dynocheck.info - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is dynocheck.info.
TLS certificate: Issued by GTS CA 1P5 on December 3rd 2022. Valid for: 3 months.

This is the only time dynocheck.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discord (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
6	2a06:98c1:312... 2a06:98c1:3120::3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	1

6 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

dynocheck.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	dynocheck.info dynocheck.info	500 KB
6	1

	Domain	Requested by
6	dynocheck.info	dynocheck.info
6	1

This site contains links to these domains. Also see Links.

Domain
discord.com

Subject Issuer	Validity	Valid
*.dynocheck.info GTS CA 1P5	`2022-12-03` - `2023-03-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dynocheck.info/
Frame ID: 75E6D9D883AE490338165F621DB19401
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Discord

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

500 kB
Transfer

2147 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://discord.com/Discord.ejs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dynocheck.info/	76 KB 20 KB	227ms 155ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dynocheck.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `eea927cf29615451a5a28f240c5ea5dbef7e6c6cfff568286c5fa892d686b7b5` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control public, max-age=0 cf-cache-status DYNAMIC cf-ray 773fd0406cc30a6f-AMS content-encoding br content-type text/html; charset=UTF-8 date Sat, 03 Dec 2022 22:42:05 GMT last-modified Tue, 11 Oct 2022 16:34:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NLaX%2Fk8SHKz3WQQC%2FWSMcmCM4pGlqcK1BrFHLMLbVagWlcZ8gxtWWhJplIlM44rH3FEADcikwbnXZp3rXIwv71Nu1xyg0reDjk0VKvF1%2FhxTAVoHqOD9uJdwUpDaJRqnnH%2FqOO6EORW34gWo6A%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by Express
GET H2	200	get dynocheck.info/	2 MB 320 KB	111ms 111ms	Stylesheet text/css	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dynocheck.info/get?css=discord Requested by Host: dynocheck.info URL: https://dynocheck.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `c01a7e0677cde8974f43428fdced85eac1998d97003c692279667f2649de33a5` Request headers accept-language nl-NL,nl;q=0.9 Referer https://dynocheck.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Sat, 03 Dec 2022 22:42:05 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 03 Nov 2022 10:21:40 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"1c2467-1843d02bca8" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CGd9Qe1CdhKULCRDcpftQatTBB1MTVUb6eIp%2FW7TaCu7cj4vnjhZTtptXiHgCXcm6tzC4o4i0PTV9qhEpaAu%2F0WtvUsNGK53%2FyZVEHApVbrQ9ckzvYyvpY8IzOZ16EZ2kYMWa1ZwfdE8GhLGZQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=UTF-8 cache-control public, max-age=0 cf-ray 773fd0416dd10a6f-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	0f4d1ff76624bb45a3fee4189279ee92.svg dynocheck.info/assets/	76 KB 76 KB	173ms 173ms	Image text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dynocheck.info/assets/0f4d1ff76624bb45a3fee4189279ee92.svg Requested by Host: dynocheck.info URL: https://dynocheck.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://dynocheck.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Sat, 03 Dec 2022 22:42:05 GMT content-encoding br cf-cache-status MISS last-modified Tue, 11 Oct 2022 16:34:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kFVfuOeXmVRef5pE1lZcl2mlvXCfwD6UF3Z%2FSKgpNiCp74g6sP4o%2BAWVBqLHEKwqNcCR6M1cAOQkdIP6XcSFArxS0650Wm91HR87RL%2BNcCc83HCQU8Mp%2FYm7HJySpjQLzNCfnqvglfp4Alqeog%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control public, max-age=14400 cf-ray 773fd0419e030a6f-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	22fd790491653d837422d80e3500cf92.svg dynocheck.info/assets/	44 KB 44 KB	160ms 159ms	Image text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dynocheck.info/assets/22fd790491653d837422d80e3500cf92.svg