There are two types of Discord tokens: normal tokens and MFA tokens.
Normal tokens can be split into 3 parts, each separated by a period/dot. The first part is the user ID string/snowflake in base64. The third part is the HMAC digest.
The second part is slightly more interesting. It is the timestamp at which the token was generated at, but depending on when the token was generated, you may have to add in an additional 1.1e9 to 1.3e9 to the retrieved timestamp to get the true timestamp.
If you want to verify if a token is real, but don't want to test token against Discord's servers, you can use the rules above (for the first and second parts) to filter out obvious fake tokens.