authentifyme.xyz Open in urlscan Pro
104.21.66.98 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://authentifyme.xyz/
Effective URL:
https://authentifyme.xyz/
Submission: On June 30 via api (June 30th 2024, 2:10:28 pm UTC) from US — Scanned from DE

Summary HTTP 32 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 32 HTTP transactions. The main IP is 104.21.66.98, located in and belongs to CLOUDFLARENET, US. The main domain is authentifyme.xyz.
TLS certificate: Issued by WE1 on June 20th 2024. Valid for: 3 months.

This is the only time authentifyme.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 9	104.21.66.98 104.21.66.98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
17	159.100.6.5 159.100.6.5	44066 (DE-FIRSTC...) (DE-FIRSTCOLO firstcolo.net)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
32	5

9 104.21.66.98 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

authentifyme.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 159.100.6.5 (Germany)

ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
PTR: cp5.ultahost.com

betterdemocracy.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	betterdemocracy.eu betterdemocracy.eu	771 KB
9	authentifyme.xyz 2 redirects authentifyme.xyz	35 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2355
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	88 KB
32	4

	Domain	Requested by
17	betterdemocracy.eu	authentifyme.xyz
9	authentifyme.xyz	2 redirects authentifyme.xyz
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	authentifyme.xyz
32	4

This site contains links to these domains. Also see Links.

Domain
betterdemocracy.eu

Subject Issuer	Validity	Valid
authentifyme.xyz WE1	`2024-06-20` - `2024-09-18`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
webmail.betterdemocracy.eu R11	`2024-06-20` - `2024-09-18`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://authentifyme.xyz/
Frame ID: 34C91FB4E9842F2BB9D89D6BF16A3DB2
Requests: 30 HTTP requests in this frame

Frame: https://authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js
Frame ID: D985477FB034EFE4FCDDDF777D1F1F22
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Better Democracy - Information to enhance democracy

Page URL History Show full URLs

http://authentifyme.xyz/ HTTP 307
https://authentifyme.xyz/ Page URL
https://authentifyme.xyz/cdn-cgi/phish-bypass?atok=w_D1b.tsAQ2QsC3g52aHvJbyGWQB5yYuUZGhK4Isqek-171975... HTTP 301
https://authentifyme.xyz/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

32
Requests

78 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

893 kB
Transfer

1211 kB
Size

4
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://betterdemocracy.eu/
Title: Better Democracy

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/02/netherlands-rutte-signs-security-deal-in-ukraine-promising-artillery-funding/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/02/thousands-attended-navalnys-funeral-braving-warnings-against-protests/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/02/worlds-cartoonists-on-this-weeks-events/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/02/eus-pretending-to-be-an-honest-trade-cop/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/01/council-conclusions-at-the-end-of-the-13th-ministerial-conference-of-the-world-trade-organization/
Title: Council conclusions at the end of the 13th Ministerial Conference of the World Trade Organization

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/01/us-military-to-airdrop-humanitarian-aid-into-gaza/
Title: US military to airdrop humanitarian aid into Gaza

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/01/centre-right-wrestling-socialists-for-first-place-in-portugal-romania-eu-elections-projection/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2024/03/01/the-right-to-abortion-will-be-enshrined-in-the-french-constitution/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2023/12/30/eu-parliamentary-projection-le-pens-right-wing-id-rises-to-third-place/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2023/11/30/eu-parliamentary-projection-record-high-for-id/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2023/10/31/polls-eu-parliamentary-projection-scare-for-sd-and-ecr-treats-for-epp/

Search URL Search Domain Scan URL

URL: https://betterdemocracy.eu/2023/09/30/polls-eu-parliamentary-projection-melonis-ecr-close-to-becoming-3rd/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://authentifyme.xyz/ HTTP 307
https://authentifyme.xyz/ Page URL
https://authentifyme.xyz/cdn-cgi/phish-bypass?atok=w_D1b.tsAQ2QsC3g52aHvJbyGWQB5yYuUZGhK4Isqek-1719756617-0.0.1.1-%2F HTTP 301
https://authentifyme.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://authentifyme.xyz/ HTTP 307
https://authentifyme.xyz/