Requested by Host: dynocheck.info URL: https://dynocheck.info/get?css=discord Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://dynocheck.info/get?css=discord User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Sat, 03 Dec 2022 22:42:06 GMT content-encoding br cf-cache-status MISS last-modified Tue, 11 Oct 2022 16:34:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBWbd04NzD3fFpI4Jfi89jh1LKvCyioc%2F%2BACfIr5rJY%2FoJXexWVx92NooGXpuu5SAgrwyzgTqwIEWr2FFV1z8cNPRbc6fsku0zt1LS8ESYAtY3NioCiwpCvupbILuyYp5e3eVVaUgkYc7kWVvA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control public, max-age=14400 cf-ray 773fd042fcf3b770-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	88055567e3d928bcb1e67e967081572e.woff dynocheck.info/assets/	76 KB 20 KB	182ms 182ms	Font text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dynocheck.info/assets/88055567e3d928bcb1e67e967081572e.woff Requested by Host: dynocheck.info URL: https://dynocheck.info/get?css=discord Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `eea927cf29615451a5a28f240c5ea5dbef7e6c6cfff568286c5fa892d686b7b5` Request headers Referer https://dynocheck.info/get?css=discord Origin https://dynocheck.info accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Sat, 03 Dec 2022 22:42:06 GMT content-encoding br cf-cache-status MISS last-modified Tue, 11 Oct 2022 16:34:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70RdjMSZ7nUvvmgXZJuDaMCldNIwT4v%2F4rbkV9e%2FTq%2BbfdEN58AB2WuhNnQXakAbKsArmmrynM9yIFiSu8qYbiUUUDvJ21umbMQechy0OG4o6fsN5nDz2RQd2c7TbaDkMmC173TXXLGasObSzg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control public, max-age=14400 cf-ray 773fd042fcf7b770-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	e8acd7d9bf6207f99350ca9f9e23b168.woff dynocheck.info/assets/	76 KB 20 KB	207ms 207ms	Font text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dynocheck.info/assets/e8acd7d9bf6207f99350ca9f9e23b168.woff Requested by Host: dynocheck.info URL: https://dynocheck.info/get?css=discord Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `eea927cf29615451a5a28f240c5ea5dbef7e6c6cfff568286c5fa892d686b7b5` Request headers Referer https://dynocheck.info/get?css=discord Origin https://dynocheck.info accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36 Response headers date Sat, 03 Dec 2022 22:42:06 GMT content-encoding br cf-cache-status MISS last-modified Tue, 11 Oct 2022 16:34:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ALN1Hq8lLFJjkN1bwkXsET%2BvlPgc3Tok%2Brw1yGvev6e7uSPh2CWhtg9xHh%2FTyWgLYu7w21%2BdQPl%2BJXaS6eETM2vQaADs3pcPAttAW7ZM3%2FDeTxupdkYpNNSe3ZTvOWtEheuNSm%2BGd8dCiH%2B08Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control public, max-age=14400 cf-ray 773fd042fcf9b770-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discord (Instant Messenger)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://dynocheck.info/ Message: Failed to decode downloaded font: https://dynocheck.info/assets/88055567e3d928bcb1e67e967081572e.woff
other	warning	URL: https://dynocheck.info/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://dynocheck.info/ Message: Failed to decode downloaded font: https://dynocheck.info/assets/e8acd7d9bf6207f99350ca9f9e23b168.woff
other	warning	URL: https://dynocheck.info/ Message: OTS parsing error: invalid sfntVersion: 1008813135

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dynocheck.info
2a06:98c1:3120::3
c01a7e0677cde8974f43428fdced85eac1998d97003c692279667f2649de33a5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eea927cf29615451a5a28f240c5ea5dbef7e6c6cfff568286c5fa892d686b7b5

dynocheck.info Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

500 kBTransfer

2147 kBSize

0 Cookies

1 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

dynocheck.info Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

500 kB
Transfer

2147 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!