dcf8fa835cfc1860e0869ae9711d8a 372560e730d7725d0d486544b57f7ca5a1e740a1 3bc562cf2f8191b1220d710ccb7cfba8dd0eca628055f0fc4bf98b0f8e7289dd
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/8240.59954d342c818ac8b70f.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"13b4b-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LUQRQ%2F4WnW367wLDtr7Uj%2BwyvATBvKpzR9UTQm6UULFj9lIgXbt7RgfxbxQfFNKGuvp%2FtuNir8VfzdElVPUeVw3%2FGRgpRZzXDOMc%2F%2FmaXxn1FLHUeYW4awqdgo8jlAxMfaLBI%2B6mZko%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55efccf5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/22198.f5f5aeb061c44ad3e071.js | 172.67.150.238 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord.pro/assets/22198.f5f5aeb061c44ad3e071.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (12232) Hash037eb3fd7c79a6a5da8011e606e917bd 078368fc9988f02a9d9b2faa6494b3209ca6f8a1 b24340e4a45954dadfd82c820035335f0d27ea454fdbbb263ca273cd590d5a23
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/22198.f5f5aeb061c44ad3e071.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2fff-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMWrDq2En2UewhmUh4DcxVyn0mj%2FeYnokR1YaWBbWcY8w7Wjmhor%2FYOQ5ZRTywOmudlXGdKuVxnAc1YC3Q%2FmeIsw6EnyZSETzxKzf5UNdXEmY37TzQw0dQ4sRYWXT%2FCLKI%2BAhZgjCCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0cee5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/67079.912803f13064d4c3677e.js | 172.67.150.238 | 200 OK | 23 kB |
URL GET HTTP/3login.restorecord.pro/assets/67079.912803f13064d4c3677e.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (23306) Hash2a521f7bf2072b4d3eabdf38c0681157 90cfe120f3d79aa5d4efed7a5b458ec27e2d9af0 d7cc40cdb7b530f4d0050c5354a295361f1550e1e3f3092b8e2758fc26006903
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/67079.912803f13064d4c3677e.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5b41-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yrK72eizYSMaiyG5YgO4HgSualL2%2BZwiThKuncsSwrk%2B1xzNKhHpVCoeu8MztAOExRqvc72OgoPLD6pVy9965MIc2nuGFmlKc1R11aeNyePkYRHrzC3p6UyukLi141KsHOJwhDJ0TQ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f1cf65697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/48059.86a954da9c9a44ee9dee.js | 172.67.150.238 | 200 OK | 121 kB |
URL GET HTTP/3login.restorecord.pro/assets/48059.86a954da9c9a44ee9dee.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size121 kB (120793 bytes) Hash0913b93dc0dd7e4beacfbb0303501b18 e2fa12d63460ad8a54218971c444b085958ced88 9f32de28a06abc9233adf200a94a4d637cd39ab3b3970390175b42e09e5820fe
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/48059.86a954da9c9a44ee9dee.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1d7d9-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r93zvaknpWmblQdKAeHns7ax88KAgWIbPxKbCOsVyhZw8XuQj0itdetkvEzEUOJCePeF9F9cKsbMphfeXPTZZXnyE%2Fa3HunyfDmDmL5ijbzNHRcTMElPG6eYJZfFgEDzWR%2BjfsjhXxQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f4d395697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/62783.e18caa1168cc95380ff7.js | 172.67.150.238 | 200 OK | 100 kB |
URL GET HTTP/3login.restorecord.pro/assets/62783.e18caa1168cc95380ff7.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hasha98ad4c95668e7f4c84026bb92b67cab 7491bc769395414fb0547fd10164defb59634ee3 68e24e65cc7a6af0a0d33cac04f39aca1e1e670d0c137724abe4a917975ede8e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/62783.e18caa1168cc95380ff7.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"18608-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0z8SF4n%2Fqru90%2Fu2u8zSTci%2B7oUHhtt3lZNPNvN083yM4Wev84w1sFFWRcVD7y4s3%2FylhnnkiwuNzGXETaxxbPU608xkFaTm5jTTxzdVAkPrknDy1OYRbo8g4wOiQeuTTrE4LWEYlPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573c8015697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/19263.fe32553ff71153cb7656.js | 172.67.150.238 | 200 OK | 6.7 kB |
URL GET HTTP/3login.restorecord.pro/assets/19263.fe32553ff71153cb7656.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with very long lines (6802), with no line terminators Hash22004ec800dc7d91289b0f2b29cfb22e 54698e8664becd4ffa7f35cd3eb3be9d9c357ce1 3031275133c2f739865c83543d1130f56f98a103fcb5548177c7cd026f5de85e
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/19263.fe32553ff71153cb7656.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1a57-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ByAult6Xm%2FwFTaupQLEd5E14m8w4XpvprsOAJwPlK9vZl7KK8Bktq7hLSmbuB6EH%2FVNbNuU1KD0rSAAIkScm4P8TyWTWDGMHYNrj%2FdiPIjOJDMB6ewo23W2bpUwjc1I5FRcbG8hB%2BU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ebc565697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/74970.ad098636400bd7dcbe6c.js | 172.67.150.238 | 200 OK | 28 kB |
