![](/screenshots/7361c45c-ad4b-48bd-9eaf-a7e4830d3199.png)
discord-cliker.ru
Open in
urlscan Pro
2606:4700:3035::ac43:95d5
Malicious Activity!
Public Scan
Effective URL: https://discord-cliker.ru/lJvcLHmitPj7aneD
Submission: On July 24 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by E1 on July 24th 2022. Valid for: 3 months.
This is the only time discord-cliker.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Discord (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 13 | 2606:4700:303... 2606:4700:3035::ac43:95d5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 95.216.163.127 95.216.163.127 | 24940 (HETZNER-AS) (HETZNER-AS) | |
14 | 4 |
ASN24940 (HETZNER-AS, DE)
PTR: static.127.163.216.95.clients.your-server.de
api.qrserver.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
discord-cliker.ru
1 redirects
discord-cliker.ru |
293 KB |
1 |
qrserver.com
api.qrserver.com — Cisco Umbrella Rank: 62538 |
771 B |
1 |
vsempohui.ru
vsempohui.ru |
|
14 | 3 |
Domain | Requested by | |
---|---|---|
13 | discord-cliker.ru |
1 redirects
discord-cliker.ru
|
1 | api.qrserver.com | |
1 | vsempohui.ru |
discord-cliker.ru
|
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
discord.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.discord-cliker.ru E1 |
2022-07-24 - 2022-10-22 |
3 months | crt.sh |
*.vsempohui.ru E1 |
2022-07-10 - 2022-10-08 |
3 months | crt.sh |
*.qrserver.com R3 |
2022-06-22 - 2022-09-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://discord-cliker.ru/lJvcLHmitPj7aneD
Frame ID: 124A55400EBDDCBBEBD275F6AC4D9CF3
Requests: 16 HTTP requests in this frame
Screenshot
![](/screenshots/7361c45c-ad4b-48bd-9eaf-a7e4830d3199.png)
Page Title
DiscordPage URL History Show full URLs
-
http://discord-cliker.ru/lJvcLHmitPj7aneD
HTTP 301
https://discord-cliker.ru/lJvcLHmitPj7aneD Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Register
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://discord-cliker.ru/lJvcLHmitPj7aneD
HTTP 301
https://discord-cliker.ru/lJvcLHmitPj7aneD Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
lJvcLHmitPj7aneD
discord-cliker.ru/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.f792202d.js
discord-cliker.ru/static/js/ |
263 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.7f229e37.css
discord-cliker.ru/static/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background.3064a01197d930783984.svg
discord-cliker.ru/static/media/ |
46 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lJvcLHmitPj7aneD
discord-cliker.ru/api/props/ |
84 B 568 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
discord-logo.f99bb20c5a7ba2cc6ff10a145a83fcad.svg
discord-cliker.ru/static/media/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nitro-banner.52689fde0af2ff4fd219.jpg
discord-cliker.ru/static/media/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Whitney-Book.dc2270bc01becea3d5b9.woff
discord-cliker.ru/static/media/ |
76 KB 34 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mobile.732856545cce3484d363.svg
discord-cliker.ru/static/media/ |
585 B 896 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Ginto-Nord-Semibold.7429f86e91b75ac681da.woff
discord-cliker.ru/static/media/ |
61 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Whitney-Medium.c267a17da13d9a7c3ba0.woff
discord-cliker.ru/static/media/ |
75 KB 33 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Whitney-Semibold.caae8d9abdbee216a4ca.woff
discord-cliker.ru/static/media/ |
81 KB 36 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bVxIuRDW1sacL6FU
vsempohui.ru/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.qrserver.com/v1/create-qr-code/ |
506 B 771 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Discord (Instant Messenger)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.qrserver.com
discord-cliker.ru
vsempohui.ru
2606:4700:3035::ac43:95d5
2a06:98c1:3120::3
95.216.163.127
0e9a97ab8ee2408a80d5d42ea49fc1cbf291f71a11a3a1728418074087709754
0f823bc4b56f481fbceab4158d855e5d11628198a9e404b827b755fe45d4d1c4
23bac31f695500042068fa6752596347a2a17d6d2067fa92520367b5e6ff4ffd
3def18c716ba33055b0826abd57e01f9bbc8a0ba422516d3d598bb5781cb0ac5
703e0c41341ad2e5143dc8d47d414e10aeaa5f052d399d951c3df0d3f1883a2e
77e3884b74cd2a9624545acd0cfa9d82f8ce2a5b27ca51a452d86a0869c03e46
9231ab6a48732396feaa62c4ed6d5419cee16ef5657e97a779041cb0a612d0ff
ad6a5dc1ed1fd0f2a5ffc3d1f3abd0c0204242db056fbabce68ab46fb2bb5765
ba33ed18fe9c110039549c2b17fee622de2b27d90cfd4a375bd0184174705fae
be8d0effd38b9830ecae375c6f81fcebd9e629344ee0d455f3eea499240f77af
c0e2e6bc2ab68b04b93b578341c0051564a32dc34a38a661731c29b4d4b435f0
c1efa2457a90fe3815f988b3a6920875c6e99f0aafcabfd4e687aeef5f5f7156
d5d362402f8414ab144ff0ebf4223b02eeef408e4e144ce9c99c8ce3bd6a4034
d76b3691dc5221c440cdfdc245d77d8b21476129c525649dd2f0dc7590293c04
df7d6fa84afef0e23f503e339ed278b3c77d73330651fb365f4dbdcf6bac519b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855