![](/screenshots/1fedd89b-608a-4865-8d1b-92317d9da957.png)
destinyfw.xyz
Open in
urlscan Pro
172.67.145.118
Malicious Activity!
Public Scan
Effective URL: https://destinyfw.xyz/?encoded_value=B1Z33J&sub1=&sub2=334903191&sub3=&sub4=&sub5=9367&source_id=996
Submission: On November 07 via api from CZ — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on October 8th 2023. Valid for: 3 months.
This is the only time destinyfw.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 78.142.61.74 78.142.61.74 | 200628 (BGO-CLOUD) (BGO-CLOUD) | |
1 1 | 35.189.245.169 35.189.245.169 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 34.78.223.0 34.78.223.0 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 1 | 34.36.58.128 34.36.58.128 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 22 | 172.67.145.118 172.67.145.118 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.21.27.152 104.21.27.152 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 172.67.177.88 172.67.177.88 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 20.50.64.3 20.50.64.3 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
27 | 4 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 169.245.189.35.bc.googleusercontent.com
check-funnel.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 0.223.78.34.bc.googleusercontent.com
link-routes-3.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 128.58.36.34.bc.googleusercontent.com
www.solar4innovate.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
destinyfw.xyz
1 redirects
destinyfw.xyz |
2 MB |
3 |
virtualpushplatform.com
virtualpushplatform.com — Cisco Umbrella Rank: 278907 |
4 KB |
2 |
pushvisit.xyz
pushvisit.xyz — Cisco Umbrella Rank: 248582 |
2 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1002 |
426 KB |
1 |
solar4innovate.com
1 redirects
www.solar4innovate.com |
481 B |
1 |
link-routes-3.com
1 redirects
link-routes-3.com |
744 B |
1 |
check-funnel.com
1 redirects
check-funnel.com |
341 B |
1 |
takeoneaudio.com
1 redirects
takeoneaudio.com |
304 B |
27 | 8 |
Domain | Requested by | |
---|---|---|
22 | destinyfw.xyz |
1 redirects
destinyfw.xyz
|
3 | virtualpushplatform.com |
destinyfw.xyz
virtualpushplatform.com |
2 | pushvisit.xyz |
virtualpushplatform.com
|
1 | use.fontawesome.com |
destinyfw.xyz
|
1 | www.solar4innovate.com | 1 redirects |
1 | link-routes-3.com | 1 redirects |
1 | check-funnel.com | 1 redirects |
1 | takeoneaudio.com | 1 redirects |
27 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
destinyfw.xyz GTS CA 1P5 |
2023-10-08 - 2024-01-06 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-02-14 - 2024-02-13 |
a year | crt.sh |
pushvisit.xyz Sectigo RSA Domain Validation Secure Server CA |
2023-08-02 - 2024-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://destinyfw.xyz/?encoded_value=B1Z33J&sub1=&sub2=334903191&sub3=&sub4=&sub5=9367&source_id=996
Frame ID: 37D9B80056C8EE4F9DD6A017934A3F0D
Requests: 25 HTTP requests in this frame
Screenshot
![](/screenshots/1fedd89b-608a-4865-8d1b-92317d9da957.png)
Page Title
Récompenses du sondagePage URL History Show full URLs
-
http://takeoneaudio.com/gorrz?dzkNpJxHsBlYS=htpkvNmgTsmyv17aanvf01byy301nn3x0z1vr1106hg9e6hxmg
HTTP 302
https://check-funnel.com/?a=996&oc=18770&c=50823&m=3&s1=35_836728_2782653&s2=2439_2238123_06hg9e6_37&... HTTP 302
https://link-routes-3.com/?a=996&oc=18770&c=50823&m=3&s1=35_836728_2782653&s2=2439_2238123_06hg9e6_37&... HTTP 302
https://www.solar4innovate.com/B1Z33J/KKJW2S4/?sub2=334903191&source_id=996 HTTP 302
https://destinyfw.xyz/KDQYgR9KT1/?encoded_value=B1Z33J&sub1=&sub2=334903191&sub3=&sub4=&sub5=9367&... HTTP 302
https://destinyfw.xyz/?encoded_value=B1Z33J&sub1=&sub2=334903191&sub3=&sub4=&sub5=9367&source_id=996 Page URL
Detected technologies
animate.css (Web Frameworks) ExpandDetected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://takeoneaudio.com/gorrz?dzkNpJxHsBlYS=htpkvNmgTsmyv17aanvf01byy301nn3x0z1vr1106hg9e6hxmg
HTTP 302
https://check-funnel.com/?a=996&oc=18770&c=50823&m=3&s1=35_836728_2782653&s2=2439_2238123_06hg9e6_37&s3=440556891_176-115-236-15&s5=1cyjdan HTTP 302
https://link-routes-3.com/?a=996&oc=18770&c=50823&m=3&s1=35_836728_2782653&s2=2439_2238123_06hg9e6_37&s3=440556891_176-115-236-15&s5=1cyjdan&ckmguid=31ee046c-7511-4e09-81de-596e7bceddc1 HTTP 302
https://www.solar4innovate.com/B1Z33J/KKJW2S4/?sub2=334903191&source_id=996 HTTP 302
https://destinyfw.xyz/KDQYgR9KT1/?encoded_value=B1Z33J&sub1=&sub2=334903191&sub3=&sub4=&sub5=9367&source_id=996 HTTP 302
https://destinyfw.xyz/?encoded_value=B1Z33J&sub1=&sub2=334903191&sub3=&sub4=&sub5=9367&source_id=996 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
destinyfw.xyz/ Redirect Chain
|
