dlscorld.xyz Open in urlscan Pro
2606:4700:3034::ac43:a545 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://tinyurl.com/yxfvumae
Effective URL:
https://dlscorld.xyz/ibooAi5xxtoZV
Submission: On December 09 via manual (December 9th 2021, 11:04:17 pm UTC) from HR — Scanned from DE

Summary HTTP 17 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3034::ac43:a545, located in United States and belongs to CLOUDFLARENET, US. The main domain is dlscorld.xyz.
TLS certificate: Issued by R3 on December 9th 2021. Valid for: 3 months.

This is the only time dlscorld.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discord (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:10:... 2606:4700:10::ac43:1e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2606:4700:303... 2606:4700:3034::ac43:a545	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	188.40.26.204 188.40.26.204	24940 (HETZNER-AS) (HETZNER-AS)
17	2

1 2606:4700:10::ac43:1e1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3034::ac43:a545 (United States)

ASN13335 (CLOUDFLARENET, US)

dlscorld.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.40.26.204 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: www111.your-server.de

qr-generator.qrcode.studio	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	dlscorld.xyz dlscorld.xyz	662 KB
2	qrcode.studio qr-generator.qrcode.studio	3 KB
1	tinyurl.com 1 redirects tinyurl.com	460 B
17	3

	Domain	Requested by
15	dlscorld.xyz	dlscorld.xyz
2	qr-generator.qrcode.studio	dlscorld.xyz
1	tinyurl.com	1 redirects
17	3

This site contains links to these domains. Also see Links.

Domain
discord.com

Subject Issuer	Validity	Valid
*.dlscorld.xyz R3	`2021-12-09` - `2022-03-09`	3 months	crt.sh
qr-generator.qrcode.studio Encryption Everywhere DV TLS CA - G1	`2021-07-04` - `2022-07-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dlscorld.xyz/ibooAi5xxtoZV
Frame ID: B23A9944E5A3E9F1DDA76420183D8FFD
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Discord

Page URL History Show full URLs

https://tinyurl.com/yxfvumae HTTP 301
https://dlscorld.xyz/ibooAi5xxtoZV Page URL

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

665 kB
Transfer

2040 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://discord.com/Discord.ejs

