burnt-veiled-lightning.glitch.me Open in urlscan Pro
2a04:4e42:400::571 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://burnt-veiled-lightning.glitch.me/public/nfcu.html
Submission: On June 12 via automatic, source phishtank (June 12th 2025, 12:59:11 pm UTC) — Scanned from US

Summary HTTP 13 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 2a04:4e42:400::571, located in United States and belongs to FASTLY, US. The main domain is burnt-veiled-lightning.glitch.me.
TLS certificate: Issued by Certainly Intermediate R1 on June 10th 2025. Valid for: a month.

This is the only time burnt-veiled-lightning.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Navy Federal Credit Union (Government)

Domain & IP information

	IP Address	AS Autonomous System
2 6	2a04:4e42:400... 2a04:4e42:400::571	54113 (FASTLY) (FASTLY)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:1408:c40... 2600:1408:c400:380::44e8	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	195.80.159.133 195.80.159.133	29152 (DECKNET-A...) (DECKNET-AS Decknet SARL)
2 2	3.167.69.3 3.167.69.3	16509 (AMAZON-02) (AMAZON-02)
4	18.238.55.29 18.238.55.29	16509 (AMAZON-02) (AMAZON-02)
13	6

6 2a04:4e42:400::571 (United States) 2 redirects

ASN54113 (FASTLY, US)

burnt-veiled-lightning.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1408:c400:380::44e8 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

digitalapps.navyfederal.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.80.159.133 (France)

ASN29152 (DECKNET-AS Decknet SARL, FR)

l2.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.167.69.3 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-3-167-69-3.iad61.r.cloudfront.net

cdn.glitch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.238.55.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-29.jfk52.r.cloudfront.net

cdn.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	glitch.me 2 redirects burnt-veiled-lightning.glitch.me cdn.glitch.me — Cisco Umbrella Rank: 219548	1 MB
3	navyfederal.org digitalapps.navyfederal.org — Cisco Umbrella Rank: 100603	75 KB
2	glitch.com 2 redirects cdn.glitch.com — Cisco Umbrella Rank: 241357	884 B
1	l2.io l2.io — Cisco Umbrella Rank: 174972	194 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 247	6 KB
13	5

	Domain	Requested by
6	burnt-veiled-lightning.glitch.me	2 redirects burnt-veiled-lightning.glitch.me
4	cdn.glitch.me	burnt-veiled-lightning.glitch.me
3	digitalapps.navyfederal.org	burnt-veiled-lightning.glitch.me
2	cdn.glitch.com	2 redirects
1	l2.io	burnt-veiled-lightning.glitch.me
1	cdnjs.cloudflare.com	burnt-veiled-lightning.glitch.me
13	6

This site contains links to these domains. Also see Links.

Domain
www.navyfederal.org
accountservices.navyfederal.org
policies.google.com
www.11ty.dev
glitch.com

Subject Issuer	Validity	Valid
*.glitch.me Certainly Intermediate R1	`2025-06-10` - `2025-07-10`	a month	crt.sh
cdnjs.cloudflare.com WE1	`2025-05-22` - `2025-08-20`	3 months	crt.sh
digitalapps.navyfederal.org DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-08-21` - `2025-08-20`	a year	crt.sh
l2.io R11	`2025-05-01` - `2025-07-30`	3 months	crt.sh
glitch.com Amazon RSA 2048 M02	`2024-11-03` - `2025-12-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://burnt-veiled-lightning.glitch.me/public/nfcu.html
Frame ID: C05E414AA759F6C2A90B4B3290FAEA49
Requests: 10 HTTP requests in this frame

Frame: https://burnt-veiled-lightning.glitch.me/
Frame ID: 717B734857D40EAA5C64995D1FDE4F99
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Navy Federal Credit Union - Our Members are the Mission®

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

13
Requests

77 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

1425 kB
Transfer

1487 kB
Size

1
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.navyfederal.org/branches-atms/index.php
Title: Locations

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://accountservices.navyfederal.org/account-recovery/
Title: Sign In Help

Search URL Search Domain Scan URL

URL: https://accountservices.navyfederal.org/enrollment/
Title: Enroll in digital banking »

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/services/security/digital-security.php
Title: Learn More »

