urlscan.io logo urlscan.io
SecurityTrails logo

ww3.diiscord.co Open in urlscan Pro
208.91.196.145  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://diiscord.co/
Effective URL: http://ww3.diiscord.co/
Submission Tags: sinking-yachts phishing Search All
Submission: On February 24 via manual from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 3 HTTP transactions. The main IP is 208.91.196.145, located in Virgin Islands (British) and belongs to CONFLUENCE-NETWORK-INC, VG. The main domain is ww3.diiscord.co.
This is the only time ww3.diiscord.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious2 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
1 2 185.107.56.207 43350 (NFORCE)
2 208.91.196.145 40034 (CONFLUENC...)
3 2
Apex Domain
Subdomains		 Transfer
4 diiscord.co
diiscord.co
ww3.diiscord.co
3 KB
3 1
Domain Requested by
2 ww3.diiscord.co diiscord.co
ww3.diiscord.co
2 diiscord.co 1 redirects
3 2

This site contains no links.

Subject Issuer Validity Valid
diiscord.co
R3		 2022-02-23 -
2022-05-24		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://ww3.diiscord.co/
Frame ID: E9E837EF6FF3ADC2DD6C641B4B69AF77
Requests: 2 HTTP requests in this frame

Frame: http://ww3.diiscord.co/?fp=udVdcpdIM5AgIyGvIjIKIvw2zDK%2FMGxZXbSm6aGj6hL9paf2unwihmrOcBNN4k%2FhqL1KoMuPfN7Jj0YkOAIIE%2BB5PaBPK4uB%2FxOyKMK9FWubpHPZJG4PRoEySMSAn%2F9Q4OnIwknSsMLYp1uOd6LIaGmEjMrA%2F1SP61dgAa2dmj4ZHUb5dzJ6Z4L%2BUuqiFN%2FN6bKXZkPf0bXqvs22lClHm10mJKGViaQfgLrm5GxQr9uz5Ory%2FlrXF27YLtv8AXs4Kg9Sf%2FhvNIKsIoZpUUh7XQ%3D%3D&prvtof=DGQOaSW3Rt4H6zk%2BlTUD86ciDJKIC5iXNEUXnzPpoGA%3D&poru=e9Z0DI4voHiE6H69rM37y5iSz12ojiZr3LLjRVzzfI8%3D&_opnslfp=1&
Frame ID: FA03B211DBE41875D6DA670AFA9EFD04
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://diiscord.co/ Page URL
  2. https://diiscord.co/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0NTc... HTTP 302
    http://ww3.diiscord.co/ Page URL

Page Statistics

3
Requests

33 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

3 kB
Transfer

3 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://diiscord.co/ Page URL
  2. https://diiscord.co/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0NTc0MzIxNCwiaWF0IjoxNjQ1NzM2MDE0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycmJkOGJzY283Yms1OHQ3dmMwbWZmZ2EiLCJuYmYiOjE2NDU3MzYwMTQsInRzIjoxNjQ1NzM2MDE0NTQwNDQzfQ.gj_O56OMTIvjLRf-JZmKKUFzVK7Oj9w3ZtAJBDVQGVw&sid=d4e4d624-95b3-11ec-b229-ad5311a53dd5 HTTP 302
    http://ww3.diiscord.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
diiscord.co/ 		468 B
680 B 		Document
General
Check archive.org
Download Go to
Full URL
https://diiscord.co/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.107.56.207 , Netherlands, ASN43350 (NFORCE, NL),
Reverse DNS
Software
Cowboy /
Resource Hash
2a18def87fbba1d0514b43a2e1a8ea0c6740f3963bd3056b5807fc0c9c69a906