Request Chain 27

https://authentifyme.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

/ Show response
authentifyme.xyz/
Redirect Chain

http://authentifyme.xyz/
https://authentifyme.xyz/

4 KB
2 KB

167ms
76ms

Document
text/html

104.21.66.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://authentifyme.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.66.98 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf3e5edb4d1a0e3ede81ad143834b9c06ddf1eaa98c6876331dab01b69a06de

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-ray: 89bebd2b7d57972f-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 30 Jun 2024 14:10:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3l90G6%2BpZsN2EN%2F3RxwsQRzcBBJiI5B%2F39xaWXhxAf9Xu%2B6KW2zj7WENJRkzEYF14hVccL0%2BD4jIBB%2FRFhXh4J6DNYQDhgXjRzTb26u240s8sbwliGATQw1GRjtEQwYk3y0Q"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Location: https://authentifyme.xyz/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 cf.errors.css
authentifyme.xyz/cdn-cgi/styles/ 23 KB
5 KB 42ms
42ms Stylesheet
text/css 104.21.66.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://authentifyme.xyz/cdn-cgi/styles/cf.errors.css

Requested by

Host: authentifyme.xyz
URL: https://authentifyme.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.66.98 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 Jun 2024 17:42:45 GMT
server: cloudflare
etag: W/"667c5315-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 89bebd2bfe06972f-FRA
expires: Sun, 30 Jun 2024 16:10:17 GMT

GET
H3 200 icon-exclamation.png
authentifyme.xyz/cdn-cgi/images/ 452 B
634 B 42ms
42ms Image
image/png 104.21.66.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authentifyme.xyz/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: authentifyme.xyz
URL: https://authentifyme.xyz/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.66.98 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/cdn-cgi/styles/cf.errors.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:17 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Jun 2024 17:42:45 GMT
server: cloudflare
etag: "667c5315-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 89bebd2c3e6b972f-FRA
content-length: 452
expires: Sun, 30 Jun 2024 16:10:17 GMT

GET
H3 404 favicon.ico
authentifyme.xyz/ 1 KB
1 KB 149ms
148ms Other
text/html 104.21.66.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://authentifyme.xyz/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.66.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 30 Jun 2024 14:10:17 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2F94%2B3I9GVGiSiqE85wN79A%2Fn8g%2F5BvXGlGYnGWDkvJhesMm0amwEsdV7%2FUIdI%2BQB5EjMXb2xL%2FHLGAsLYz5TI6sfipOrKJ61c6jAhC76wkNXOfDqeqY23W9rYpbRqqqVusB"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 89bebd2c8ec1972f-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request / Show response
authentifyme.xyz/
Redirect Chain

https://authentifyme.xyz/cdn-cgi/phish-bypass?atok=w_D1b.tsAQ2QsC3g52aHvJbyGWQB5yYuUZGhK4Isqek-1719756617-0.0.1.1-%2F
https://authentifyme.xyz/

102 KB
21 KB

119ms
118ms

Document
text/html

104.21.66.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://authentifyme.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.66.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 328b4e0e0ddb932a5a4ac4c4970bada01db99ef4c172b1007ead2664fe585963

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://authentifyme.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 89bebd4c3dfb972f-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 30 Jun 2024 14:10:22 GMT
link: <https://betterdemocracy.eu/wp-json/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdHGIaUoZOT4jKVfKjXg7d67AhLnngIv0kIWxbqMIjW5m8TBOqt4zrR8saTu9SkP7q%2B%2Fyv2kxcbdq6rzuZONSSCmSWarSeaSVrgceubN8Xebajkfozu0RMDyZ0jvZ37vpoAx"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed

Redirect headers

cache-control: private, no-cache
cf-ray: 89bebd4bfd9a972f-FRA
content-length: 167
content-type: text/html
date: Sun, 30 Jun 2024 14:10:22 GMT
location: https://authentifyme.xyz/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 249 KB
88 KB 284ms
81ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WNBVV5WY75

Requested by

Host: authentifyme.xyz
URL: https://authentifyme.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3b98102a728a4df242c60eff567d551381b40b7b8a2dd472406e62f870f0cc1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90096
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 30 Jun 2024 14:10:23 GMT