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/about/about.php
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/privacy/online.php
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/security/
Title: Security

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/accessibility.php
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/support/index.php
Title: Browser Support

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/pdf/ebrochures/1116e.pdf
Title: .ehlIcon{fill:#0667ba} Federally Insured by NCUA

Search URL Search Domain Scan URL

URL: https://www.navyfederal.org/pdf/ebrochures/3035_EHL_Poster.pdf
Title: .ncuaIcon{fill:#0667ba} Equal Housing Lender

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.11ty.dev/
Title: Eleventy

Search URL Search Domain Scan URL

URL: https://glitch.com/edit/#!/remix/glitch-hello-eleventy
Title: Remix on Glitch

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://burnt-veiled-lightning.glitch.me/signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg HTTP 302
https://burnt-veiled-lightning.glitch.me/

Request Chain 7

https://burnt-veiled-lightning.glitch.me/public/navy_files/saved_resource.html HTTP 302
https://burnt-veiled-lightning.glitch.me/

Request Chain 10

https://cdn.glitch.com/cad20829-cd7f-405a-95e8-5e17b206a304%2Fillustration.svg?v=1618198438357 HTTP 301
https://cdn.glitch.me/cad20829-cd7f-405a-95e8-5e17b206a304%2Fillustration.svg

Request Chain 11

https://cdn.glitch.com/605e2a51-d45f-4d87-a285-9410ad350515%2FLogo_Color.svg?v=1618199565140 HTTP 301
https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2FLogo_Color.svg

13 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request nfcu.html Show response
burnt-veiled-lightning.glitch.me/public/ 1 MB
1 MB 1172ms
408ms Document
text/html 2a04:4e42:400::571
FASTLY

General

Check archive.org

Download Go to

Full URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::571 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e34454ec288ac1b0f30a24a29f69a39ce0d07fe75694b6f401c4088ddd76278d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache
content-length: 1063084
content-type: text/html; charset=utf-8
date: Thu, 12 Jun 2025 12:59:12 GMT
etag: "1413581ea251f580c056abcacd7a30cf"
last-modified: Sat, 07 Jun 2025 19:50:54 GMT
server: AmazonS3
via: 1.1 varnish
x-amz-id-2: S4VLzkkkO7ma4F08bcmvRklcb9rFUxJ4b/JjTTZYfZ8X40e9PaOPiI77uBi5xJ5hAnZNWCsf7ps=
x-amz-request-id: 3ZA7B046SJ0PMFQJ
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-mad22048-MAD, cache-mad22048-MAD
x-timer: S1749733152.399956,VS0,VE190

GET
H3 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 167ms
84ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 , Ascension Island, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03e5f-7918"
age: 239827
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2Bg8jc0Al5BYmYPOiqRRn6OOu7jShcPFpRkVgF%2BXJ1CRE064DOY3eGm2kQzixycO3WnG2nXpWID9l1eIWsnimXWIx91EWPERpO1730bET8asdc3oufQw%2BsdwkYFbBKn74n3vOhBX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 02 Jun 2026 12:59:12 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Thu, 12 Jun 2025 12:59:12 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 04 May 2020 16:10:07 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 94e9862d3be416fb-SJC
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5631
server: cloudflare

GET
DATA 200
OK truncated
/ 80 KB
80 KB Font
font/woff

General

Check archive.org

Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1fa934880a173f877c7e90f95fca2ade66544e05daa88707d0866b6f903a9c05

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Origin: https://burnt-veiled-lightning.glitch.me
Referer

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 29 KB
29 KB Font
font/woff2

General

Check archive.org

Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a013af9f2e74ca2ba4cce61114b44fa5bd304d849e85fd41d269c835dc6f0db1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Origin: https://burnt-veiled-lightning.glitch.me
Referer

Response headers

Content-Type: font/woff2

GET
H2 200 bubbles.9f2a1919448e1d79ac6b.svg
digitalapps.navyfederal.org/signin/static/media/ 9 KB
2 KB 396ms
128ms Image
image/svg+xml 2600:1408:c400:380::44e8
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://digitalapps.navyfederal.org/signin/static/media/bubbles.9f2a1919448e1d79ac6b.svg

