![](/screenshots/af84f5e5-ec06-4f80-a37e-7236d3d4fcae.png)
authentifyme.xyz
Open in
urlscan Pro
172.67.158.114
Malicious Activity!
Public Scan
Effective URL: https://authentifyme.xyz/
Submission: On June 29 via api from US — Scanned from DE
Summary
TLS certificate: Issued by WE1 on June 20th 2024. Valid for: 3 months.
This is the only time authentifyme.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 9 | 172.67.158.114 172.67.158.114 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::2008 | 15169 (GOOGLE) (GOOGLE) | |
17 | 159.100.6.5 159.100.6.5 | 44066 (DE-FIRSTC...) (DE-FIRSTCOLO firstcolo.net) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
32 | 5 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
PTR: cp5.ultahost.com
betterdemocracy.eu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
betterdemocracy.eu
betterdemocracy.eu |
771 KB |
9 |
authentifyme.xyz
2 redirects
authentifyme.xyz |
34 KB |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2355 |
|
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81 |
88 KB |
32 | 4 |
Domain | Requested by | |
---|---|---|
17 | betterdemocracy.eu |
authentifyme.xyz
|
9 | authentifyme.xyz |
2 redirects
authentifyme.xyz
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | www.googletagmanager.com |
authentifyme.xyz
|
32 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
betterdemocracy.eu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
authentifyme.xyz WE1 |
2024-06-20 - 2024-09-18 |
3 months | crt.sh |
*.google-analytics.com WR2 |
2024-06-13 - 2024-09-05 |
3 months | crt.sh |
webmail.betterdemocracy.eu R11 |
2024-06-20 - 2024-09-18 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://authentifyme.xyz/
Frame ID: 72A94BCBF8D7CCBE835D5A9D84FCCC6E
Requests: 30 HTTP requests in this frame
Frame:
https://authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js
Frame ID: 30C0BA2A9DEEDAE6FF676BDA7BA77D06
Requests: 2 HTTP requests in this frame
Screenshot
![](/screenshots/af84f5e5-ec06-4f80-a37e-7236d3d4fcae.png)
Page Title
Better Democracy - Information to enhance democracyPage URL History Show full URLs
-
http://authentifyme.xyz/
HTTP 307
https://authentifyme.xyz/ Page URL
-
https://authentifyme.xyz/cdn-cgi/phish-bypass?atok=CJ2Ou__yIfn9jSuMoYQPaKmjsON1NMuHbAnQimspw1c-171968...
HTTP 301
https://authentifyme.xyz/ Page URL
Detected technologies
Detected patterns
- <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
- /wp-(?:content|includes)/
Detected patterns
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
13 Outgoing links
These are links going to different origins than the main page.
Title: Better Democracy
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Council conclusions at the end of the 13th Ministerial Conference of the World Trade Organization
Search URL Search Domain Scan URL
Title: US military to airdrop humanitarian aid into Gaza
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://authentifyme.xyz/
HTTP 307
https://authentifyme.xyz/ Page URL
-
https://authentifyme.xyz/cdn-cgi/phish-bypass?atok=CJ2Ou__yIfn9jSuMoYQPaKmjsON1NMuHbAnQimspw1c-1719684219-0.0.1.1-%2F
HTTP 301
https://authentifyme.xyz/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://authentifyme.xyz/ HTTP 307
- https://authentifyme.xyz/
- https://authentifyme.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
authentifyme.xyz/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
authentifyme.xyz/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
authentifyme.xyz/cdn-cgi/images/ |
452 B 540 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
authentifyme.xyz/ |
1 KB 1014 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
authentifyme.xyz/ Redirect Chain
|
102 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
249 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
betterdemocracy.eu/wp-includes/blocks/image/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
betterdemocracy.eu/wp-includes/blocks/navigation/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
betterdemocracy.eu/wp-includes/blocks/social-links/ |
10 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
patterns.css
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/css/ |
1 KB 386 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
patterns.css
betterdemocracy.eu/wp-content/themes/minimalistix/assets/css/ |
917 B 347 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frontend-gtag.min.js
betterdemocracy.eu/wp-content/plugins/google-analytics-for-wordpress/assets/js/ |
11 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
view.min.js
betterdemocracy.eu/wp-includes/blocks/navigation/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
interactivity.min.js
betterdemocracy.eu/wp-includes/js/dist/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cropped-1.png
betterdemocracy.eu/wp-content/uploads/2024/02/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
f1e05677-6ff5-4dd8-8661-4292764e2dff
https://authentifyme.xyz/ |
1 KB 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Regular.ttf
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
DMSerifDisplay-Regular.ttf