GET
H2 200 style.min.css
betterdemocracy.eu/wp-includes/blocks/image/ 7 KB
1 KB 282ms
80ms Stylesheet
text/css 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-includes/blocks/image/style.min.css?ver=6.5.5
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 83a7ae658589063a7cc61e1a1403ffb16afc41084aa8b0f7cf0f1582601e67d6

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 00:45:43 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1448
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 style.min.css
betterdemocracy.eu/wp-includes/blocks/navigation/ 16 KB
2 KB 280ms
78ms Stylesheet
text/css 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-includes/blocks/navigation/style.min.css?ver=6.5.5
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: e2af3d1fbe48af4fa4e2294de3661b895af5c489a7d2ce5888cd14d5f070e78b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 00:45:43 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 2078
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 style.min.css
betterdemocracy.eu/wp-includes/blocks/social-links/ 10 KB
1 KB 336ms
134ms Stylesheet
text/css 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-includes/blocks/social-links/style.min.css?ver=6.5.5
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 7ad4364136812445867e91fa2aed3f2894df8e5aa9227d4736b5d8d3b1a46d66

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 00:45:43 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1435
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 patterns.css
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/css/ 1 KB
624 B 277ms
75ms Stylesheet
text/css 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/css/patterns.css?ver=1708603176
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: c6c2ffd18069db4ea1dbba13fa6a59fe477aad1401ea7f6ee5f56b8e6df97fa9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
last-modified: Thu, 22 Feb 2024 12:07:57 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 329
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 patterns.css
betterdemocracy.eu/wp-content/themes/minimalistix/assets/css/ 917 B
347 B 277ms
76ms Stylesheet
text/css 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-content/themes/minimalistix/assets/css/patterns.css?ver=1708603176
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: aff0cc0609f66d08dcbec3bd44e430781d226e77ab567e9f0a6eddcdc67d30ea

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
last-modified: Thu, 22 Feb 2024 11:59:36 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 291
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 frontend-gtag.min.js Show response
betterdemocracy.eu/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 11 KB
3 KB 295ms
125ms Script
text/javascript 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=8.27.0
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
last-modified: Thu, 30 May 2024 00:13:40 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 3030

GET view.min.js
betterdemocracy.eu/wp-includes/blocks/navigation/ 0
0

GET interactivity.min.js
betterdemocracy.eu/wp-includes/js/dist/ 0
0

GET
H2 200 cropped-1.png
betterdemocracy.eu/wp-content/uploads/2024/02/ 24 KB
24 KB 288ms
119ms Image
image/png 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/02/cropped-1.png
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: bb43b0fb56a7fd7323d2b3e62c39fb527338cb45c7ad5462a0e737b37f90279a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Thu, 22 Feb 2024 11:58:31 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 24206
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
BLOB 200
OK 26a8158b-b982-49d5-bdfa-0357b99c8755
https://authentifyme.xyz/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://authentifyme.xyz/26a8158b-b982-49d5-bdfa-0357b99c8755
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 1185
Content-Type: text/javascript

GET SourceSansPro-Regular.ttf
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/ 0
0

GET DMSerifDisplay-Regular.ttf
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/dm_serif_display/ 0
0

GET SourceSansPro-Bold.ttf
betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/ 0
0

GET
H2 200 Netherlands-Rutte-signs-security-deal-in-Ukraine-promising-artillery-funding.jpg
betterdemocracy.eu/wp-content/uploads/2024/03/ 85 KB
85 KB 47ms
43ms Image
image/jpeg 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/03/Netherlands-Rutte-signs-security-deal-in-Ukraine-promising-artillery-funding.jpg
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: bfbca3589a457ad218a6c17f6d71dc1aae181cf269366ede09ac79530da7b93a

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 02 Mar 2024 11:35:27 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 86958
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 Thousands-attended-Navalnys-funeral-braving-warnings-against-protests.jpg
betterdemocracy.eu/wp-content/uploads/2024/03/ 86 KB
86 KB 211ms
208ms Image
image/jpeg 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/03/Thousands-attended-Navalnys-funeral-braving-warnings-against-protests.jpg
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 2f42480a94772674b161ea3787e6101cbe603678b3198c4c79ae120df454947b