Requested by

Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:380::44e8 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

314657d2f8121f4b44b50900eccfb8c7ebc336da2dc7e62182cce48c77018dd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
cache-control: private, must-revalidate, max-age=86400
content-encoding: br
x-content-type-options: nosniff
expires: Fri, 13 Jun 2025 12:59:21 GMT
x-vcap-request-id: b8588aaa-945a-4a7a-6069-e8e23655381a
content-length: 2145
x-xss-protection: 1; mode=block
date: Thu, 12 Jun 2025 12:59:21 GMT
content-type: image/svg+xml
last-modified: Wed, 07 May 2025 17:41:08 GMT
vary: Accept-Encoding
x-frame-options: DENY

GET
DATA 200
OK truncated
/ 29 KB
29 KB Font
font/woff2

General

Check archive.org

Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e80d024dca764170eec0c890e20dadbc9013ecd2b98ac3cb30587965bc0c62b5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Origin: https://burnt-veiled-lightning.glitch.me
Referer

Response headers

Content-Type: font/woff2

GET
H2

200

/
burnt-veiled-lightning.glitch.me/
Redirect Chain

https://burnt-veiled-lightning.glitch.me/signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg
https://burnt-veiled-lightning.glitch.me/

2 KB
2 KB

357ms
356ms

Image
text/html

2a04:4e42:400::571
FASTLY

General

Check archive.org

Download Go to Show image

Full URL: https://burnt-veiled-lightning.glitch.me/
Requested by: Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html
Protocol: H2
Server: 2a04:4e42:400::571 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/public/nfcu.html

Response headers

x-amz-version-id: null
etag: "a736550e507e2070cc20305799e7cef3"
x-cache: MISS, MISS
date: Thu, 12 Jun 2025 12:59:22 GMT
content-type: text/html; charset=utf-8
x-served-by: cache-mad22048-MAD, cache-mad22048-MAD
x-cache-hits: 0, 0
last-modified: Sat, 07 Jun 2025 19:50:54 GMT
x-amz-id-2: WNX3wzK5jOgbOFaFLrNr2GmiCJoC/nJZ4X2+9bsbGTeAwOenaZknItvrwVprYt6YLKVCSG62mndPKxNb5u8cVyl7H03qr8Yd
cache-control: no-cache
x-timer: S1749733162.079040,VS0,VE142
via: 1.1 varnish
x-amz-request-id: HV2D4MD8KMAQ4H0J
accept-ranges: bytes
content-length: 3449
server: AmazonS3
x-amz-server-side-encryption: AES256

Redirect headers

location: /
x-timer: S1749733162.686016,VS0,VE147
via: 1.1 varnish
accept-ranges: bytes
x-cache: MISS, MISS
content-length: 23
date: Thu, 12 Jun 2025 12:59:21 GMT
content-type: text/plain; charset=utf-8
x-served-by: cache-mad22048-MAD, cache-mad22048-MAD
x-cache-hits: 0, 0
vary: Accept

GET
H2 200 img-BecomeAMember.64255d0d02ef64234628.jpg
digitalapps.navyfederal.org/signin/static/media/ 66 KB
66 KB 130ms
130ms Image
image/jpeg 2600:1408:c400:380::44e8
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to Show image

Full URL

https://digitalapps.navyfederal.org/signin/static/media/img-BecomeAMember.64255d0d02ef64234628.jpg

Requested by

Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:380::44e8 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

e0281f2df196096e82e299b0804ddf9553c1c008616fa21f3dfbc39478f77e78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
cache-control: private, must-revalidate, max-age=86400
x-content-type-options: nosniff
expires: Fri, 13 Jun 2025 12:59:21 GMT
accept-ranges: bytes
x-vcap-request-id: adbf48ac-91e0-44ac-7e87-71d7bfa5e200
content-length: 67139
x-xss-protection: 1; mode=block
date: Thu, 12 Jun 2025 12:59:21 GMT
content-type: image/jpeg
last-modified: Sun, 18 May 2025 09:04:07 GMT
vary: Accept-Encoding
x-frame-options: DENY

GET
H2

200

/ Show response
burnt-veiled-lightning.glitch.me/ Frame 717B
Redirect Chain

https://burnt-veiled-lightning.glitch.me/public/navy_files/saved_resource.html
https://burnt-veiled-lightning.glitch.me/

