ww3.diiscord.co
Open in
urlscan Pro
208.91.196.145
Malicious Activity!
Public Scan
Effective URL: http://ww3.diiscord.co/
Submission Tags: sinking-yachts phishing Search All
Submission: On February 24 via manual from US — Scanned from NL
Summary
This is the only time ww3.diiscord.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 2 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 185.107.56.207 185.107.56.207 | 43350 (NFORCE) (NFORCE) | |
2 | 208.91.196.145 208.91.196.145 | 40034 (CONFLUENC...) (CONFLUENCE-NETWORK-INC) | |
3 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
diiscord.co
1 redirects
diiscord.co ww3.diiscord.co |
3 KB |
3 | 1 |
Domain | Requested by | |
---|---|---|
2 | ww3.diiscord.co |
diiscord.co
ww3.diiscord.co |
2 | diiscord.co | 1 redirects |
3 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
diiscord.co R3 |
2022-02-23 - 2022-05-24 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://ww3.diiscord.co/
Frame ID: E9E837EF6FF3ADC2DD6C641B4B69AF77
Requests: 2 HTTP requests in this frame
Frame:
http://ww3.diiscord.co/?fp=udVdcpdIM5AgIyGvIjIKIvw2zDK%2FMGxZXbSm6aGj6hL9paf2unwihmrOcBNN4k%2FhqL1KoMuPfN7Jj0YkOAIIE%2BB5PaBPK4uB%2FxOyKMK9FWubpHPZJG4PRoEySMSAn%2F9Q4OnIwknSsMLYp1uOd6LIaGmEjMrA%2F1SP61dgAa2dmj4ZHUb5dzJ6Z4L%2BUuqiFN%2FN6bKXZkPf0bXqvs22lClHm10mJKGViaQfgLrm5GxQr9uz5Ory%2FlrXF27YLtv8AXs4Kg9Sf%2FhvNIKsIoZpUUh7XQ%3D%3D&prvtof=DGQOaSW3Rt4H6zk%2BlTUD86ciDJKIC5iXNEUXnzPpoGA%3D&poru=e9Z0DI4voHiE6H69rM37y5iSz12ojiZr3LLjRVzzfI8%3D&_opnslfp=1&
Frame ID: FA03B211DBE41875D6DA670AFA9EFD04
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://diiscord.co/ Page URL
-
https://diiscord.co/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0NTc...
HTTP 302
http://ww3.diiscord.co/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://diiscord.co/ Page URL
-
https://diiscord.co/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0NTc0MzIxNCwiaWF0IjoxNjQ1NzM2MDE0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycmJkOGJzY283Yms1OHQ3dmMwbWZmZ2EiLCJuYmYiOjE2NDU3MzYwMTQsInRzIjoxNjQ1NzM2MDE0NTQwNDQzfQ.gj_O56OMTIvjLRf-JZmKKUFzVK7Oj9w3ZtAJBDVQGVw&sid=d4e4d624-95b3-11ec-b229-ad5311a53dd5
HTTP 302
http://ww3.diiscord.co/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
diiscord.co/ |
468 B 680 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
ww3.diiscord.co/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ww3.diiscord.co/ Frame FA03 |
272 B 461 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.domain
Submitted on
February 24th 2022, 8:53:45 pm
UTC —
From United States
Threats:
Phishing
Comment: This domain is present in the Sinking Yachts anti-phishing list. More Info: https://sinking.yachts
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| structuredClone2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.diiscord.co/ | Name: sid Value: d4e4d624-95b3-11ec-b229-ad5311a53dd5 |
|
ww3.diiscord.co/ | Name: isframesetenabled Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
diiscord.co
ww3.diiscord.co
185.107.56.207
208.91.196.145
2a18def87fbba1d0514b43a2e1a8ea0c6740f3963bd3056b5807fc0c9c69a906
4c7d08f1d6fac569c83fa87b42a3a727668da55317954637ce500d59e058fe03
5d1e29986c3ce19664490742fd278fee6e98ceb233ea95b7ddc1df7c69825d0d