URL GET HTTP/3login.restorecord.pro/assets/74970.ad098636400bd7dcbe6c.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (28091) Hash3c3526a5242b8edbf4465c32aaf8fa93 577aabb70319ddb82ff368904993a42b33867d13 56d5c52d9d7ee3aa25c7670d3a69b9d711c20ed56e61f26f21cb459640fbf3d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/74970.ad098636400bd7dcbe6c.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"6df2-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YzsG%2BvVynZlUCqgtT1wRrf6GyEySSuACBj7uXoliNtUoqcOXFXUvUCk0CIjp1C4OdpNqP3MaTxBc9EmGqhW3OgOs9StvjtNwbw0nbC1fx1Xwh6o1cUmCC0eLVpV%2B7A4HZw%2BaWEz%2FXkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55efcd55697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/?v=2 | 172.67.150.238 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1login.restorecord.pro/?v=2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?v=2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://login.restorecord.pro
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Pu/mB7dMU9++kE/AEswOhw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Fri, 10 May 2024 18:01:19 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WFuofWuSedywobhWjN4uTtjWFt0=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Wj9nKjJ8Yym9cQtsxCkuza6idK%2BR78G3b92gnHHQwg4MbRf2%2Ff9asmqa7DC3JodZEX7Of4MltXZ2m27758DPsXKHFyKjvw%2BUhg6CPf8k1o%2Bw75%2Fx%2BFRlgIfLhQJDFo3HvSsFMnnd3k%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 881bd578df4fb500-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/46318.26a20b3d6c9d947ee7c5.js | 172.67.150.238 | 200 OK | 14 kB |
URL GET HTTP/3login.restorecord.pro/assets/46318.26a20b3d6c9d947ee7c5.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (14296) Hashc31c995e6b740c207b3c24a0d1145425 922fd2d139a1ff8bfb89dfec828ed4e52946f359 8faf3e169db9dfba36885821526edddb14b4e0c3feeb1f20786c3f2c51115831
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/46318.26a20b3d6c9d947ee7c5.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"380f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivKFRYKbifhOLqrB6WVBDq4LML9ORPEHyMcJJLi%2Fjc2y8a5LQVnN8PNJUUoWOmQrollvcR%2BuodcvEBdYSGD0iMa%2ByD05I010GazeSktqPu6JvYWOHYXPaiPhOzqjk7isdpUd9ZvQT28%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edc8f5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/86480.ebf8826a7f33e22a6aba.js | 172.67.150.238 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord.pro/assets/86480.ebf8826a7f33e22a6aba.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (14887) Hashefa64bf325b069f9cddd3a1e224e7679 c18d2104d2ab6cf8599c57fc52d01faf8c48aec9 94139cd642069de9ba7621638c1dd08ff2703c859f69df7e24ee109f4f3cd250
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/86480.ebf8826a7f33e22a6aba.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3a5e-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWY8XjcWdiSkLmwWYVnprJHQ26ArD%2BNRMw%2BqiQsayQ84bf83wXHfpO%2B0dxw66d8A4TUcvdwTTAPrGX0tyo5kjl7fL9%2FucmjdXQKxiKb3820Bck5UGU9mNffAK03eUUyNe5RjAsR9eWw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eecb75697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/66888.79756ea63981ab2a6341.js | 172.67.150.238 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord.pro/assets/66888.79756ea63981ab2a6341.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (14863) Hash1d86b77c518ea58ffd94ca73f4ecf8ec 46fdebd87f50f9aeb25b1908c92995e8d39212e1 a2740f55ae9c5911162e7891dab7a0a23ceed7ff351fb7956bf02f2a46e68f24
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/66888.79756ea63981ab2a6341.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3a46-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oifZJD73w4m8W3Vr1cOuzHU2DSAYTIXixPJqv84o7vp8kVGxa%2F0vIRYTg6Je4c3ncNcyMtmDB6DFEAwwZxIIeSvjEZQqS5C4Ty8%2F3lS%2FZcOUSoNFmzmtn56mrVpCb3nEzcaRqiLL3c0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f2d095697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/25653.f1981721227784f0166e.js | 172.67.150.238 | 200 OK | 164 kB |
URL GET HTTP/3login.restorecord.pro/assets/25653.f1981721227784f0166e.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size164 kB (164235 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/25653.f1981721227784f0166e.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2818b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hULQTY99%2Fv5aeUcTg094m4LXusWG7vBQ53sgkMbGYnAtwDJs31ZehPnMFm%2BE5DFAupGHOAvQsxnIoOtKAY4cr5NZ1y4IiYVBuNA4UHw8FpLbRi4aknMrC1B24w%2FRSh7j%2F4p7V6srV0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5604e785697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/399f7f1238d1fe8b2b51.js | 172.67.150.238 | 200 OK | 109 kB |
URL GET HTTP/3login.restorecord.pro/assets/399f7f1238d1fe8b2b51.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size109 kB (108609 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/399f7f1238d1fe8b2b51.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"1a841-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAdNOE0KZf3cIqP49WKIXTKNq3WSP0lbrq6jVQMV4%2F4s%2BhdspgP4N5rf%2FmyNl1Rxf81pZGxeAdFcdUCpfG3EUluEHMssGEPBuXoxFHB625Pr6I4Z8pgSU87cleflWpX4QCwabEERl9k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573c8085697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/a826e445dff97cf15335.svg | 172.67.150.238 | 200 OK | 2.1 kB |