3 KB
4 KB

673ms
672ms

Document
text/html

2a04:4e42:400::571
FASTLY

General

Check archive.org

Download Go to

Full URL: https://burnt-veiled-lightning.glitch.me/
Requested by: Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::571 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8079305a9472cd641e98b5957be3bbaffd3275535a04e22909cb82faa400793b

Request headers

Referer: https://burnt-veiled-lightning.glitch.me/public/nfcu.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache
content-length: 3449
content-type: text/html; charset=utf-8
date: Thu, 12 Jun 2025 12:59:22 GMT
etag: "a736550e507e2070cc20305799e7cef3"
last-modified: Sat, 07 Jun 2025 19:50:54 GMT
server: AmazonS3
via: 1.1 varnish
x-amz-id-2: rc0AB7+apbv3oae34IIq7ucBmnaL9C9WqmMVY69r3B7l+A7BNYwdHWAcDuFGsGfnmMmFIt8Czrk+TbS/AfQ6Xw==
x-amz-request-id: HV296NS3NM5Y4010
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-mad22048-MAD, cache-mad22048-MAD
x-timer: S1749733162.311884,VS0,VE168

Redirect headers

accept-ranges: bytes
content-length: 46
content-type: text/html; charset=utf-8
date: Thu, 12 Jun 2025 12:59:22 GMT
location: /
vary: Accept
via: 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-served-by: cache-mad22048-MAD, cache-mad22048-MAD
x-timer: S1749733162.945277,VS0,VE151

GET
H/1.1 200
OK ip.js Show response
l2.io/ 27 B
194 B 1189ms
793ms Script
text/html 195.80.159.133
DECKNET-AS Deckne...

General

Check archive.org

Download Go to

Full URL: https://l2.io/ip.js?var=userip
Requested by: Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 195.80.159.133 , France, ASN29152 (DECKNET-AS Decknet SARL, FR),
Reverse DNS
Software: Apache/2.4.62 (Debian) /
Resource Hash: aa3dff12b9e06fe7fcc8a026e1f346f6746d3e7d4b3730aea6a4315705bfa85d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

Content-Length: 27
Date: Thu, 12 Jun 2025 12:59:22 GMT
Content-Type: text/html; charset=UTF-8
Server: Apache/2.4.62 (Debian)
Connection: close

GET
H2 200 style.css
burnt-veiled-lightning.glitch.me/public/ Frame 717B 4 KB
5 KB 365ms
363ms Stylesheet
text/css 2a04:4e42:400::571
FASTLY

General

Check archive.org

Download Go to

Full URL: https://burnt-veiled-lightning.glitch.me/public/style.css
Requested by: Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::571 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bf2be7ef61da2531777b8842061b44510de73a14886600e74eedb7fa7dd9dde0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

x-amz-version-id: null
etag: "7a3e2aa6656b36c4ec3ca7b32263a8e9"
x-cache: MISS, MISS
date: Thu, 12 Jun 2025 12:59:23 GMT
last-modified: Sat, 07 Jun 2025 19:50:54 GMT
x-served-by: cache-mad22048-MAD, cache-mad22048-MAD
x-cache-hits: 0, 0
content-type: text/css; charset=utf-8
x-amz-id-2: wc2QCkaejiVuysVHdpI7TOb7wegPDaJ8Dbg7lFSUIXmlaX6+Sn8Rhn8IY1QTHbrpmrWCG/AE3sk=
cache-control: no-cache
x-timer: S1749733163.199073,VS0,VE149
via: 1.1 varnish
x-amz-request-id: R7FH8JM31FA1F7H8
accept-ranges: bytes
content-length: 4489
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1

200
OK

cad20829-cd7f-405a-95e8-5e17b206a304%2Fillustration.svg
cdn.glitch.me/ Frame 717B
Redirect Chain

https://cdn.glitch.com/cad20829-cd7f-405a-95e8-5e17b206a304%2Fillustration.svg?v=1618198438357
https://cdn.glitch.me/cad20829-cd7f-405a-95e8-5e17b206a304%2Fillustration.svg

