| login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ | 188.114.97.1 | | 7.8 kB |
URL User Request GET login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ IP188.114.97.1:0
File typeHTML document, ASCII text, with very long lines (17723), with no line terminators Hash8d197731271ad818faec603d0ced9d5b cd85a2c6318680e79958b6c298a9cfccb812c7cc 6957abda9e114e4337e455ccc7e59449b78f92fa9aab60d461b62cf8ecf7e876
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 20:13:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: fOYI+xIRxERTwMbHAyK1M6KLh64Ia19tRIog84AW5SmJjbr6WKIgnUB0aWgzxfSxkf7Lodu9X6mDsnrTG2JTlKvtbq+RvwYdasDsWfdu1/g=$yErXavtqQTFW5LLxzWEzfg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xq%2BZ7XsQkSeQ9WJguUciD3CboFMn5HPTkOo3IvhZaZEcz2J53hXst8WmD1bup44oSRrgsHxfov8rW1kF6aKmiFJzy%2BUiMr3BfydwP%2BvSoeSc7DAloE3QjdeAc7N1tUTJIEEHTOP%2BptFds%2Fe85cPnXJk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d06efb4b518-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d06efb4b518 | 188.114.97.1 | | 115 kB |
URL login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d06efb4b518 IP188.114.97.1:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size115 kB (114912 bytes) Hashf242b61d6adef42f7a242866ab27cd80 907b923f538f7d0879495ba0201b20c9eda50aed 61a21e2915b115f71ed4c3a550ae0b60d4aa855a6e065f47c3c8349b415f8e9a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d06efb4b518 HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=g76LfOImrBIYm2aprvB4cMpV2KoHxciXuFvio5tbj4Q-1715199238-0.0.1.1-2794
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 20:13:58 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WrVMyqgrWXfjRf6NW%2B6chQF%2F1zGZ9XljE9FY9hPag2dWYN%2BS1pccpyAaCBvT%2Bu%2B5IpOPte7nnoFvXRvQ8j4sXSgDSHslCYpsPzKygSHJa4FizNg49s5%2FDbe%2BOswudJm57OW61XXad4QswxAh%2BTQ94z0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c1d087e0bb511-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/flow/ov1/1547152000:1715196530:NQIZIJMasv7hy0iqy93JhI8XH26UeymQD1Wxuhn9lh8/880c1d06efb4b518/99c2687ceaa2951 | 188.114.97.1 | | 12 kB |
URL login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/flow/ov1/1547152000:1715196530:NQIZIJMasv7hy0iqy93JhI8XH26UeymQD1Wxuhn9lh8/880c1d06efb4b518/99c2687ceaa2951 IP188.114.97.1:0
File typeASCII text, with very long lines (16272), with no line terminators Hash91cf4561935b4cc094df9781ec9b54f4 164e1e5bfdf2f2280a05e144fc5b47aac6508338 31381f6f02aad7cc8200f0004dbe123761aa00a9cedab091bd40ffe1e22be836
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1547152000:1715196530:NQIZIJMasv7hy0iqy93JhI8XH26UeymQD1Wxuhn9lh8/880c1d06efb4b518/99c2687ceaa2951 HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 99c2687ceaa2951
Content-Length: 2539
Origin: http://login.restorecordsecure.online
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 20:13:58 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: J3LJhCeOwAa2xgBURux5L4WABoRbajFJw3ft9zYPsBREqR3QNc1dnMpmdFQtVxyM$VvKp7wmyLbEQm/7B7TunrQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VzaiYncRQLQRT2B9%2BwWS%2FUvZqh%2F5YD7ynJQ2X82G5mIQYkoZyMKFzpkwd2v%2BpuHXnxTX7ypbt5kDlUbBdzBeJ6IpjnmnB9fz1Yxlqi2DQe9X1RMhib2MpnoNfQk4V9JMr3cqdEFrK%2BV6UBI2WcUCj20%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c1d0a3a01b529-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/favicon.ico | 188.114.97.1 | | 0 B |
URL GET login.restorecordsecure.online/favicon.ico IP188.114.97.1:0
Requested byhttp://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=g76LfOImrBIYm2aprvB4cMpV2KoHxciXuFvio5tbj4Q-1715199238-0.0.1.1-2794