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 02 Mar 2024 06:18:08 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 87897
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 Worlds-cartoonists-on-this-weeks-events.png
betterdemocracy.eu/wp-content/uploads/2024/03/ 294 KB
294 KB 185ms
182ms Image
image/png 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/03/Worlds-cartoonists-on-this-weeks-events.png
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: cc62e5d9f8529c912954029906254c44a9bde1d1f120fe6f03b9ca2f41670616

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 02 Mar 2024 04:28:20 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 300758
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 EUs-pretending-to-be-an-honest-trade-cop.jpg
betterdemocracy.eu/wp-content/uploads/2024/03/ 129 KB
129 KB 211ms
207ms Image
image/jpeg 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/03/EUs-pretending-to-be-an-honest-trade-cop.jpg
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 1d23315ab940ff544af7a9a73e0418c58ceb71ab142d77d1db2f5038a6152276

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 02 Mar 2024 09:24:53 GMT
server: LiteSpeed
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 132350
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 EU-Parliamentary-Projection-Le-Pens-Right-Wing-ID-Rises-to-Third-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ 34 KB
34 KB 210ms
207ms Image
image/png 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/02/EU-Parliamentary-Projection-Le-Pens-Right-Wing-ID-Rises-to-Third-150x150.png
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 41485ab6955a61a57d3daac4ec1fec18e504ad7143d2743e0f9ab5e28d37bbc9

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 24 Feb 2024 01:38:59 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 35237
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 EU-Parliamentary-Projection-Record-High-for-ID-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ 35 KB
35 KB 211ms
208ms Image
image/png 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/02/EU-Parliamentary-Projection-Record-High-for-ID-150x150.png
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: f2c6a24d8af883aaef666d4c05e190a2bb95ee9922a4f838c64f16c8514fdd31

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 24 Feb 2024 12:02:45 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 35356
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 Polls-EU-Parliamentary-Projection-Scare-for-SampD-and-ECR-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ 35 KB
35 KB 100ms
97ms Image
image/png 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/02/Polls-EU-Parliamentary-Projection-Scare-for-SampD-and-ECR-150x150.png
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 7e8d45a2ce20a3d1aaea09c3bbe3995dd67ea842d8aa0ca35f10409f4734944e

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 24 Feb 2024 21:35:00 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 35383
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 Polls-EU-Parliamentary-Projection-Melonis-ECR-Close-to-Becoming-150x150.png
betterdemocracy.eu/wp-content/uploads/2024/02/ 34 KB
35 KB 344ms
341ms Image
image/png 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/02/Polls-EU-Parliamentary-Projection-Melonis-ECR-Close-to-Becoming-150x150.png
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: ff14f61ef9132d75c0280c8b1913ae9c71c7be13be5c45117577b55adb2faf86

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
last-modified: Sat, 24 Feb 2024 21:35:09 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 35305
expires: Sun, 07 Jul 2024 14:10:23 GMT

GET
H2 200 wp-emoji-release.min.js Show response
betterdemocracy.eu/wp-includes/js/ 18 KB
5 KB 344ms
342ms Script
text/javascript 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-includes/js/wp-emoji-release.min.js?ver=6.5.5
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
last-modified: Wed, 03 Apr 2024 00:45:46 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 4676

GET
H3

200

main.js Show response
authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/ Frame D985
Redirect Chain

https://authentifyme.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js

8 KB
4 KB

129ms
129ms

Script
application/javascript

104.21.66.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://authentifyme.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js