URL GET HTTP/3login.restorecord.pro/assets/a826e445dff97cf15335.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hash1ff7f50b770d68712d36c79ae6121521 e3fe855784e971e2c57de12e878aa073da7d31bd ad965cb39af806b0543af5c32ae34cd0b136dda9272e6d877b067cd00563e048
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/a826e445dff97cf15335.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"80a-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mc6RVQrSBqRZcZRMZIl%2BzQroznDnsZDUyMk5mfY1rWxR7kyVx%2FmhHX3LbhexTyYCI4IZ6Zd2GrM10zIsS2dLDm4Ig5k%2BR1L9%2Fs0bQPRF6kQ8jf8MfFXhWLR%2F3DHTEXyHkf31znpZlfU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57408855697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/482.6e1c86f88a37a71d42ec.js | 172.67.150.238 | 200 OK | 21 kB |
URL GET HTTP/3login.restorecord.pro/assets/482.6e1c86f88a37a71d42ec.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (20577) Hashba0cca7d871b0de10a4344be2427733f 4d4149acf6c6694000b0b4a5f18b4bff6aba6878 066deb7f1b943e4ccefdc62fc9dc214596787f8904a464de52bbaecf02ad8d86
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/482.6e1c86f88a37a71d42ec.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5096-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eX%2BF9tyinDh1IUUO%2FGluMsketMmc561EVs1c31jmSStOrCxvbxu1Zt5kWr9VZb15IEgQrKBNvNRAb9LTsR0VlWL0veOTiTVES3Y6MDxh1DUcHNyvrGTMS39mu5ldcDLhGckbzydGXyk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ebc4f5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/ee6b51adb64f6365352c.woff2 | 172.67.150.238 | 200 OK | 179 kB |
URL GET HTTP/3login.restorecord.pro/assets/ee6b51adb64f6365352c.woff2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 179380, version 2.459 Size179 kB (179380 bytes) Hash7cf1be7696bf689b97230262eade8ad8 8eb128f9e3cf364c2fd380eefaa6397f245a1c82 a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/ee6b51adb64f6365352c.woff2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:20 GMT
content-type: font/woff2
content-length: 179380
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:32 GMT
etag: W/"2bcb4-18d28d9b1e0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lq0fMkOZpuTcMPCYGJxqIwU%2BihVUYVTr%2BY26JlwjHJzl8HW9r5n6XdCydh%2FcYQkTXpHFWaolOZ5d27Of%2FbJozlCuErewc8r6E5TpPxv3UexAUhDL0uLCmeM4o2WvU08xrFlmXtOs8Go%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd579afd55697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/f84e3e81b8d0718cd917.woff2 | 172.67.150.238 | 200 OK | 65 B |
URL GET HTTP/3login.restorecord.pro/assets/f84e3e81b8d0718cd917.woff2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with no line terminators Hashc0caa8227e2754f8440029c42df9f7e9 cc2f0e3655002fdff933711fabb53d63c23cbfbd 89a8e6fe1c595fb5fe77edd74ee8990458ecbf2941bb44e60ce8d96b6fde660f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/f84e3e81b8d0718cd917.woff2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: font/woff2
content-length: 65
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"41-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sZWM7x%2F1gUpvaTe7nG1ntOmQlcFG4ky1bIIw3eFSSL6YaRZ2s7xAerdYWszaTqxWhr6RKj0jRdLTROnsnhlaZH2VQt8fLHS1H%2BoqC6KXWse5iYBNakSkCmjhEE4yBoiP%2FK%2B8xT8ISS0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5783e165697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/53509.d075f1bff85f12b95485.js | 172.67.150.238 | 200 OK | 9.6 kB |
URL GET HTTP/3login.restorecord.pro/assets/53509.d075f1bff85f12b95485.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (9755), with no line terminators Hashe9eff6bdc6b8bf132d282ab7e5a01c35 089fddfc575d1e95f64830332cd239ed1bd373fa 31a2beb20e1900be01f696441242a8abbd9f3f40dd8e9146d61bf141b36b4cdc
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/53509.d075f1bff85f12b95485.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2592-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oN7DfIDsESCDOICFIHwrVSzskmKYcR3vAvBg7uRvyrEccZSeuU1wcTAIsn3eQg9XkjOnkxF9XQGIz3LFvfvgrxM4J%2BDpyegk7x%2BUaclrNMrCDnwTsSSXwNzivjXeqr5drttatSBE7Xw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f6d635697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/31897.ec700144df6b20f401cb.js | 172.67.150.238 | 200 OK | 6.5 kB |
URL GET HTTP/3login.restorecord.pro/assets/31897.ec700144df6b20f401cb.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (6675), with no line terminators Hashc541881b1eb8c6fc9ef167b40d30b518 b18e4deb44d3a876d671cd0c32c1cf60512dd342 b45ec7b4dce9bbc331cb5b4af670a517c046f91c6cc8d32f04c143456f3bba9f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/31897.ec700144df6b20f401cb.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"1970-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mCOn4BPN3kAm1%2BY26S6VUD3nip3RQCKH4TiffIJvWab3KSEoRGL7ldL12MwwEPb47xyt3z3jYBJrZEeCwKu4E5zjWPpp3dLZCgqzTI248GfvMzVhe8qdbXTL3hgU0g8g9Gs3fSOORUA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc7d5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/6086.2af42e57fcf6739db519.js | 172.67.150.238 | 200 OK | 19 kB |