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://tinyurl.com/yxfvumae HTTP 301
https://dlscorld.xyz/ibooAi5xxtoZV Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request ibooAi5xxtoZV Show response dlscorld.xyz/ Redirect Chain https://tinyurl.com/yxfvumae https://dlscorld.xyz/ibooAi5xxtoZV	71 KB 22 KB	153ms 123ms	Document text/html	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/ibooAi5xxtoZV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `e6206091bc952c583ad5f000fe2e23847c086af050028ab0d17769330a2168da` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers date Thu, 09 Dec 2021 23:04:11 GMT content-type text/html; charset=utf-8 x-powered-by Express cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=91D%2B4u6rjbBlnca638aF5XaiflzPaxLneIYpqa5H%2FfmaU%2BWlyiOymjH0TeaKqBJ%2F4G%2FOSzZvn6dikGbcTxbEhVSjtXfYM7wslV8FLHJYYNLuskkxYkI4rW4hGizll%2FuAuaE7chcX21uiFR8%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6bb1df01d85c05f5-FRA content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Redirect headers date Thu, 09 Dec 2021 23:04:11 GMT content-type text/html; charset=UTF-8 location https://dlscorld.xyz/ibooAi5xxtoZV x-powered-by PHP/7.4.26 cache-control max-age=0, public, s-max-age=900, stale-if-error: 86400 referrer-policy unsafe-url x-content-type-options nosniff x-xss-protection 1; mode=block strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 6bb1defeaaab4eeb-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	532.9e67307351ae49a57bb0.css dlscorld.xyz/css/	1 MB 286 KB	692ms 691ms	Stylesheet text/css	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/ibooAi5xxtoZV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `68ceb482c5c4e00594b808f13832f697cb539bcc557519918a650a2ade31eec3` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:12 GMT content-encoding br etag W/"17717c-17d76c7d477" cf-cache-status EXPIRED last-modified Wed, 01 Dec 2021 16:15:47 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6P%2BfOIWbb4FbMpJYHJUtH9q7nfONhIrqK%2FXxh%2B7JXPH4%2BRiiJBr%2F8uYbLu1nZbUzOUqgeGfjCwEsntRxAn6d7KGjpd%2B9XYfNM2%2Bh8DMg%2BYcpwj%2BU3pweX6EcjlrCvW6fKOtmNELu4PMLeg%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=UTF-8 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6bb1df02c97205f5-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	captcha.js Show response dlscorld.xyz/js/	121 KB 31 KB	247ms 247ms	Script application/javascript	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/js/captcha.js Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/ibooAi5xxtoZV Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `213be8ebd0d04a11942e62d3c199c390d04436dfdd3b51b33e47cfb0ff622d92` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:12 GMT content-encoding br etag W/"1e40b-17d76c7d857" cf-cache-status EXPIRED last-modified Wed, 01 Dec 2021 16:15:48 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eP3z4Bun%2FSEdAyVl9i4%2BKxypcK5fZn1hYlNtXpjXAZSpsKgrleJs6jYOUoEIG4jTSz44UQTPC8M2qqRwRW5sMT8hHciq2Jhnpi8wIjSUtbO5dwg5JXLEm7a%2Fhj70RQSqhjzMGNPsiKPsWRY%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6bb1df02c97405f5-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	0f4d1ff76624bb45a3fee4189279ee92.svg dlscorld.xyz/assets/	7 KB 4 KB	576ms 575ms	Image image/svg+xml	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dlscorld.xyz/assets/0f4d1ff76624bb45a3fee4189279ee92.svg Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/ibooAi5xxtoZV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `6817cfb84bc65b63f73c80c0ef16524bb32c4cf5c9a07c0c664d3ae5e022e1a4` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:12 GMT content-encoding br etag W/"1dc0-17d76c7cc63" cf-cache-status EXPIRED last-modified Wed, 01 Dec 2021 16:15:45 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BRm%2FYpfj4d2dw66B7XRS038klwrAEGaRqQNLHza0KuoRQLvF3uBpS36v1Db4PTpGiRCs4M9GlxkjodLW3lN6sHm2nc%2FuJYarcxRjKs0I2WVD431vnCnn6RKndi92O8%2BnYKHyhw9W0T%2F1YnE%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6bb1df03481e2c42-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	favicon.ico dlscorld.xyz/	24 KB 13 KB	620ms 620ms	Image image/x-icon	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dlscorld.xyz/favicon.ico Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/ibooAi5xxtoZV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:12 GMT content-encoding br etag W/"5ff5-17d7bc5035e" cf-cache-status EXPIRED last-modified Thu, 02 Dec 2021 15:30:48 