Requested by

Host: authentifyme.xyz
URL: https://authentifyme.xyz/

Protocol

Server

104.21.66.98 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

310d8e7a82c30d95347cc82523afa6e300b9dbb5089e208747dbbfc70a57f895

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g5etw2Q8SYHu2vA3OocsbIO2VTavtSqOpLs1gxV4voQihZkYuuD1lb4F7ACwHPxp%2Ftv%2Blxl8cdfe3%2FtTgbaln1tn8r9mGsiiY9d7n%2FnRfWK02OTXJSfEmHTsb8H4C6WbLSFa"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 89bebd502b9f972f-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sun, 30 Jun 2024 14:10:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DnU1QpHFaBPhK%2F%2B1MxuCjPOc40zVA%2F6%2BqzBuw1oD0flvxeNIbVxJDvG1AuUysxt93I1K72IFZInOXGHMLOlEM9ow6Rx6M1bunVVImV35RS5kjGtKnz1S1ARDv5vE4AvDra9r"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/d2a97f6b6ec9/main.js
cache-control: max-age=300, public
cf-ray: 89bebd4fcb33972f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 219ms
44ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-WNBVV5WY75&gtm=45je46q0v9178490374za200&_p=1719756622891&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&gdid=dZGIzZG&cid=2049302979.1719756623&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.126%7CGoogle%2520Chrome%3B126.0.6478.126&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1719756623&sct=1&seg=0&dl=https%3A%2F%2Fbetterdemocracy.eu%2F&dr=https%3A%2F%2Fauthentifyme.xyz%2F&dt=Better%20Democracy%20-%20Information%20to%20enhance%20democracy&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.forceSSL=true&ep.link_attribution=true&tfd=693&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WNBVV5WY75
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sun, 30 Jun 2024 14:10:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://authentifyme.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 89bebd4c3dfb972f Show response
authentifyme.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame D985 0
680 B 67ms
58ms XHR
text/plain 104.21.66.98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://authentifyme.xyz/cdn-cgi/challenge-platform/h/g/jsd/r/89bebd4c3dfb972f
Requested by: Host: authentifyme.xyz
URL: https://authentifyme.xyz/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.66.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 30 Jun 2024 14:10:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wlwXD5YNICtLsPJYlnzddB1DKq2tz3g1AZgJnmeM%2Bqr3LFAbhbrmLID8T9arqd1E021iXc6rb4xSzAtgi8YVioetbCrfL4TEq2ZWuLpmKPEEBj8kTVYutWA0%2Bt8ghOHhX6x%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 89bebd519d90972f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 cropped-1-32x32.png
betterdemocracy.eu/wp-content/uploads/2024/02/ 1 KB
1 KB 43ms
40ms Other
image/png 159.100.6.5
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://betterdemocracy.eu/wp-content/uploads/2024/02/cropped-1-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 159.100.6.5 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: cp5.ultahost.com
Software: LiteSpeed /
Resource Hash: 44277328c581eee85be06385086f90cf82230f1f70d25d7e4f02d87fdf421386

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://authentifyme.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 30 Jun 2024 14:10:24 GMT
last-modified: Thu, 22 Feb 2024 11:58:31 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1193
expires: Sun, 07 Jul 2024 14:10:24 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: betterdemocracy.eu
URL: https://betterdemocracy.eu/wp-includes/blocks/navigation/view.min.js?ver=6.5.5

Domain: betterdemocracy.eu
URL: https://betterdemocracy.eu/wp-includes/js/dist/interactivity.min.js?ver=6.5.5

Domain: betterdemocracy.eu
URL: https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Regular.ttf

Domain: betterdemocracy.eu
URL: https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/dm_serif_display/DMSerifDisplay-Regular.ttf

Domain: betterdemocracy.eu
URL: https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.authentifyme.xyz/	1970-01-20 21:44:03	Name: __cf_mw_byp Value: w_D1b.tsAQ2QsC3g52aHvJbyGWQB5yYuUZGhK4Isqek-1719756617-0.0.1.1-/
.authentifyme.xyz/	1970-01-21 07:18:36	Name: _ga_WNBVV5WY75 Value: GS1.1.1719756623.1.0.1719756623.0.0.0
.authentifyme.xyz/	1970-01-21 07:18:36	Name: _ga Value: GA1.1.2049302979.1719756623
.authentifyme.xyz/	1970-01-21 06:28:12	Name: cf_clearance Value: qcgnZTjGKOiCwJ9.y163cMJ8hiZ_PlcoxEblGbaLOp0-1719756623-1.0.1.1-Ou5Xnb.G0wNSuq3Nllj_rqwNUUPqvE4XhIifSlC7GTmbc9GGPsAVdffN40yjFvwiUY4lGY_FuC.JjlmFFYm4xg