URL GET HTTP/3login.restorecord.pro/assets/6086.2af42e57fcf6739db519.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (19374) Hash6fc5e9f209e47dece5d8e86354e38916 78a29b4cf26974c725b5952e0b65baed2e3309c6 014e1cfc914dc362f3a55113e3aa27163bcd88c8323905e7d8b43c7b16ae821d
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/6086.2af42e57fcf6739db519.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4be4-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7jml%2BbO%2FuO4cPjpoZjun0qxpKdEH9XQacJ8FG99yVhRWtylCZgaocJGNt3Qak0tSCv5%2FxVVDZ8hbHsg1CeAjAERxRhCsTkU9nyVNajWayzD3dwWm%2FLW3zDzaCghdK8CwoKJq0pAinY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f4d3e5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/96897.008f2a416a4c547f02a7.js | 172.67.150.238 | 200 OK | 8.9 kB |
URL GET HTTP/3login.restorecord.pro/assets/96897.008f2a416a4c547f02a7.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (9305), with no line terminators Hash09526b3c9921a6dc860a1ad3e0b0bbb7 8830182678c4c396ec9098dbb522bf8124196a97 9c1e6291fe3e409a901297061f201be5ea9de639ca97a63badffdc77f50fbce1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/96897.008f2a416a4c547f02a7.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"22bc-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KisM15fPLhZLtAuSbk%2FyqqtCK52el6x7z2mxFcr%2FiXPc5MauhOli9wav%2FpJRLHMaKuGJgs9oFoQY8VILjvVRzZDU4BunO2SQ%2BJWKwrsxGGZBHkKTMpiGDVKEHqQJAsu%2FR7p00r5E6H4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f2d1a5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/31421.ced40b898074b2c19b15.js | 172.67.150.238 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord.pro/assets/31421.ced40b898074b2c19b15.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (12060) Hashce1c4ffbc40c7e9bf65f4228013a5819 5032e464391b595927baf62c1e4bf0034ef66d26 131db5cf2b0741365470de35e02d94da3de2b223b8c18e3ca3dd7c26af23d6e6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/31421.ced40b898074b2c19b15.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2f53-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hs24iT%2B9TczUa8qZEjZ%2B1c0WMAFmyBcG6ClgBjAOfUGx70mzlQnl2vMQtVtFMZDaJCLFqpIIIQxF5WH8ihVvWNbagPjnqmuLmRGw5IPE3YAjVAexDwFChOwD6%2FJ0ienNnZtM24%2Fyhio%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f5d4d5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/fd3f659b46061bd95594.js | 172.67.150.238 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord.pro/assets/fd3f659b46061bd95594.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (12472) Hash1f26d0370e5e43ea29dcff7c1c53d661 dea8cfb895f9081bcf0b5c6eaa2608c0da58393d 8f23b16a70005926318364b1757e80b28978294775227047866f5a64f1683fea
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/fd3f659b46061bd95594.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:18 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"30e9-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MVcZCmyKD0ah9jfheV3tswTIyLSzNFZDiK3MPDz2ZfGvX%2BEHFBRI3O1W7RF%2BNXnBjC8nXLGPiImx0yixXDmltxx1LFsDZhomyaFVB0bZRHeiD%2BxSiZkOEJktz9INO0jLSa3GOBsr%2BCk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5738fad5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/18667.a2153b412864bc0484ff.js | 172.67.150.238 | 200 OK | 11 kB |
URL GET HTTP/3login.restorecord.pro/assets/18667.a2153b412864bc0484ff.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (11075) Hash40ac4831e99b9248bfcac7f7dc820c49 ff2b273c92b32ed9a0849743bec41a5af5b9d3c1 b47a9d595f8492f38ccddba2d47641117fc6a8426d73db79218259717462518f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/18667.a2153b412864bc0484ff.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"2b7a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nP8UMLC59uGGu%2FIL7w7IEoMZFUCWCcZ7UkXAHZMRkfWqbTDWInnyQB2XWK52D02R6RNCjsySggEwIBUtob492LqkHAZfDd%2BLd6QDEMZRYGPjvO%2BawVc454DI%2FDZvbr5zeRccZhrfAc0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573bfeb5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/8f581f91e7e650ac87a2.svg | 172.67.150.238 | 200 OK | 137 B |
URL GET HTTP/3login.restorecord.pro/assets/8f581f91e7e650ac87a2.svg IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeSVG Scalable Vector Graphics image Hash897482ffa8de9752445d3eab06524d8c be0afe5b3be92b25fd9baf6c4a98e30a8b4e831d 071d1d5a1ae9749fb0b9175ce5f7b74e994c97cb33f38e2a68bd717b32518dab