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 20:13:58 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aSTAI0Sg0wz8ntBua%2F8NzSPzvHBu%2F%2BBWzukJqScI5kV9pNK2AvJ39y2ItZ%2FyYElWuwv353xT%2Bou4tbCuxjH4BKBO5xcTdyLC8Zj1JklOXwfYligq4Pj%2FjX1MBGmhxbhQaZiosYuR2bR6cjx9avm9aa8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d091f2bb511-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/favicon.ico | 188.114.97.1 | | 0 B |
URL GET login.restorecordsecure.online/favicon.ico IP188.114.97.1:0
Requested byhttp://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 20:13:58 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sp4LnL6HfBIhF%2FuXeExOpTArZizbYd0vQbWWMYApXFFg3YTL6IyBooCxMFZqzBrnsw2UQ6K3NA2YaQeCuG2zY4p4yRLjeByR7rKRJq11Uyl8zICLepx6bN9VI0AWwnvp25%2BmiiC7qsa2eegntebu9M0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d099c0f56b9-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/f548i/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:13:59 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880c1d0c3bbeb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/f548i/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.3.184 | | 298 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/f548i/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (41702) Size298 kB (297775 bytes) Hash515210f01fb3893eea6e202cca103502 2f1c1a45ef7aea58f5457306d2dbc671213570ba a0c0242a9cff74f2be7f0287a51701ba3633235734a4b20c1d1e08b52d668b0c
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/f548i/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:13:58 GMT
content-type: text/html; charset=UTF-8
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
referrer-policy: same-origin
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
vary: accept-encoding
server: cloudflare
cf-ray: 880c1d0b6a5fb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880c1d0b6a5fb521/1715199239439/LfQnz4Ju_hjvORs | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880c1d0b6a5fb521/1715199239439/LfQnz4Ju_hjvORs IP104.17.3.184:0
File typePNG image data, 66 x 73, 8-bit/color RGB, non-interlaced Hashb9fc08ace42672d0c6820d4f53904552 e03147292a0f35818f3e4afea6af1508d1a98d46 a881b9955a9488be5cbefc2498287d458f1e7fe93f2f0dd96cd6eb8bffae5a20
GET /cdn-cgi/challenge-platform/h/b/i/880c1d0b6a5fb521/1715199239439/LfQnz4Ju_hjvORs HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/f548i/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:00 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880c1d1429ecb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/flow/ov1/1547152000:1715196530:NQIZIJMasv7hy0iqy93JhI8XH26UeymQD1Wxuhn9lh8/880c1d06efb4b518/99c2687ceaa2951 | 188.114.97.1 | | 1.8 kB |
URL login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/flow/ov1/1547152000:1715196530:NQIZIJMasv7hy0iqy93JhI8XH26UeymQD1Wxuhn9lh8/880c1d06efb4b518/99c2687ceaa2951 IP188.114.97.1:0
File typeASCII text, with very long lines (2328), with no line terminators Hashe8da3798752441971038e2a64dd3f687 63729b392576c6ef1eb8277bac74b07bb304b94d f3bf0a6d947e7122e295c68478d6e843e715e5f1f32d2963887d592b135bb52b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1547152000:1715196530:NQIZIJMasv7hy0iqy93JhI8XH26UeymQD1Wxuhn9lh8/880c1d06efb4b518/99c2687ceaa2951 HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 99c2687ceaa2951
Content-Length: 3220
Origin: http://login.restorecordsecure.online
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 20:14:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: rEot4B7FEZguBDUscNetXA==$OhuuqG2BPe20j1S0nDxGmQ==