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyAljdWAOC9tZQJyrAsFZhOon6OdjsfcSqA1uO%2BO4iiqHoRiHtuL3xsnd96BYNQVuxeHxR2oygTbbP%2FPCmxGmiioJQ1gq35xJ8Kvlo9WAKqeLy99fHESceJnhmWGAlQOpNWBccAHMww%2FVhQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/x-icon cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6bb1df0348202c42-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	qr.js Show response dlscorld.xyz/js/	5 KB 2 KB	575ms 574ms	Script application/javascript	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/js/qr.js Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/ibooAi5xxtoZV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `7a3ae57fde907e6e7f3a5c5b78877a044f16762a2dbeb1973939fdf7f31ed0ac` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:12 GMT content-encoding br etag W/"149d-17d76c7d8c7" cf-cache-status EXPIRED last-modified Wed, 01 Dec 2021 16:15:48 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNLN4fDwxL9VXqNQynE2nsWFZYyWmLi97bAlIRsNolg7f4Vd1fs58Lhm%2FD0oQCiZsxogaymEDMeODpo9%2F4y6fIg%2B2GFVf%2BcketdN%2Fi5FXtepAVsua7fmslRcjpVOFMQCdVl6HWckiu%2FkGqg%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6bb1df0348222c42-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	login.js Show response dlscorld.xyz/js/	7 KB 2 KB	573ms 572ms	Script application/javascript	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/js/login.js Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/ibooAi5xxtoZV Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `226e0db307f12ce25bd7e3d01807be1a7d7972baeeb587ca1eddf054ff8a1617` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:12 GMT content-encoding br etag W/"1bcf-17d76c7d76b" cf-cache-status EXPIRED last-modified Wed, 01 Dec 2021 16:15:48 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gTDuioc3LWggstMt7p8wReGG%2FIZ1a4%2B6mTsTTcUpcdrRPqPJxV6qSUpNA1dU2ksJbFEs9K24UcYoj%2FRSylW7fenxzjXd6GhdmY0vQP93g3hZIywvHIqlUh0dmdTGQHJxUR8NNzbeQBEpzkQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6bb1df0348232c42-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	22fd790491653d837422d80e3500cf92.svg dlscorld.xyz/assets/	5 KB 3 KB	112ms 111ms	Image image/svg+xml	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dlscorld.xyz/assets/22fd790491653d837422d80e3500cf92.svg Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `641b1091276ba75578c3d93f367f0d70bcbba7c62a7f159c4307acf0ed6c5cbe` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:12 GMT content-encoding br etag W/"12c4-17d76c7ca4f" cf-cache-status EXPIRED last-modified Wed, 01 Dec 2021 16:15:44 GMT server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xlq7hH%2Bsmbd4oimKFWV%2BvrjqHsxyd6TbCqV3WIR7pLJZiJXcO%2BTZf4wCh8KXGCOzOM%2BheU46whzwhm12mSo%2B3K7zJWalnacrce5LOnR%2B5BrY5PfKm0YJHeL1JblbCtSqZlo4lojMVvfsqQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6bb1df087e8c2c42-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H3	200	e8acd7d9bf6207f99350ca9f9e23b168.woff dlscorld.xyz/assets/	76 KB 77 KB	188ms 188ms	Font font/woff	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/assets/e8acd7d9bf6207f99350ca9f9e23b168.woff Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `0f823bc4b56f481fbceab4158d855e5d11628198a9e404b827b755fe45d4d1c4` Request headers Referer https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Origin https://dlscorld.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:13 GMT cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by Express alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 77784 last-modified Wed, 01 Dec 2021 16:15:45 GMT server cloudflare etag W/"12fd8-17d76c7cd83" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfidLbJS%2FFaq2UCkFXCqgwVft7HkfvPQKwac6EZa%2FfokmKo6sjAnPqUT97c5gJSEVz1Yo8LSvZEK6qWq%2F7j5bY3CQSKUROg1o%2B3%2FziXz5PBDDQQqLejycndzWD5SXRjJbz40KMvQxegRhik%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control public, max-age=14400 accept-ranges bytes cf-ray 6bb1df087e912c42-FRA
GET H3	200	88055567e3d928bcb1e67e967081572e.woff dlscorld.xyz/assets/	61 KB 62 KB	203ms 203ms	Font font/woff	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/assets/88055567e3d928bcb1e67e967081572e.woff Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `0e9a97ab8ee2408a80d5d42ea49fc1cbf291f71a11a3a1728418074087709754` Request headers Referer https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Origin https://dlscorld.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:13 GMT cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by Express alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 62512 last-modified Wed, 01 Dec 2021 16:15:45 GMT server cloudflare etag W/"f430-17d76c7ccf3" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQcrBqSFlsIGXJFIWOp%2Bs%2F32o0%2Fi%2B8FWe2oVoh4BrZC7Nu2bK6lL94%2FRdPL783abfRUdR0Qb6r8gY8rIAnG2QDerd2WeVstcArtz6QmcG0uAGSp6iC6x7vTI6as2RUjP8b5ZKDSNkXfb3xQ%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control public, max-age=14400 accept-ranges bytes cf-ray 6bb1df088e9c2c42-FRA