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/8f581f91e7e650ac87a2.svg HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"89-18d27c367b0"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ldqIPf1hy%2BIUWBcPAoiNQrXnlKKwdGqYztSorlmnrfV8X8ejzZyKMsrCQLXa6sTtAnL8dOlHO78SfMBvdNlbydbroiMXhf6i5iOvxY8UaWmmqYHeNxvXQXKo94%2Fext3GyElPaICTQr0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd57418a15697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/e0ece3c23b33d18f4d00.woff2 | 172.67.150.238 | 200 OK | 187 kB |
URL GET HTTP/3login.restorecord.pro/assets/e0ece3c23b33d18f4d00.woff2 IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 186744, version 2.459 Size187 kB (186744 bytes) Hash05422eb499ddf5616e44a52c4f1063ae eab3a7e41cbf851df0f0962ed18130cf89673a65 c1d71bd80fc3ecf5ef1a97092a456a046d55fd264be721f2a25be3e59ccb8b2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/e0ece3c23b33d18f4d00.woff2 HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/assets/app.efcb8c8bc767b60fbdd8.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: font/woff2
content-length: 186744
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 21:49:41 GMT
etag: W/"2d978-18d28d9d508"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sLNndadVaXn9rSv1BtzfR5vy%2FR%2BFUOCpholuWMejzNIfRNZY%2BsRmDTMYWiX534OweFZf5YF7%2FrI0G7y64uHYaRn7E9UDt2VWMQAgVkvvnr8Kiu9FtFzcLcqO4eXTx1ahGMinIFp%2B36g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd579cff45697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/30982.a6d605c291ff090be83b.js | 172.67.150.238 | 200 OK | 12 kB |
URL GET HTTP/3login.restorecord.pro/assets/30982.a6d605c291ff090be83b.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (11446) Hashd06e1097bc0b493b61ec8ccb6a3c1338 d69f77887e7611c330cff1fa7aaea9dafbc57ed5 1587658b44a41e7384ad7bd8d2e747e98ff01403347075b0205c68463b87dac8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/30982.a6d605c291ff090be83b.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2ced-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IBM0cWQAkPjxVGGGYratSIlMoO5bq113aSmME7GjB8yt0Sc7S3Xgh6LEOLT98w2s2OxkDLghEco9n7Ugc1hoVA6eyX%2F8HPE21Nr3PUSloOJSi0RY%2B6vUvKcn7kCb2flj%2FOaiHg80oAI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55edca25697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/34426.9f82349d8cf165e1b07e.js | 172.67.150.238 | 200 OK | 15 kB |
URL GET HTTP/3login.restorecord.pro/assets/34426.9f82349d8cf165e1b07e.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (14800) Hash495af705377c93d5c53e1b8c3b14d883 16ac3e41a677731e5ced48142c2949a75154fc64 83edb478f8ed6fa71c304bd0571c29d682453217ab896bd84fecfc4f2e42b2ac
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/34426.9f82349d8cf165e1b07e.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"3a07-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nsatdtvE%2BVb0lIJxozrQ4zXTcQVcR%2FITAstRQiWK9LSxX%2FG2ghKE8rg%2FMfQ3Utql8%2BmyIqmsTG%2Fyw7LuptB7IE8mmdt50rpTGt4w3v5xv7rtMTzAWlRW8YJ2r2WvI%2BZuJMhLhOGwfIc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eeca85697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/80083.7fd81fb4889aa662cd19.js | 172.67.150.238 | 200 OK | 26 kB |
URL GET HTTP/3login.restorecord.pro/assets/80083.7fd81fb4889aa662cd19.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (26162) Hash0abbebabbe917f168094124bb3cce39a 9de38e8e88c1c3450db921ccfcaa3afb35563194 21dd7691eb613640f3b6e7ca733fbb99374430c34523f31fbeeb877ca8c5c494
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/80083.7fd81fb4889aa662cd19.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"6669-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YSxMOaoHHdhnQlyXpXFQXqfC1Gn4IWgoRzm4HhfSUCCILaYuaPsRXRQ8MW2ZZ6p1E3OiS0YvUlOnBaFLT%2BNS4WB2LgpXqhg99GFhlbowkuvjSIW1Cfxda06cPP7SzXGYwvfhylrKhSg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f1d045697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/11538.db58e10c3c76859618f0.js | 172.67.150.238 | 200 OK | 30 kB |
URL GET HTTP/3login.restorecord.pro/assets/11538.db58e10c3c76859618f0.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (30244) Hash7f54de7efa90ea0e15b1c612bad83249 1a5edff4e5621f3f3fe3c536c18cd787872aa17e db01fa5a4d163102243a550ad6e1f79763c2b718a1e4e1261bbbaf0c548f5b2b
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/11538.db58e10c3c76859618f0.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"765b-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MKl9dvYjh5V3bBNPN2V11jOT0btL0Jr5dN1F1z%2BWmkvmwfLQ51EE1GLMvj%2FoeG0BVWRNg8lZDn2%2BrvKJidVz9T7TXuNy3yvGd%2B79TE5WwMXiMxi8FTLZHFx%2Fie8VxsJ65OFGz3PVRXA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f6d615697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/52033.8c199987fcf5a97f2ee5.js | 172.67.150.238 | 200 OK | 10 kB |