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
content-length
468
content-type
text/html; charset=utf-8
date
Thu, 24 Feb 2022 20:53:33 GMT
server
Cowboy
Primary Request /
ww3.diiscord.co/
Redirect Chain
  • https://diiscord.co/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0NTc0MzIxNCwiaWF0IjoxNjQ1NzM2MDE0LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycmJkOGJzY283Yms1OHQ3dmMwbWZmZ2Ei...
  • http://ww3.diiscord.co/
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww3.diiscord.co/
Requested by
Host: diiscord.co
URL: https://diiscord.co/
Protocol
HTTP/1.1
Server
208.91.196.145 , Virgin Islands (British), ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software
Apache /
Resource Hash
5d1e29986c3ce19664490742fd278fee6e98ceb233ea95b7ddc1df7c69825d0d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://diiscord.co/

Response headers

Date
Thu, 24 Feb 2022 20:53:35 GMT
Server
Apache
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gs/Bso8FEwLHt227hIV5IRhounQX0HsrN+AvbyFOU2CzH8jfbvFmYeabOLJK4jOH7/DSqCsjN52RKYQPvMACCA==
ntCoent-Length
2182
Keep-Alive
timeout=5, max=128
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Cache-Control
private
Content-Encoding
gzip
Content-Length
1064

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
11
date
Thu, 24 Feb 2022 20:53:34 GMT
location
http://ww3.diiscord.co
server
Cowboy
/
ww3.diiscord.co/ Frame FA03 		272 B
461 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ww3.diiscord.co/?fp=udVdcpdIM5AgIyGvIjIKIvw2zDK%2FMGxZXbSm6aGj6hL9paf2unwihmrOcBNN4k%2FhqL1KoMuPfN7Jj0YkOAIIE%2BB5PaBPK4uB%2FxOyKMK9FWubpHPZJG4PRoEySMSAn%2F9Q4OnIwknSsMLYp1uOd6LIaGmEjMrA%2F1SP61dgAa2dmj4ZHUb5dzJ6Z4L%2BUuqiFN%2FN6bKXZkPf0bXqvs22lClHm10mJKGViaQfgLrm5GxQr9uz5Ory%2FlrXF27YLtv8AXs4Kg9Sf%2FhvNIKsIoZpUUh7XQ%3D%3D&prvtof=DGQOaSW3Rt4H6zk%2BlTUD86ciDJKIC5iXNEUXnzPpoGA%3D&poru=e9Z0DI4voHiE6H69rM37y5iSz12ojiZr3LLjRVzzfI8%3D&_opnslfp=1&
Requested by
Host: ww3.diiscord.co
URL: http://ww3.diiscord.co/
Protocol
HTTP/1.1
Server
208.91.196.145 , Virgin Islands (British), ASN40034 (CONFLUENCE-NETWORK-INC, VG),
Reverse DNS
Software
Apache /
Resource Hash
4c7d08f1d6fac569c83fa87b42a3a727668da55317954637ce500d59e058fe03

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
http://ww3.diiscord.co/

Response headers

Date
Thu, 24 Feb 2022 20:53:35 GMT
Server
Apache
ntCoent-Length
272
Keep-Alive
timeout=5, max=128
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Cache-Control
private
Content-Encoding
gzip
Content-Length
196

Verdicts & Comments Add Verdict or Comment

Malicious page.domain
Submitted on February 24th 2022, 8:53:45 pm UTC — From United States

Threats: Phishing
Comment: This domain is present in the Sinking Yachts anti-phishing list. More Info: https://sinking.yachts

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone

2 Cookies

Domain/Path Name / Value
.diiscord.co/ Name: sid
Value: d4e4d624-95b3-11ec-b229-ad5311a53dd5
ww3.diiscord.co/ Name: isframesetenabled
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

diiscord.co
ww3.diiscord.co
185.107.56.207
208.91.196.145
2a18def87fbba1d0514b43a2e1a8ea0c6740f3963bd3056b5807fc0c9c69a906
4c7d08f1d6fac569c83fa87b42a3a727668da55317954637ce500d59e058fe03
5d1e29986c3ce19664490742fd278fee6e98ceb233ea95b7ddc1df7c69825d0d