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://authentifyme.xyz/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://authentifyme.xyz/ Message: Access to script at 'https://betterdemocracy.eu/wp-includes/blocks/navigation/view.min.js?ver=6.5.5' from origin 'https://authentifyme.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://betterdemocracy.eu/wp-includes/blocks/navigation/view.min.js?ver=6.5.5 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://authentifyme.xyz/ Message: Access to script at 'https://betterdemocracy.eu/wp-includes/js/dist/interactivity.min.js?ver=6.5.5' from origin 'https://authentifyme.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://betterdemocracy.eu/wp-includes/js/dist/interactivity.min.js?ver=6.5.5 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://authentifyme.xyz/ Message: Access to font at 'https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/dm_serif_display/DMSerifDisplay-Regular.ttf' from origin 'https://authentifyme.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/dm_serif_display/DMSerifDisplay-Regular.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://authentifyme.xyz/ Message: Access to font at 'https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Bold.ttf' from origin 'https://authentifyme.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://authentifyme.xyz/ Message: Access to font at 'https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Regular.ttf' from origin 'https://authentifyme.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://betterdemocracy.eu/wp-content/themes/mirror-magazine/assets/fonts/source_sans_pro/SourceSansPro-Regular.ttf Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

authentifyme.xyz
betterdemocracy.eu
region1.google-analytics.com
www.googletagmanager.com
betterdemocracy.eu
104.21.66.98
159.100.6.5
2001:4860:4802:34::36
2a00:1450:4001:813::2008
1d23315ab940ff544af7a9a73e0418c58ceb71ab142d77d1db2f5038a6152276
2f42480a94772674b161ea3787e6101cbe603678b3198c4c79ae120df454947b
310d8e7a82c30d95347cc82523afa6e300b9dbb5089e208747dbbfc70a57f895
328b4e0e0ddb932a5a4ac4c4970bada01db99ef4c172b1007ead2664fe585963
3b98102a728a4df242c60eff567d551381b40b7b8a2dd472406e62f870f0cc1e
41485ab6955a61a57d3daac4ec1fec18e504ad7143d2743e0f9ab5e28d37bbc9
44277328c581eee85be06385086f90cf82230f1f70d25d7e4f02d87fdf421386
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
5b9f9afe7621ec465573f58064f5bef3a229e5e19362351168fd211f6a28bb5c
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
7ad4364136812445867e91fa2aed3f2894df8e5aa9227d4736b5d8d3b1a46d66
7cf3e5edb4d1a0e3ede81ad143834b9c06ddf1eaa98c6876331dab01b69a06de
7e8d45a2ce20a3d1aaea09c3bbe3995dd67ea842d8aa0ca35f10409f4734944e
83a7ae658589063a7cc61e1a1403ffb16afc41084aa8b0f7cf0f1582601e67d6
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
aff0cc0609f66d08dcbec3bd44e430781d226e77ab567e9f0a6eddcdc67d30ea
bb43b0fb56a7fd7323d2b3e62c39fb527338cb45c7ad5462a0e737b37f90279a
bfbca3589a457ad218a6c17f6d71dc1aae181cf269366ede09ac79530da7b93a
c6c2ffd18069db4ea1dbba13fa6a59fe477aad1401ea7f6ee5f56b8e6df97fa9
cc62e5d9f8529c912954029906254c44a9bde1d1f120fe6f03b9ca2f41670616
d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a
e2af3d1fbe48af4fa4e2294de3661b895af5c489a7d2ce5888cd14d5f070e78b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f2c6a24d8af883aaef666d4c05e190a2bb95ee9922a4f838c64f16c8514fdd31
ff14f61ef9132d75c0280c8b1913ae9c71c7be13be5c45117577b55adb2faf86

authentifyme.xyz Open in urlscan Pro 104.21.66.98 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

78 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

893 kBTransfer

1211 kBSize

4 Cookies

13 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

authentifyme.xyz Open in urlscan Pro
104.21.66.98 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

78 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

893 kB
Transfer

1211 kB
Size

4
Cookies

32 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!