cf-chl-out: NH+acUVgu+39+djY+71smbvmZ52rxgknusG7BSzlWmZ3GwVb+79EN+RK9tBXKIkgLUEctZNG5Tkrt/NpgnZ0eA/EM+9385BebKWm4gF3Pbw=$I2pUrFgYjvvlD1vhLPdt2w==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r2%2BtdeMXOzod8x%2FKcolnKIkSmPHxVhWESUJoBPgSVSm%2F5hY%2FB5ZA9CkEg3fXhVjz4Jo%2Fgc89BEc6e6JPPCztY0Az0rMKP6WdoYsfvwr2keKXP6hayGuENEDxX5FR1EPOTzu7a9tuSFufiQ1yGDXK2pM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c1d35a9c6b511-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ | 188.114.97.1 | | 7.8 kB |
URL User Request GET login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ IP188.114.97.1:0
File typeHTML document, ASCII text, with very long lines (17744), with no line terminators Hashf351e5371cab3e6e0593c955f6111c26 dde2e9a1b86fcd4cecaf0e31f7be293a18c60b04 c90d15848645bae750669689d7376f7708982ce7fcf183be5260ce214dc8d229
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 20:14:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Cd9+OhoniNP7oihZFpgrhkJ1xWPYvS32U3FxchsgOoP582/BYpNrVvihpF3eRgPp6uRil86mXXW29xtrE9E6bjlkBySRTWcRvYcTenckyZw=$9hfSnuUTU90IK1Fymdt7AQ==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aIZ%2BBon%2Bm1axH7RSRPXBGMqtPYLqnmr8x7OUWfPFaFUVkckBmZIwxe8ZJZfUgs5u9%2BfN729J86Ik%2BnPuoMFH7QMYYCKASSBjSisFd0bBh21hrrvBMIXmkqUdI9BLnBuwF2vvExO3SLl0Gox6SEsogvw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d428887b511-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d428887b511 | 188.114.97.1 | | 111 kB |
URL login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d428887b511 IP188.114.97.1:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size111 kB (111048 bytes) Hash35003e590f9969a72a2ff28bb48e8687 6f597354f7356f1fc5d90a2df600dd996fe12fe9 bd3096b57abc69895301a5f1e488085ef48bec3dc8c8a5365d6b87e7384a5a5f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d428887b511 HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=Cct5UpSmp2iz9gIjhlWywK47YZru._E.a4rlciffFrM-1715199247-0.0.1.1-2794
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 20:14:07 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9eIIIojegzENUIKNw3dwzWQop7I0FE3fx73IjJbiuOOxwe9rsvx6DMhSsOEAUeI2x0F%2BehFGroIflsCaJyfpF%2F1oFFuCyxuh1e8bwyOi7Z3OYxFncaU17uQX8L5RnCZzMM8E%2BapnxuXN%2Blmz54w7c3I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c1d42ea8eb529-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/favicon.ico | 188.114.97.1 | | 0 B |
URL GET login.restorecordsecure.online/favicon.ico IP188.114.97.1:0
Requested byhttp://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=Cct5UpSmp2iz9gIjhlWywK47YZru._E.a4rlciffFrM-1715199247-0.0.1.1-2794
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 20:14:07 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 9
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i34edxrK7Cmke43ux12OyOqEbip6BTCfbMDIQRyidDDkhm68uqHSfWqgseavtYtsmbaaJJdtZiL8isx17PTcac7pwg46eUgbiJOAgzHAcFtn%2Fs3jPx0BdJWkk0Y%2B1ikcFe4xduTybo%2FK3gKFoxbdI3o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d433af8b529-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/favicon.ico | 188.114.97.1 | | 0 B |
URL GET login.restorecordsecure.online/favicon.ico IP188.114.97.1:0
Requested byhttp://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 20:14:07 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 9
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AGDO2yaaTN9HWlukVUnTLuEIyWaLXV2bOdj5Ah71ymIDwSyQCgUHqZBTtejQQsxgsZAfJMsw47MZ%2BG532%2FtbPBes5TV8KPOixrBF3kRk2%2FdMRySGe1GmgyOtnX%2BpkgMhzKveDJsaUbxqw7aYQXXOm0s%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d439ba1b529-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit | 104.17.3.184 | | 27 kB |