22 KB
9 KB

374ms
126ms

Image
image/svg+xml

18.238.55.29
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://cdn.glitch.me/cad20829-cd7f-405a-95e8-5e17b206a304%2Fillustration.svg

Requested by

Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/

Protocol

HTTP/1.1

Server

18.238.55.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-29.jfk52.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1750fe016465e096b7bce0ce6e6a29dea8c99fa2d945a3118d99ef2baedc15c6

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

Content-Encoding: gzip
ETag: W/"25ab067f657a5d521c3da6e59c3cc553"
Age: 1771850
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: Bhs8C_ZRXmNveUM5FYhEC00EgQpN1_DrjjQkOlJVtoM30RbBtTKHLQ==
Date: Fri, 23 May 2025 00:48:34 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 12 Apr 2021 03:33:59 GMT
Vary: Accept-Encoding, Origin
Transfer-Encoding: chunked
Content-Security-Policy: script-src 'none'
Cache-Control: max-age=31536000
Connection: keep-alive
Via: 1.1 f26a1d19b20e4cf5dd8998779bc5b1fc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK52-P4
Server: AmazonS3

Redirect headers

Location: https://cdn.glitch.me/cad20829-cd7f-405a-95e8-5e17b206a304%2Fillustration.svg
Age: 39751
Connection: keep-alive
Via: 1.1 96f9056a06e76b2b06097885847b76f0.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
Content-Length: 0
X-Amz-Cf-Id: nCC8ALKl3wa3YwgGQ9d1Pq-3zmXQ2A8SoGEGnE4EZqjtQQyGfhAbfA==
Date: Thu, 12 Jun 2025 01:56:53 GMT
X-Amz-Cf-Pop: IAD61-P6
Vary: Origin
Server: AmazonS3

GET
H/1.1

200
OK

605e2a51-d45f-4d87-a285-9410ad350515%2FLogo_Color.svg
cdn.glitch.me/ Frame 717B
Redirect Chain

https://cdn.glitch.com/605e2a51-d45f-4d87-a285-9410ad350515%2FLogo_Color.svg?v=1618199565140
https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2FLogo_Color.svg

25 KB
10 KB

379ms
134ms

Image
image/svg+xml

18.238.55.29
AMAZON-02

General

Check archive.org

Download Go to Show image

Full URL

https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2FLogo_Color.svg

Requested by

Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/

Protocol

HTTP/1.1

Server

18.238.55.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-29.jfk52.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7d029c824720875cf5af4d2afab4be3438f665ef1f9e0f9df263cd1252ee0475

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

Content-Encoding: gzip
ETag: W/"7f508a0793ac63ed3888e9254db6ddc6"
Age: 9269202
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: vEZpUEBw4RPatOEVga3x3PePoFZ0UH19skuoPzdYlTdY7hagftePhA==
Date: Tue, 25 Feb 2025 06:12:42 GMT
Content-Type: image/svg+xml
Last-Modified: Mon, 12 Apr 2021 03:52:46 GMT
Vary: Accept-Encoding, Origin
Transfer-Encoding: chunked
Content-Security-Policy: script-src 'none'
Cache-Control: max-age=31536000
Connection: keep-alive
Via: 1.1 93d4768fcd6983151de614ccc8b5605e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK52-P4
Server: AmazonS3

Redirect headers

Location: https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2FLogo_Color.svg
Age: 80798
Connection: keep-alive
Via: 1.1 c297f40f50ed0c04a618a50b8a9423fe.cloudfront.net (CloudFront)
X-Cache: Hit from cloudfront
Content-Length: 0
X-Amz-Cf-Id: wEqRnKEUfEJJ_m2CCJrjaxyUQudJwpW7TlkSUebLC8LapQuH0efcVg==
Date: Wed, 11 Jun 2025 14:32:46 GMT
X-Amz-Cf-Pop: IAD61-P6
Vary: Origin
Server: AmazonS3

GET
H/1.1 200
OK 605e2a51-d45f-4d87-a285-9410ad350515%2FHKGrotesk-Bold.otf
cdn.glitch.me/ Frame 717B 67 KB
67 KB 382ms
137ms Font
binary/octet-stream 18.238.55.29
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2FHKGrotesk-Bold.otf?v=1603136323437