URL GET HTTP/3login.restorecord.pro/assets/52033.8c199987fcf5a97f2ee5.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (10438) Hash8eaae7e1a96c8c653d0d85b3733e705f 5b7a6b708f070bbdf46cf15e3c613e3e60896260 83e5ef5e06c1625afe2ad608af5ab6b3dcf13652395d218b8f2a2442bb5791c5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/52033.8c199987fcf5a97f2ee5.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"28fd-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U71iT8M4ujDZ%2B5fjVLETL5YqXpOWt4qzw7n8BojkYNQqdcwtxB%2BsKoTvyUau1B5ikC53XOlF0TlnKj%2B4ocvCEzUsEKBQCW%2BE6IDNk7cUVJj%2FQwgtybuxm92gNZoClIA1RjvicuJreMk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573bff35697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/a9639edf37cbf3bc290c.js | 172.67.150.238 | 200 OK | 5.8 kB |
URL GET HTTP/3login.restorecord.pro/assets/a9639edf37cbf3bc290c.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeASCII text, with very long lines (5947), with no line terminators Hashf392c77642c2fdc2ad568c6141c40966 8f9529db4fcc332030fe2b066220c4d5752e2cc7 9c96486a4197d9bfe932ae15364d60dbda2ce77fb28f6e53319f5a9b6b25b486
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/a9639edf37cbf3bc290c.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"169a-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VZgRL3IAgKC4TrLx6aS1mDB8yDc%2F1xFL4kN%2BIUDKhOLu4KVciAMQFPtl2csxB1jWUOZzxueNnuk8UOE2F9yye04HiHom6L3CnI2CGhJP9JnHkO1%2F73Al8dYblg0uPNIWJxdOUg88hUY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573e82c5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/api/v9/auth/location-metadata | 172.67.150.238 | 200 OK | 111 B |
URL GET HTTP/3login.restorecord.pro/api/v9/auth/location-metadata IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hash85eacb562bbb530202e85ea94c46283e 69f432337fb66ba9961666f6212dbd2b082c43cb 2e42e879137f2011d68a43698b438087f8151df6aa54b605f1fe7d3bf99cd642
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /api/v9/auth/location-metadata HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Super-Properties: eyJvcyI6IkxpbnV4IiwiYnJvd3NlciI6IkZpcmVmb3giLCJkZXZpY2UiOiIiLCJzeXN0ZW1fbG9jYWxlIjoiZW4tVVMiLCJicm93c2VyX3VzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMCIsImJyb3dzZXJfdmVyc2lvbiI6Ijk2LjAiLCJvc192ZXJzaW9uIjoiIiwicmVmZXJyZXIiOiIiLCJyZWZlcnJpbmdfZG9tYWluIjoiIiwicmVmZXJyZXJfY3VycmVudCI6IiIsInJlZmVycmluZ19kb21haW5fY3VycmVudCI6IiIsInJlbGVhc2VfY2hhbm5lbCI6InN0YWJsZSIsImNsaWVudF9idWlsZF9udW1iZXIiOjI2MDEwMSwiY2xpZW50X2V2ZW50X3NvdXJjZSI6bnVsbH0=
X-Fingerprint: 1238551456508940419.SWaa0CizTp-7ICI8CQGbc7gE0Gs
X-Discord-Locale: en-US
X-Discord-Timezone: UTC
X-Debug-Options: bugReporterEnabled
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:20 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://discord.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Authorization, X-Audit-Log-Reason, X-Track, X-Super-Properties, X-Context-Properties, X-Failed-Requests, X-Fingerprint, X-RPC-Proxy, X-Discord-Locale, X-Discord-Timezone, X-Debug-Options, x-client-trace-id, If-None-Match, X-Captcha-Key, X-Captcha-Rqtoken, X-Discord-Resource-Optimization-Level, X-Discord-MFA-Authorization, Range, X-RateLimit-Precision
access-control-allow-methods: POST, GET, PUT, PATCH, DELETE
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
content-security-policy: frame-ancestors 'none'; default-src 'none'
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2FSXobr%2Byi2I%2FCy1Tr%2BbujkN28bSzLz%2FF5t7mzamE3e5U%2B%2FRVI7YsAL0E9pWOHNmwiwEmyVQjzj8zQOv%2FfjooY2H89ERuubBO2cdgyzEKNuKWgJ3baUMHEao8m2x"}],"group":"cf-nel","max_age":604800}
set-cookie: __dcfduid=4e17fc7e0ef711efb5786af2b9909e4d; Expires=Wed, 09-May-2029 18:01:20 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __sdcfduid=4e17fc7e0ef711efb5786af2b9909e4d7291dbce60b8f4001206c0390cdbadd176be6b3efb2983d7b9ac1cdc032d2b39; Expires=Wed, 09-May-2029 18:01:20 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax, __cfruid=3e39dd629d25bb094d15b8ac5e40f4d0aedf8446-1715364080; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None, _cfuvid=_9NmOOYzoM3Sn0.str96mhaO.8ac9YUq9YHI_5b9jqs-1715364080236-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 google
x-content-type-options: nosniff
etag: W/"6f-O8EuL13iL1+dnZ/7Ku5r5bdRWNA"
server: cloudflare
cf-ray: 881bd5785e5b5697-OSL
content-encoding: br
|
|
| login.restorecord.pro/assets/3341.1a1f8595a0c8fc9f99cf.js | 172.67.150.238 | 200 OK | 8.5 kB |
URL GET HTTP/3login.restorecord.pro/assets/3341.1a1f8595a0c8fc9f99cf.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (8843), with no line terminators Hashe26a8efc5dde624130372229258ab5c8 6fb44998a93cba1ead19a776409849a6c50bebe7 6302c624d089c3bcde5638a15d621c0f664857468478526bcac9b419ddc6d81f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/3341.1a1f8595a0c8fc9f99cf.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"211e-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFq3UPjs6A6dKyWuggtBM1s1R4ak%2F4eMUSKOlLjLAU7pT8yoyVDntW1eE5uVxxY5SpRLSVlZVR0cmmiyv%2BHXfspHCIj364rqhgk%2FK4WEIGdYtkKKS%2F0WSpEyPS0NoUyd6sO7ikhwhG0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc825697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/47470.c4ab7647d25b8ac58ca8.js | 172.67.150.238 | 200 OK | 312 kB |