URL challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit IP104.17.3.184:0
File typeJavaScript source, ASCII text, with very long lines (42565) Hasha5b92920e25651d2058f4982a108347b caeeadd68d38fdb681c52006c68880abc2e8a1a6 49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5
GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://login.restorecordsecure.online
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:07 GMT
content-type: application/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
cache-control: max-age=604800, public
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 880c1d43afbeb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/tal6f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:08 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880c1d461bdfb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/977647460:1715196673:OehIJtNv1Kr_TFVXj973wk__bhPUXSW0ENANLHbf0Cg/880c1d0b6a5fb521/f8bae189490df16 | 104.17.3.184 | | 4.8 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/977647460:1715196673:OehIJtNv1Kr_TFVXj973wk__bhPUXSW0ENANLHbf0Cg/880c1d0b6a5fb521/f8bae189490df16 IP104.17.3.184:0
File typeASCII text, with very long lines (960), with no line terminators Hash64ecd19044167a4b10e80f4332c366f2 efb15c4189b4111781b5219a7176f8e1f2e299d3 fce959303cfa1c6f78501593fe659bf48526e26483c1764ec791948d80fd8e13
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/977647460:1715196673:OehIJtNv1Kr_TFVXj973wk__bhPUXSW0ENANLHbf0Cg/880c1d0b6a5fb521/f8bae189490df16 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/f548i/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: f8bae189490df16
Content-Length: 41955
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:05 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: etTnlZqiPVrzPJEgob8v5A==$OvD9z2J2axSIdJM9CMOMzw==
cf-chl-out: JOZ34u/1v9JaFdSNipgDbNsWbB3tFFDRx/683MgjDW3yryJCkcZ15nYaC4WzDvliNxfaNerbDvlXHjbZjzjyDpPCSfAbuR8gJz8VSoa26OQ=$ngc1Gkc8Cgr5eMEZMtVu1w==
vary: accept-encoding
server: cloudflare
cf-ray: 880c1d34dce0b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/tal6f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.3.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/tal6f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hashc7f71e2fc8a1f2569d0417e2bbe52828 07271317adeca844300942dbfbcb56544c67cb69 39428c61bb277d9db2cac9f08c006457739578b42b4f4950cb5f9c6f67d57e90
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/tal6f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:08 GMT
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
referrer-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 880c1d455aaab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/190231837:1715196655:Esxj4-r8oEKxZdIWdE6SE8NPTth_vZIIoJvxi8_BtuA/880c1d455aaab521/e307a18e3849fa0 | 104.17.3.184 | | 29 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/190231837:1715196655:Esxj4-r8oEKxZdIWdE6SE8NPTth_vZIIoJvxi8_BtuA/880c1d455aaab521/e307a18e3849fa0 IP104.17.3.184:0
File typeASCII text, with very long lines (22312), with no line terminators Hash725bc94489f66ba5157e9ba2120b72f6 49db6ac2cd5784a95aea077f842639b6ea71b078 46b3c816401c6d90d2cb60a1b7937b5d1e57111ebd93f91179caeccf302428c0
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/190231837:1715196655:Esxj4-r8oEKxZdIWdE6SE8NPTth_vZIIoJvxi8_BtuA/880c1d455aaab521/e307a18e3849fa0 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/tal6f/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e307a18e3849fa0
Content-Length: 28862
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: c8tCqmZ2La76G6qeunp6eGjQKsBk41QwdSYklQcipKFmFXj9NrtZUECXVQDXk5W2$zZ9PFcALrZjIx2UOQDjV/g==