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/dm_serif_display/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SourceSansPro-Bold.ttf
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Netherlands-Rutte-signs-security-deal-in-Ukraine-promising-artillery-funding.jpg
betterdemocracy.eu/wp-content/uploads/2024/03/ |
85 KB 85 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Thousands-attended-Navalnys-funeral-braving-warnings-against-protests.jpg
betterdemocracy.eu/wp-content/uploads/2024/03/ |
86 KB 86 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Worlds-cartoonists-on-this-weeks-events.png
betterdemocracy.eu/wp-content/uploads/2024/03/ |
294 KB 294 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EUs-pretending-to-be-an-honest-trade-cop.jpg
betterdemocracy.eu/wp-content/uploads/2024/03/ |
129 KB 129 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EU-Parliamentary-Projection-Le-Pens-Right-Wing-ID-Rises-to-Third-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EU-Parliamentary-Projection-Record-High-for-ID-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Polls-EU-Parliamentary-Projection-Scare-for-SampD-and-ECR-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Polls-EU-Parliamentary-Projection-Melonis-ECR-Close-to-Becoming-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ |
34 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wp-emoji-release.min.js
betterdemocracy.eu/wp-includes/js/ |
18 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/ Frame 30C0 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
89b7d5cc28525d50
authentifyme.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 30C0 |
0 683 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cropped-1-32x32.png
betterdemocracy.eu/wp-content/uploads/2024/02/ |
1 KB 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- betterdemocracy.eu
- URL
- https://betterdemocracy.eu/wp-includes/blocks/navigation/view.min.js?ver=6.5.5
- Domain
- betterdemocracy.eu
- URL
- https://betterdemocracy.eu/wp-includes/js/dist/interactivity.min.js?ver=6.5.5
- Domain
- betterdemocracy.eu
- URL
- https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Regular.ttf
- Domain
- betterdemocracy.eu
- URL
- https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/dm_serif_display/DMSerifDisplay-Regular.ttf
- Domain
- betterdemocracy.eu
- URL
- https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Bold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage string| mi_version boolean| mi_track_user string| mi_no_track_reason object| MonsterInsightsDefaultLocations object| MonsterInsightsLocations object| disableStrs function| __gtagTrackerIsOptedOut undefined| index function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| MonsterInsightsDualTracker function| gtag function| __gaTracker object| _wpemojiSettings function| MonsterInsights object| MonsterInsightsObject object| monsterinsights_frontend object| twemoji object| wp object| google_tag_manager object| google_tag_data object| gaGlobal4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.authentifyme.xyz/ | Name: __cf_mw_byp Value: CJ2Ou__yIfn9jSuMoYQPaKmjsON1NMuHbAnQimspw1c-1719684219-0.0.1.1-/ |
|
.authentifyme.xyz/ | Name: cf_clearance Value: N51PrH8MZ7ol5jZNWRKiENmGTt9E4VaUeTGtQd9WVZ8-1719684226-1.0.1.1-rDdbCJ1mcf31.4lCTKZyKzkg7YgWDb.GJtHHTGMFAqBcYQGxiw6j92PeS7AkdPL63ge2ztZxZW..OyjYqK42QA |
|
.authentifyme.xyz/ | Name: _ga_WNBVV5WY75 Value: GS1.1.1719684226.1.0.1719684226.0.0.0 |
|
.authentifyme.xyz/ | Name: _ga Value: GA1.1.1657318245.1719684226 |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
authentifyme.xyz
betterdemocracy.eu
region1.google-analytics.com
www.googletagmanager.com
betterdemocracy.eu
159.100.6.5
172.67.158.114
2001:4860:4802:34::36
2a00:1450:4001:82a::2008
1b7cb0018929b1127e914193ad605d5d939677234dd79601c158adcf4c6bec4f
1d23315ab940ff544af7a9a73e0418c58ceb71ab142d77d1db2f5038a6152276
2f42480a94772674b161ea3787e6101cbe603678b3198c4c79ae120df454947b
2fe17f9851625d80cc6401050fed8823c03364e9cb23a99a15526e115ab1310f
41485ab6955a61a57d3daac4ec1fec18e504ad7143d2743e0f9ab5e28d37bbc9
44277328c581eee85be06385086f90cf82230f1f70d25d7e4f02d87fdf421386
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
79a7d834f293278c3af3865d41e91303b9391b08faddf47cfb0a459d0ee2d1ed
7ad4364136812445867e91fa2aed3f2894df8e5aa9227d4736b5d8d3b1a46d66
7e8d45a2ce20a3d1aaea09c3bbe3995dd67ea842d8aa0ca35f10409f4734944e
83a7ae658589063a7cc61e1a1403ffb16afc41084aa8b0f7cf0f1582601e67d6
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
924eb87bf7940351eec01c2d11d1fd6194d73eb567ab1b05fd0514c4d3042290
aff0cc0609f66d08dcbec3bd44e430781d226e77ab567e9f0a6eddcdc67d30ea
bb43b0fb56a7fd7323d2b3e62c39fb527338cb45c7ad5462a0e737b37f90279a
bfbca3589a457ad218a6c17f6d71dc1aae181cf269366ede09ac79530da7b93a
c6c2ffd18069db4ea1dbba13fa6a59fe477aad1401ea7f6ee5f56b8e6df97fa9
cc62e5d9f8529c912954029906254c44a9bde1d1f120fe6f03b9ca2f41670616
d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a
e2af3d1fbe48af4fa4e2294de3661b895af5c489a7d2ce5888cd14d5f070e78b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f2c6a24d8af883aaef666d4c05e190a2bb95ee9922a4f838c64f16c8514fdd31
ff14f61ef9132d75c0280c8b1913ae9c71c7be13be5c45117577b55adb2faf86