29 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
destinyfw.xyz/css/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.min.css
destinyfw.xyz/css/ |
70 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.4/js/ |
1 MB 426 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datehead.js
destinyfw.xyz/js/ |
2 KB 889 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
10 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
destinyfw.xyz/images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flaglogo.png
destinyfw.xyz/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
product.png
destinyfw.xyz/images/ |
518 KB 519 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loadingRD.gif
destinyfw.xyz/images/ |
121 KB 122 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prize1.png
destinyfw.xyz/images/ |
467 KB 468 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.jpg
destinyfw.xyz/images/ |
53 KB 53 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.jpg
destinyfw.xyz/images/ |
38 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comm_pic_1.jpg
destinyfw.xyz/images/ |
72 KB 73 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.jpg
destinyfw.xyz/images/ |
46 KB 47 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.jpg
destinyfw.xyz/images/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comm_pic_2.jpg
destinyfw.xyz/images/ |
79 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.jpg
destinyfw.xyz/images/ |
48 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f_guarantee.png
destinyfw.xyz/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f_secure_1.png
destinyfw.xyz/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo2.png
destinyfw.xyz/images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
destinyfw.xyz/js/ |
8 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.png
destinyfw.xyz/images/ |
162 KB 162 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visit
pushvisit.xyz/api/v1/ |
2 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
visit
pushvisit.xyz/api/v1/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| datehax function| datenhax function| datenhay function| initializeAcePush function| setBaseUrl function| getLocation function| registerServiceWorker object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader function| startTimer object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.link-routes-3.com/ | Name: sq Value: TaKqRhMnM1NDhX2UHTv9LVoMrkNNuC2UB2ZUlQIPgupyq9OOuVCiSg== |
|
.link-routes-3.com/ | Name: tym Value: kyG9P8kTyTM/jQkvRVvA4VoMrkNNuC2UB2ZUlQIPgupyq9OOuVCiSg== |
|
.link-routes-3.com/ | Name: c18718 Value: TaKqRhMnM1NWxtWV2zRw+KRRWJgPcXmswsCHsS3zXiNphxFtoydJPg== |
|
www.solar4innovate.com/ | Name: uniqueClick_KKJW2S4 Value: 5ee4f6c2-943f-4976-9038-291b7118572f:1699390274 |
|
www.solar4innovate.com/ | Name: transaction_id Value: 0f6e43cd4dab4a52a37190d2babe33f3 |
|
destinyfw.xyz/ | Name: SESSIONIDS Value: KDQYgR9KT1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
check-funnel.com
destinyfw.xyz
link-routes-3.com
pushvisit.xyz
takeoneaudio.com
use.fontawesome.com
virtualpushplatform.com
www.solar4innovate.com
104.21.27.152
172.67.145.118
172.67.177.88
20.50.64.3
34.36.58.128
34.78.223.0
35.189.245.169
78.142.61.74
02ffa19f3baadc4092dfcd8b133a653767dd0879a62945464dc23f943a83fd8c
0bd0d5e70f48939d0f06dc174eabc2f89f8215cf23f22df0cecdfa4e3f648064
0c7a3b7317394dd60e3133f86ca4e82ca5107a00c93fe248b1e377c9ace8e4ce
0dda363b63a3ccd26b84c081a5212deab00504cabe723f805c43a9b63a0fed40
126d10d15fe82745b61efa4b92471ab582ba2057a2aadffd8a0c0d846550407a
133bddbbaa4e71d24dd6de60682c957d940113d36733b938d520ca37a488583b
2a7c8cd7e91584a085baf5356fd9ab39bc3c671870e3786cbe33c3db256b5604
340e7d47c7b0ee18747f67299993fb1a904f06f1513bd45de035a55043181230
34dec14054d91cc30a846052731bae860fb13fa5cbe2b62dc955930ed81ebb6c
369a79cca006827baf7e0cd3fe2482a2c2395965ddeb2523109075c281cb35ee
3726b1f4b3896a1732d72294945c4d459fcfa3341cd52eba3c53c2695e6ddc0a
5b7b38d49ff538ea30f98de682751d8edd607525a9f204564ed9353f6e678d06
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
609638eda5a0802f689f6cd7093b8c04203e8a7d380560703427202a0669c754
6502cf5a2a5769fe9372669a3ad7c7ec7c13b64550c414bd12332c0418888f1f
6a9251f89a6881f12818f5828abe92a1394276147b5154deda045ad0896c48d3
777d05e0f787d4704c670a85a8d41dbab248821292cb0e384f2afb1e36b2c44f
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
a0f065b2d654bd18d5c5a36d659d35f81d0aca3c55143e8f8c85ba0a07981760
adc69e4dc6ca8be9efc957fd8235cb61a53b678a8e6d852dcdaefaa825190543
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d0cdba2c922eda972c2f9a96abf69ca9f9ac0a4d9386e8de5b00c71ba4d15449
f4dfc10d7b7789510e5b20b85e582e4fca1a346c87473de5bbca1c8c3ecd257e