vary: accept-encoding
server: cloudflare
cf-ray: 880c1d585c74b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/flow/ov1/1840022240:1715196502:z3YLVNb1ySQFUinME8Yj3IToge4YkhhHmfZo4p9Lt8U/880c1d428887b511/9f536f94c41726c | 188.114.97.1 | | 1.8 kB |
URL login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/flow/ov1/1840022240:1715196502:z3YLVNb1ySQFUinME8Yj3IToge4YkhhHmfZo4p9Lt8U/880c1d428887b511/9f536f94c41726c IP188.114.97.1:0
File typeASCII text, with very long lines (2328), with no line terminators Hashb7f1fe595091b7fe126923bc9365d3ee 5e68816c6a8ba875186e2fbce367d7424ae13e3a 850ac6e57006b21c3abc007674feeb2f83c2834cb95ba8cb16105157ecbf1ad9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1840022240:1715196502:z3YLVNb1ySQFUinME8Yj3IToge4YkhhHmfZo4p9Lt8U/880c1d428887b511/9f536f94c41726c HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9f536f94c41726c
Content-Length: 3223
Origin: http://login.restorecordsecure.online
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 20:14:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: sWEP/lO3nHuYl3270sQhPg==$3FtykEHeWyq5YQxUdXuESA==
cf-chl-out: Jmhhjmbc83qg2lZcorN9Sd4VInWiGwPTRmw8m/WHc97jTz9pmXFAsbTUhBEVqvWPzH4pgoRW6cxFiGqRkG1qWz6sxS88lvoFxsNYp5a6+0Y=$Qk54BmJ32bY0PQCDlTOzfQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZa9m29GCvhABZoGq26LYcFEigidPhVTz5R8UVCRg8j8NmStW99dkbr1FQnfJwZGh%2FqX%2B0SKzn8vRMfurfPyX6hBuvgHPzEuoQ0W7HdZYgZpOVML6Ke8eAbDdvj%2BzmdkwGxeU0xOmgN6L1i7dKY61hQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c1d79b899b529-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ | 188.114.97.1 | | 7.8 kB |
URL User Request GET login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ IP188.114.97.1:0
File typeHTML document, ASCII text, with very long lines (17742), with no line terminators Hashd4c86b0b04ff6d5c2dfc9c126091a47b a04cdbf7c68624952ff8d77cc8183cd58ad60652 6d2e54e8fb1e33f503d4c439efe10f1e0bb2c305f2d6251c52431a392e33c1c6
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=2
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 20:14:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: OwjvIYTu3ckzup9HCkRD9d8jL5ER1insMPHDy/fJmNKcsncTvYzXTX/tkeLTvNpe7wSquuiE4LYClb2ph+sYSnybrGD/xw//X4Vags+2p2U=$G2N59tv8/7SJtYVw9b1sOA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qzcLlqYYMOCq5oRftVzcOiE%2BZzClXE1ggroZ9R0LkVfPGnMgSkAMVSe2UFifn%2Fc9DwIHNhop6oygyyMw6jS0zI%2BhJV0SyQnX%2BDxfvbv7yeCZxQ2DlZ2dGBWkkuVslH7BQSQTBR5crQ8Yf4HFCdnPx1E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d934a69b529-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d934a69b529 | 188.114.97.1 | | 112 kB |
URL login.restorecordsecure.online/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d934a69b529 IP188.114.97.1:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111986 bytes) Hash66109b3076bc3b747ffbab0551fa7df2 da536222c97691d2cd4d099cc69531a478430818 6136ccfddd335525d163a91bfc63b3e8152eb4f33b82c21889290ef2b7b1ce87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880c1d934a69b529 HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=hSYGn7pdk7x.4tpahec_f8K0RT2HN6i26re7yEvZREk-1715199260-0.0.1.1-2794
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 20:14:20 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kUFQUDPEM%2BXZ%2FV%2BMNwV6nQtl1bPDCH3%2BxDodDJ7bbHFLgONAT8N2fSBAWbKB%2F4w1o5ivjqmbBbGlTidRJ%2FuiftjWwZnZqIY%2B5LQGBdQ5Qs1lNTk4g0NYEGSZooRI2gdUyHvOVrqU2MQvxWOJcuLuTOk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880c1d93de3956b9-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/favicon.ico | 188.114.97.1 | | 0 B |
