dliscord.com Open in urlscan Pro
190.115.18.149 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dliscord.com/FH87fjeiDJFTVe14
Submission: On October 28 via automatic, source openphish (October 28th 2021, 1:13:13 am UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 190.115.18.149, located in Belize and belongs to DDOS-GUARD CORP., BZ. The main domain is dliscord.com.
TLS certificate: Issued by R3 on October 24th 2021. Valid for: 3 months.

This is the only time dliscord.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discord (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
10	190.115.18.149 190.115.18.149	262254 (DDOS-GUAR...) (DDOS-GUARD CORP.)
1	88.99.166.175 88.99.166.175	24940 (HETZNER-AS) (HETZNER-AS)
11	3

10 190.115.18.149 (Belize)

ASN262254 (DDOS-GUARD CORP., BZ)

dliscord.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.166.175 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.175.166.99.88.clients.your-server.de

cdn.igromania.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	dliscord.com dliscord.com	561 KB
1	igromania.ru cdn.igromania.ru	20 KB
11	2

	Domain	Requested by
10	dliscord.com	dliscord.com
1	cdn.igromania.ru	dliscord.com
11	2

This site contains no links.

Subject Issuer	Validity	Valid
dliscord.com R3	`2021-10-24` - `2022-01-22`	3 months	crt.sh
*.igromania.ru Sectigo RSA Domain Validation Secure Server CA	`2021-03-01` - `2022-04-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dliscord.com/FH87fjeiDJFTVe14
Frame ID: 3BC7A33D2976A3BE84420366203DCDB2
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Discord

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

581 kB
Transfer

2180 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request FH87fjeiDJFTVe14 Show response dliscord.com/	88 KB 29 KB	246ms 141ms	Document text/html	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/FH87fjeiDJFTVe14 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `bc5d388b4af035b4bc2b0f23c62d777cb86c0df7768b0de5fb2e5f8fe60ba5a9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server nginx Date Thu, 28 Oct 2021 01:13:08 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Cache-Control no-cache, private Content-Encoding gzip
GET H/1.1	200 OK	app.js Show response dliscord.com/assets/discord/js/	179 KB 61 KB	53ms 52ms	Script application/javascript	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/assets/discord/js/app.js?v=3fea243fdd Requested by Host: dliscord.com URL: https://dliscord.com/FH87fjeiDJFTVe14 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `b0816ec7480400f55531ac829623d9c6b038861c2cb6d4851c1f0007308bd26d` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dliscord.com/FH87fjeiDJFTVe14 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Last-Modified Wed, 27 Oct 2021 16:30:26 GMT Server nginx ETag W/"61797ea2-2ccad" Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H/1.1	200 OK	app.css dliscord.com/assets/discord/css/	1 MB 272 KB	224ms 115ms	Stylesheet text/css	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/assets/discord/css/app.css Requested by Host: dliscord.com URL: https://dliscord.com/FH87fjeiDJFTVe14 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `4d9986537d166bbae14f92b55b3201bacf680c2855b8d5f1c131e47b4cc269a4` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dliscord.com/FH87fjeiDJFTVe14 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Last-Modified Wed, 27 Oct 2021 16:30:07 GMT Server nginx ETag W/"61797e8f-15cef7" Transfer-Encoding chunked Content-Type text/css Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H2	200	74862201f6da70cf_848x477.jpg cdn.igromania.ru/mnt/news/f/9/8/3/3/e/88018/	20 KB 20 KB	102ms 46ms	Image image/jpeg	88.99.166.175 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.igromania.ru/mnt/news/f/9/8/3/3/e/88018/74862201f6da70cf_848x477.jpg Requested by Host: dliscord.com URL: https://dliscord.com/FH87fjeiDJFTVe14 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 88.99.166.175 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.175.166.99.88.clients.your-server.de Software nginx / Resource Hash `77e3884b74cd2a9624545acd0cfa9d82f8ce2a5b27ca51a452d86a0869c03e46` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dliscord.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers date Thu, 28 Oct 2021 01:13:08 GMT last-modified Mon, 11 Nov 2019 10:52:47 GMT server nginx etag "5dc93d7f-4f32" content-type image/jpeg cache-control max-age=2592000 accept-ranges bytes content-length 20274 expires Sat, 27 Nov 2021 01:13:08 GMT
GET H/1.1	200 OK	5724892521ce5bc348669e9f1fabe28b.svg dliscord.com/assets/	52 KB 52 KB	113ms 112ms	Image text/html	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Show image Full URL https://dliscord.com/assets/5724892521ce5bc348669e9f1fabe28b.svg Requested by Host: dliscord.com URL: https://dliscord.com/assets/discord/css/app.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dliscord.com/assets/discord/css/app.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H/1.1	200 OK	e8acd7d9bf6207f99350ca9f9e23b168.woff dliscord.com/assets/	88 KB 29 KB	114ms 114ms	Font text/html	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/assets/e8acd7d9bf6207f99350ca9f9e23b168.woff Requested by Host: dliscord.com URL: https://dliscord.com/assets/discord/css/app.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `bc5d388b4af035b4bc2b0f23c62d777cb86c0df7768b0de5fb2e5f8fe60ba5a9` Request headers Referer https://dliscord.com/assets/discord/css/app.css Origin https://dliscord.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H/1.1	200 OK	746a4f241e03deffc59b08c5650cf458.woff dliscord.com/assets/	88 KB 29 KB	241ms 146ms	Font text/html	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/assets/746a4f241e03deffc59b08c5650cf458.woff Requested by Host: dliscord.com URL: https://dliscord.com/assets/discord/css/app.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `bc5d388b4af035b4bc2b0f23c62d777cb86c0df7768b0de5fb2e5f8fe60ba5a9` Request headers Referer https://dliscord.com/assets/discord/css/app.css Origin https://dliscord.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H/1.1	200 OK	88055567e3d928bcb1e67e967081572e.woff dliscord.com/assets/	88 KB 29 KB	242ms 146ms	Font text/html	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/assets/88055567e3d928bcb1e67e967081572e.woff Requested by Host: dliscord.com URL: https://dliscord.com/assets/discord/css/app.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `bc5d388b4af035b4bc2b0f23c62d777cb86c0df7768b0de5fb2e5f8fe60ba5a9` Request headers Referer https://dliscord.com/assets/discord/css/app.css Origin https://dliscord.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H/1.1	200 OK	3bdef1251a424500c1b3a78dea9b7e57.woff dliscord.com/assets/	88 KB 29 KB	246ms 146ms	Font text/html	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/assets/3bdef1251a424500c1b3a78dea9b7e57.woff Requested by Host: dliscord.com URL: https://dliscord.com/assets/discord/css/app.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `bc5d388b4af035b4bc2b0f23c62d777cb86c0df7768b0de5fb2e5f8fe60ba5a9` Request headers Referer https://dliscord.com/assets/discord/css/app.css Origin https://dliscord.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H/1.1	200 OK	be0060dafb7a0e31d2a1ca17c0708636.woff dliscord.com/assets/	88 KB 29 KB	250ms 149ms	Font text/html	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://dliscord.com/assets/be0060dafb7a0e31d2a1ca17c0708636.woff Requested by Host: dliscord.com URL: https://dliscord.com/assets/discord/css/app.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `bc5d388b4af035b4bc2b0f23c62d777cb86c0df7768b0de5fb2e5f8fe60ba5a9` Request headers Referer https://dliscord.com/assets/discord/css/app.css Origin https://dliscord.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:08 GMT Content-Encoding gzip Server nginx Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control max-age=1800 Connection keep-alive Expires Thu, 28 Oct 2021 01:43:08 GMT
GET H/1.1	200 OK	439112b388adcac969dc066d30767b76.png dliscord.com/assets/discord/images/	2 KB 3 KB	52ms 51ms	Image image/png	190.115.18.149 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Show image Full URL https://dliscord.com/assets/discord/images/439112b388adcac969dc066d30767b76.png Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 190.115.18.149 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software nginx / Resource Hash `703e0c41341ad2e5143dc8d47d414e10aeaa5f052d399d951c3df0d3f1883a2e` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dliscord.com/FH87fjeiDJFTVe14 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Thu, 28 Oct 2021 01:13:09 GMT Last-Modified Wed, 27 Oct 2021 16:30:07 GMT Server nginx ETag "61797e8f-996" Content-Type image/png Cache-Control max-age=1800 Connection keep-alive Accept-Ranges bytes Content-Length 2454 Expires Thu, 28 Oct 2021 01:43:09 GMT
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e9998bd24a950cfd9d7c764725fa317a9d665591d590c2c6100ae7e5a61591ef` Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discord (Instant Messenger)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			dliscord.com/	1970-01-19 22:26:28	Name: lumen_session Value: sZ2e2anVSFZxtzDYG7FAiuBfOSw0WMVsNcqa5X4S