URL GET HTTP/3login.restorecord.pro/assets/47470.c4ab7647d25b8ac58ca8.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size312 kB (311789 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/47470.c4ab7647d25b8ac58ca8.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"4c1ed-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ooBqKOPOW1CvDVexGf8pcZ2Z0Q73ECvG905PtSrEOGkTpT3OdStgzWXrNQMusiCVlYb3T8eN%2F3zRmiiE%2FraxLPSVFY5DGV39gNrP%2FMef7CNr3OcmPzrF%2F2KE81YhHaAHTzBOY7haq9Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ecc855697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/78891.2eacf9854660d1cbcc66.js | 172.67.150.238 | 200 OK | 8.4 kB |
URL GET HTTP/3login.restorecord.pro/assets/78891.2eacf9854660d1cbcc66.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (8513), with no line terminators Hash4864c337a44bd2d3badf7670471a790d f64d984f97d5a1acce5a839417b7aa0f61a55095 3a7141586692ac441533e43942e1aefc2d326389e094aa7c78834f8e3ad48da1
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/78891.2eacf9854660d1cbcc66.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"20de-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QUFCl7uspQ7VSDyqM3o%2B21vAehu3eiT51W7Xb3K2YvyTQoyR54rc%2FyYAXtkrRMctkAM6Yl8K%2BqfVIgBCm4alY3wYDO4BAxV9ts5RmzdAfgLIArkDnYCoqVA0t%2FEQmaKSZTNJiD78RiY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f5d485697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/e9e649f003bbece806b1.js | 172.67.150.238 | 200 OK | 16 kB |
URL GET HTTP/3login.restorecord.pro/assets/e9e649f003bbece806b1.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (15715) Hash6a513e08bb57247ee2a7f7f28392d957 9ad8a8814f81f63d7e6302f913b45a047f2e8985 e6a791274ec54c4a3ac6c8b2f7a2689d04e9579f00b218e9e849abae247c0fc6
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/e9e649f003bbece806b1.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:38 GMT
etag: W/"3d94-18d27c37750"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGgbBprv7dm%2FvRWlVMHz9xbMZSSxaafitIOjNcoElR5Shu%2F5T2G8RStcanJcxIeARs6h4Um8uq%2FSTTPUSi4jzxQDw9xPaSqVivyx%2Fjobb2EnFlZbs77zMG1ZkHm7pmh1Rp6lYxA6Pz8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd573afdc5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/adf75861421c2a6a6269.png | 172.67.150.238 | 200 OK | 1.5 kB |
URL GET HTTP/3login.restorecord.pro/assets/adf75861421c2a6a6269.png IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typePNG image data, 100 x 100, 8-bit colormap, non-interlaced Hash092b071c3b3141a58787415450c27857 d7002b9404799e18bab34e931a6f2e23ab1ba3a4 f1ca5949ef43d0a6130a1176794b4b38b393f2638c6cc5c2b8449adb6ed3f144
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/adf75861421c2a6a6269.png HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:19 GMT
content-type: image/png
content-length: 1532
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:34 GMT
etag: W/"5fc-18d27c367b0"
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AB0Dn%2Fr4x4OCuFH9dfX4utFKTz3EBwp5m%2FdA%2F98KlRBBQ0xo6aZeHtxV8cPVdCB70kocoRy4WjD7G2z%2B54%2FT3gyLMdBDD3GxJHx9Todh5ktbqOyr0KHruOTeY6kLGDfg9ZDhx3MMWKo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd5786e5d5697-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/71193.ad9560e90cdc0645a7a0.js | 172.67.150.238 | 200 OK | 774 kB |
URL GET HTTP/3login.restorecord.pro/assets/71193.ad9560e90cdc0645a7a0.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Size774 kB (773921 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/71193.ad9560e90cdc0645a7a0.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"bcf21-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2cGhw3IkrWbU9jD9YSq6jK8XaGggGhTwkeyrLaeI2oplWmOEagaHD58gqQ1E0Gp1KDFKsUPQfOuHrhRRjfWPNz4sUyHrbyFbU7hGPpuubhH%2BY8Tukns%2FMtQyiSISpQAbQnY95VYL3Lg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55ebc4b5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/43870.0bfb9a80f88725fba82a.js | 172.67.150.238 | 200 OK | 13 kB |
URL GET HTTP/3login.restorecord.pro/assets/43870.0bfb9a80f88725fba82a.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (12536) Hash4a5dbaaa2de36a47b31cfed187c7010d 2dc2fe96364b7908203d990daadb8a927b3ad490 fbcde0bc982ed39ff1a8f01ed530ec98f3dc846c75b6323dcae398779766af74
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/43870.0bfb9a80f88725fba82a.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"312f-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLYcn6Eos32nXPoHUMMmkFarCoMXkdxON2QB37p9EHJwJExGKmBBjffhUajHoZFdvcddpDqqBJgXDWlB8AI7KH38kO3ojYVYTTtYa%2FLLexd1P6f3v4Oco%2BqTtDQBQRrqovkHRLUuvx8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eecab5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/27043.105ce50242094adf158e.js | 172.67.150.238 | 200 OK | 91 kB |