URL GET login.restorecordsecure.online/favicon.ico IP188.114.97.1:0
Requested byhttp://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ&__cf_chl_rt_tk=hSYGn7pdk7x.4tpahec_f8K0RT2HN6i26re7yEvZREk-1715199260-0.0.1.1-2794
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 20:14:20 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 22
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hnZ1ginXMDLBvmkV2t5LGsIok%2F5KwvnemIMI0znT%2Fv8DoPJHrT6WXLPAJsQ31KLXKOmll%2FLu6N%2BeCw5tMLQ81sXkuajJ7SUZMurALwTlfzOrnnnTHjUB%2FCt%2B%2B7T5LK3gakjd73cpBVy3YNCouaHNp2U%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d944ee756b9-OSL
alt-svc: h2=":443"; ma=60
|
|
| login.restorecordsecure.online/favicon.ico | 188.114.97.1 | | 0 B |
URL GET login.restorecordsecure.online/favicon.ico IP188.114.97.1:0
Requested byhttp://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: login.restorecordsecure.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://login.restorecordsecure.online/login?redirect_to=/oauth2/authorize?client_id=1236666744526082120&redirect_uri=http://restorecord.com/callback&response_type=code&scope=identify%20guilds%20guilds.join&state=90TUmlWVtJGc41mY2VzUalnVzkFbOhkW5ljMZxmSzIGMOhlW5VTaiBHZyI2cKl2TpRzVhhWMyI2aKNETpdGVNNkSUp0dJRlS6Z1RaFTNtF1QWlXT0UVeNZkVD1UeVNVT1U1QSRTVpJVNVNUTHZVaJZTSTpFdG1mYpd3QOJTVq10MVR1T1UEVOh3YU1kNJl3YspEWhdHaYpVa3lWS3lEVNl3ZE1kMJRlTwEleOJTWq5kMNpWT4lUaPlWUXNFM1clWwhnMZl2dplENVR0TyEkaOBTT65EeRR0T4tGROFTVE9UavpWSrxWRaNHbXRmbKlXZ
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=2
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Wed, 08 May 2024 20:14:20 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: *
ETag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 22
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gniNOn1lLgCxT8wnGP0VHWxfxUS1NA5s%2FxofTjfGdlFtedwHBAry11PRawuekwUwZYOocOmsLPbpGXo5uolgU2qQzJg9OSV5tx7et9hQocO8TSQHe4npQXe%2FY8C9rT9h%2FdG8YhjubG3%2BSGSGCoYr614%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880c1d94afa656b9-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit | 104.17.3.184 | | 27 kB |
URL challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit IP104.17.3.184:0
File typeJavaScript source, ASCII text, with very long lines (42565) Hasha5b92920e25651d2058f4982a108347b caeeadd68d38fdb681c52006c68880abc2e8a1a6 49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5
GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://login.restorecordsecure.online
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:20 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 880c1d94bb1eb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h25ud/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.3.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h25ud/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.3.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hash15862577763985e741924bc0635d6ec3 cfe0cd0708165dbac937f7a80971603e089f1ef2 4330c5bbf0bbf4ddf6d02790f519a5a55c1372f8573381713dadd8417ed4c15d
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/h25ud/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 20:14:21 GMT
content-type: text/html; charset=UTF-8
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
document-policy: js-profiling
cross-origin-embedder-policy: require-corp
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
origin-agent-cluster: ?1
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-opener-policy: same-origin
vary: accept-encoding
server: cloudflare
cf-ray: 880c1d96dfacb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|