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: Failed to decode downloaded font: https://dliscord.com/assets/e8acd7d9bf6207f99350ca9f9e23b168.woff
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: OTS parsing error: invalid sfntVersion: 1013478509
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: Failed to decode downloaded font: https://dliscord.com/assets/746a4f241e03deffc59b08c5650cf458.woff
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: OTS parsing error: invalid sfntVersion: 1013478509
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: Failed to decode downloaded font: https://dliscord.com/assets/88055567e3d928bcb1e67e967081572e.woff
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: OTS parsing error: invalid sfntVersion: 1013478509
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: Failed to decode downloaded font: https://dliscord.com/assets/3bdef1251a424500c1b3a78dea9b7e57.woff
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: OTS parsing error: invalid sfntVersion: 1013478509
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: Failed to decode downloaded font: https://dliscord.com/assets/be0060dafb7a0e31d2a1ca17c0708636.woff
other	warning	URL: https://dliscord.com/FH87fjeiDJFTVe14 Message: OTS parsing error: invalid sfntVersion: 1013478509

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.igromania.ru
dliscord.com
190.115.18.149
88.99.166.175
4d9986537d166bbae14f92b55b3201bacf680c2855b8d5f1c131e47b4cc269a4
703e0c41341ad2e5143dc8d47d414e10aeaa5f052d399d951c3df0d3f1883a2e
77e3884b74cd2a9624545acd0cfa9d82f8ce2a5b27ca51a452d86a0869c03e46
b0816ec7480400f55531ac829623d9c6b038861c2cb6d4851c1f0007308bd26d
bc5d388b4af035b4bc2b0f23c62d777cb86c0df7768b0de5fb2e5f8fe60ba5a9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9998bd24a950cfd9d7c764725fa317a9d665591d590c2c6100ae7e5a61591ef

dliscord.com Open in urlscan Pro 190.115.18.149 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

581 kBTransfer

2180 kBSize

1 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

10 Console Messages

Indicators

dliscord.com Open in urlscan Pro
190.115.18.149 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

581 kB
Transfer

2180 kB
Size

1
Cookies

11 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!