GET H3	200	3bdef1251a424500c1b3a78dea9b7e57.woff dlscorld.xyz/assets/	75 KB 76 KB	209ms 209ms	Font font/woff	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/assets/3bdef1251a424500c1b3a78dea9b7e57.woff Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `ba33ed18fe9c110039549c2b17fee622de2b27d90cfd4a375bd0184174705fae` Request headers Referer https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Origin https://dlscorld.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:13 GMT cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by Express alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 76744 last-modified Wed, 01 Dec 2021 16:15:44 GMT server cloudflare etag W/"12bc8-17d76c7caef" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yeoFn3SDSvtDg7Muq9A8QKMZLNKTA74tGa0iAzDsDkaOYtEQJvuqAVZPOrvQk6B2bdCWxyJGSocoDJhBWozPGM%2F7x2vB%2BD5XL9Ze7F1h7QHTJ9%2FZQLjVx%2BdyQlDXhssIxJV8fvnNLxYk6wE%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control public, max-age=14400 accept-ranges bytes cf-ray 6bb1df088e9d2c42-FRA
GET H3	200	be0060dafb7a0e31d2a1ca17c0708636.woff dlscorld.xyz/assets/	81 KB 81 KB	190ms 190ms	Font font/woff	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/assets/be0060dafb7a0e31d2a1ca17c0708636.woff Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `9231ab6a48732396feaa62c4ed6d5419cee16ef5657e97a779041cb0a612d0ff` Request headers Referer https://dlscorld.xyz/css/532.9e67307351ae49a57bb0.css Origin https://dlscorld.xyz Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:13 GMT cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by Express alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 82688 last-modified Wed, 01 Dec 2021 16:15:45 GMT server cloudflare etag W/"14300-17d76c7cee7" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIctTXmGT%2BVwpkZ4ZYpV3cojy5VMRDxVk1CH7VTLeG2J%2FxB6ZYwpW%2Fdj6NX3Q%2FkTiKz7bVPnfHNWsSQ6Y5oqxxqVzqaoOcCH%2FPJWPvzooLf9BmtWAMFAvdONP9UfSiVjjXzam1rrXLH2x0k%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control public, max-age=14400 accept-ranges bytes cf-ray 6bb1df088e9e2c42-FRA
GET H3	200	generate_pair Show response dlscorld.xyz/crypto/	2 KB 2 KB	219ms 219ms	Fetch application/json	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/crypto/generate_pair Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/js/qr.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `2cacc01c017c619512cb77dedc8768bfad4ddb21d5b136ab92fa6f32a799a990` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:13 GMT content-encoding br etag W/"7e0-yuGPZghRc2x4mSgdUgmzAHaqqYs" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZSr7AKqlV4GawJjzcz%2FYPGfvyAy6jUNvVwZHxgcJIXbHqnHXXq0QY4EZ4901FTMd%2BIE2N%2BykUihlheYWw3RpMJMgcVwQIsYB1uuiclKAeNPi4TCqmKrbcIpwpL%2FoYxnDjyO%2BWXkCRf0J5g%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 cf-ray 6bb1df0b39f92c42-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
POST H3	200	decrypt Show response dlscorld.xyz/crypto/	56 B 657 B	69ms 68ms	Fetch application/json	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://dlscorld.xyz/crypto/decrypt Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/js/qr.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `156a99794e12f41656ce488c3bc67dc780e646018bc51acb511d9b709f36d08c` Request headers Referer https://dlscorld.xyz/ibooAi5xxtoZV Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type application/json Response headers date Thu, 09 Dec 2021 23:04:13 GMT content-encoding br etag W/"38-xApyZlDlZacBACUJLAdpTDcMXwU" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9L9Q9XR2jvQHXLf3R0z%2BpBuz99gApLVScq42q2P3T%2B%2Bew4XZVzV%2BmZVeYMO6zpGI6jPv%2Frlyy%2FLFc30OLllktxmGMJLmwODjO1elwTtzvq5jGvf8moGAS%2BU98hUwSZf5Qm5EGsyXEqcEq6o%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 cf-ray 6bb1df0dce082c42-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	custom qr-generator.qrcode.studio/qr/	1 KB 2 KB	119ms 86ms	Image image/png	188.40.26.204 