URL GET HTTP/3login.restorecord.pro/assets/27043.105ce50242094adf158e.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/27043.105ce50242094adf158e.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:16 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"16445-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CaoDduTUKeQirkQLXnYx6Gww4rGQu4eofSknHQYfYmlbOglt4TrpFclDVvsf3kksjHSp2uj%2Bk9VPoxK92Svxr6bfgqamjjWE1JWe99QRHe55uTqtSvR64WRJSZJtYNCQHRP1LsuBOL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f3d275697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/37580.f4011cf1c76f3c28f15f.js | 172.67.150.238 | 200 OK | 24 kB |
URL GET HTTP/3login.restorecord.pro/assets/37580.f4011cf1c76f3c28f15f.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (24059) Hash57c8c6f403f66b72ca058bfa2a84d58e e19ca14f4bb25d322910c510f04ef2429487a2ae 934565da3cbcca91b42b6e506c8586d87297ee0d781d1eb7a73d006641a5a5ea
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/37580.f4011cf1c76f3c28f15f.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"5e32-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VXjvQwZsfN1SnSmtOqn7Wn7UNWqA9gnsUn33v%2B3mZXJkWacYVLZKE9uE2q0aSUsLNxVAQEiosh4cvTpdONPyGWBHxr9gzwUzmyhseMMXbQddbiZUSbBqipYai5n%2BkWowFa3Upl6Z97Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55eecb95697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/74836.b991877dde75f9619c99.js | 172.67.150.238 | 200 OK | 20 kB |
URL GET HTTP/3login.restorecord.pro/assets/74836.b991877dde75f9619c99.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (19958) Hash5de4f60b4efa8bb9454edb13d1cb9d83 5eb21a1fb900d78a23b781b715ee7f3eeb52b672 b6399a12a07f326a303c82e16981091cc42b529ea9f8b0c6986a0d7e91036692
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/74836.b991877dde75f9619c99.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"4e2d-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J6x5Q0JS7l6iEn8tCOLJVskNt3tltLvony1TgKJnTc4aECJIOrpUxSAyGK4SU5wlN6f%2BRlL%2B%2BwiG7qbImwkGLGihE5dyg4YqSVSqWlkPjQwG393U4ywiM1gGeVCLSyEHza9BTtmUyfM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55efcdc5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/49191.4c47aae235ac3c0cdcd4.js | 172.67.150.238 | 200 OK | 13 kB |
URL GET HTTP/3login.restorecord.pro/assets/49191.4c47aae235ac3c0cdcd4.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (12692) Hashd4ce6646e8d5ffda699497912a3eebd1 4a805ee77c49b82538f97e189c6fe64763b596af 27303c6d56e622d841fdf0dbe19d3b61ba24b4d9ed0f0063554d40d051419a8f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/49191.4c47aae235ac3c0cdcd4.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"31cb-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltV%2FiGjGNGE1ku7PMg7RnVsuh1aE%2FI8%2BnqR229Y0obxSDN14Q4TOfnapexwEHbM6Sq1A2pRCkDA9Mcnq8OLXzgMd%2F0U%2Bo7bxRvdpYx4%2Fi2tjCrBvFdb1ZhJOfOXSUPw2FAwRvowCaB4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f0cec5697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecord.pro/assets/46541.c33eae8d471e53d0e4b0.js | 172.67.150.238 | 200 OK | 11 kB |
URL GET HTTP/3login.restorecord.pro/assets/46541.c33eae8d471e53d0e4b0.js IP172.67.150.238:443
Requested byhttps://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ CertificateIssuerGoogle Trust Services LLC Subjectrestorecord.pro Fingerprint53:78:B2:47:A7:06:FE:D3:DB:B4:E6:40:78:0E:91:2D:AE:89:08:45 ValiditySun, 05 May 2024 01:51:52 GMT - Sat, 03 Aug 2024 01:51:51 GMT
File typeJavaScript source, ASCII text, with very long lines (11221) Hash5ae0a08a3f12c1e8188baa3c52edfdd0 f557a1633dafe82e67dc1c79430a29e8c2770c1a 8c9541c705b78af92818361f371dffe2932fe667fe5bddfff23a10a94b0e9491
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /assets/46541.c33eae8d471e53d0e4b0.js HTTP/1.1
Host: login.restorecord.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://login.restorecord.pro/login?redirect_to=/oauth2/authorize?client_id=1233477026757742700&redirect_uri=https://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state==0TPRZWa402Y3VzQalXOykFbKNjYw4EWalXNpJGckJjYzpUaPlGNXFGaxIjYrp0QMlWSU9EbRV0TslVVPxWQqJFbRRVUsFVVPxWSUJFbnRVTDpEVKdXSUpke412YwR2VSdXSUpUdWdlWVpUaPlWVXJGa10WSz1keNBTWU1EMRpmT6VFVNNTRq9UaNhlW5x2RjRjVtl0cJNUT3NmaNBzY65UMjpmT5FkeONTU61keJRVTp9maJtGbFRWdWdVYz5UbJNXSD1kMFpWT4FkaNRTS65kMjR0T6FleNNTRU1UavpWSrxWRaNHbXRmbKlXZ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 18:01:15 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=14400
last-modified: Sat, 20 Jan 2024 16:45:36 GMT
etag: W/"2c0c-18d27c36f80"
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7mrSIz7xTrb8icm4E6nm8WGcPu%2BCdgMMiPO4ISC%2BsXJGUIDsON7QWOQ6YOryN2ZdobS2v4xq4xhuBLsUgy%2FLHSmqt0InC2l4vyzwgK5shGDsepJg6NLCtli2a%2BSV29JVhbt5wpJS1%2Fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bd55f2d065697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
104.21.0.118
0.0.0.0