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://qr-generator.qrcode.studio/qr/custom?data=https%3A%2F%2Fdiscord.com%2Fra%2Fi5QVAyoUwQaQOLd4Gje7CryMpBbESPWsOo35l0nOhOo&size=176 Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 188.40.26.204 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS www111.your-server.de Software Apache / PHP/7.4.26 Resource Hash `c265a253a52bfe4f67dff9d54dd2d2e39c645d0417a1567b054d6a4f70d1dedc` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers access-control-allow-origin https://www.qrcode-monkey.com date Thu, 09 Dec 2021 23:04:14 GMT server Apache x-powered-by PHP/7.4.26 access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-methods GET, POST, OPTIONS content-type image/png
GET H2	200	custom qr-generator.qrcode.studio/qr/	1 KB 1 KB	27ms 26ms	Image image/png	188.40.26.204 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://qr-generator.qrcode.studio/qr/custom?data=https%3A%2F%2Fdiscord.com%2Fra%2Fi5QVAyoUwQaQOLd4Gje7CryMpBbESPWsOo35l0nOhOo&size=176 Requested by Host: dlscorld.xyz URL: https://dlscorld.xyz/js/qr.js Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 188.40.26.204 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS www111.your-server.de Software Apache / PHP/7.4.26 Resource Hash `c265a253a52bfe4f67dff9d54dd2d2e39c645d0417a1567b054d6a4f70d1dedc` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers access-control-allow-origin https://www.qrcode-monkey.com date Thu, 09 Dec 2021 23:04:14 GMT server Apache x-powered-by PHP/7.4.26 access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept access-control-allow-methods GET, POST, OPTIONS content-type image/png
GET H3	200	092b071c3b3141a58787415450c27857.png dlscorld.xyz/assets/	1 KB 2 KB	195ms 194ms	Image image/png	2606:4700:3034::ac43:a545 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dlscorld.xyz/assets/092b071c3b3141a58787415450c27857.png Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:a545 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `f1ca5949ef43d0a6130a1176794b4b38b393f2638c6cc5c2b8449adb6ed3f144` Request headers Accept-Language de-DE,de;q=0.9 Referer https://dlscorld.xyz/ibooAi5xxtoZV User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Thu, 09 Dec 2021 23:04:14 GMT cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-powered-by Express alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 1532 last-modified Wed, 01 Dec 2021 16:15:44 GMT server cloudflare etag W/"5fc-17d76c7c9e3" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txMOCTkV9JnnvdYyG%2FewJTMTBgI1074QdSp%2FQebOwMd8EXjJXl5OHbkRPJbzZ4O7O9D%2BJcexAKg0FZt%2F8HwSWoBT1juta8khsyUN8euwW7l2HBIknWsGZ7akVutcOa0jd9T41ZdHPm5CZLc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 6bb1df1028e92c42-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discord (Instant Messenger)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dlscorld.xyz
qr-generator.qrcode.studio
tinyurl.com
188.40.26.204
2606:4700:10::ac43:1e1
2606:4700:3034::ac43:a545
0e9a97ab8ee2408a80d5d42ea49fc1cbf291f71a11a3a1728418074087709754
0f823bc4b56f481fbceab4158d855e5d11628198a9e404b827b755fe45d4d1c4
128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
156a99794e12f41656ce488c3bc67dc780e646018bc51acb511d9b709f36d08c
213be8ebd0d04a11942e62d3c199c390d04436dfdd3b51b33e47cfb0ff622d92
226e0db307f12ce25bd7e3d01807be1a7d7972baeeb587ca1eddf054ff8a1617
2cacc01c017c619512cb77dedc8768bfad4ddb21d5b136ab92fa6f32a799a990
641b1091276ba75578c3d93f367f0d70bcbba7c62a7f159c4307acf0ed6c5cbe
6817cfb84bc65b63f73c80c0ef16524bb32c4cf5c9a07c0c664d3ae5e022e1a4
68ceb482c5c4e00594b808f13832f697cb539bcc557519918a650a2ade31eec3
7a3ae57fde907e6e7f3a5c5b78877a044f16762a2dbeb1973939fdf7f31ed0ac
9231ab6a48732396feaa62c4ed6d5419cee16ef5657e97a779041cb0a612d0ff
ba33ed18fe9c110039549c2b17fee622de2b27d90cfd4a375bd0184174705fae
c265a253a52bfe4f67dff9d54dd2d2e39c645d0417a1567b054d6a4f70d1dedc
e6206091bc952c583ad5f000fe2e23847c086af050028ab0d17769330a2168da
f1ca5949ef43d0a6130a1176794b4b38b393f2638c6cc5c2b8449adb6ed3f144

dlscorld.xyz Open in urlscan Pro 2606:4700:3034::ac43:a545 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

17 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

665 kBTransfer

2040 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

0 Cookies

Indicators

dlscorld.xyz Open in urlscan Pro
2606:4700:3034::ac43:a545 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

665 kB
Transfer

2040 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!