Requested by

Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/style.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-29.jfk52.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b5e56dd6cd597cd3b5cf93494e16ba5bb83f91d30457264346fd6fafd8e3729a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Origin: https://burnt-veiled-lightning.glitch.me
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

Content-Security-Policy: script-src 'none'
Cache-Control: max-age=31536000
ETag: "3d35049a875fbc4d3f3165da78f82ff4"
Age: 6764165
Connection: keep-alive
Via: 1.1 1f1744cc287fbe3723d548ac02f36c6a.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Content-Length: 68144
X-Amz-Cf-Id: zBowK8tmSdvIhwKG0WKkIjhCMjVoxqYiFWX60d3s-nhZV0yvHhBrzw==
Date: Wed, 26 Mar 2025 06:03:18 GMT
Content-Type: binary/octet-stream
Last-Modified: Mon, 19 Oct 2020 19:38:43 GMT
Server: AmazonS3
X-Amz-Cf-Pop: JFK52-P4

GET
H/1.1 200
OK 605e2a51-d45f-4d87-a285-9410ad350515%2FHKGrotesk-Regular.otf
cdn.glitch.me/ Frame 717B 66 KB
67 KB 381ms
136ms Font
binary/octet-stream 18.238.55.29
AMAZON-02

General

Check archive.org

Download Go to

Full URL

https://cdn.glitch.me/605e2a51-d45f-4d87-a285-9410ad350515%2FHKGrotesk-Regular.otf?v=1603136326027

Requested by

Host: burnt-veiled-lightning.glitch.me
URL: https://burnt-veiled-lightning.glitch.me/public/style.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.29 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-29.jfk52.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b046d0a2d5aee84490778562132d24c154df87102a667ef878d6c00158dfbce7

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Origin: https://burnt-veiled-lightning.glitch.me
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

Content-Security-Policy: script-src 'none'
Cache-Control: max-age=31536000
ETag: "cab8839a909b408392b7b3147c2afd23"
Age: 7026010
Connection: keep-alive
Via: 1.1 ce6ac8bc6515892a00316a83f3713e1e.cloudfront.net (CloudFront)
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Content-Length: 67768
X-Amz-Cf-Id: UwmoxMR7BZkwV5LZuaTjvncB2W3ti57PH_h89qY7m2T-3gRlsYdrdA==
Date: Sun, 23 Mar 2025 05:19:14 GMT
Content-Type: binary/octet-stream
Last-Modified: Mon, 19 Oct 2020 19:38:46 GMT
Server: AmazonS3
X-Amz-Cf-Pop: JFK52-P4

GET
H2 200 favicon.ico
digitalapps.navyfederal.org/signin/ 15 KB
7 KB 128ms
128ms Other
image/x-icon 2600:1408:c400:380::44e8
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL

https://digitalapps.navyfederal.org/signin/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:380::44e8 Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

0a6961e6e3001146084584bc435b476f233c6b91005ac8ccae2cadc9c4e1b3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36
Referer: https://burnt-veiled-lightning.glitch.me/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
cache-control: private, must-revalidate, max-age=86400
content-encoding: gzip
x-content-type-options: nosniff
expires: Fri, 13 Jun 2025 12:59:24 GMT
accept-ranges: bytes
x-vcap-request-id: e2965925-f1f5-420e-75da-29fe4d41dd9b
content-length: 6403
x-xss-protection: 1; mode=block
date: Thu, 12 Jun 2025 12:59:24 GMT
content-type: image/x-icon
last-modified: Wed, 07 May 2025 17:40:52 GMT
vary: Accept-Encoding
x-frame-options: DENY

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Navy Federal Credit Union (Government)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| userip function| sendp

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			digitalapps.navyfederal.org/	1969-12-31 23:59:59	Name: akaalb_Digital_ALB Value: ~op=~rv=89~m=~os=~id=e60553ebfa0e817d0fb2ff43d12a60ee

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html Message: [DOM] Found 6 elements with non-unique id #akamaiCookieName: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o
recommendation	warning	URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html Message: [DOM] Found 6 elements with non-unique id #akamaiCookieValue: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o
recommendation	warning	URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html Message: [DOM] Found 6 elements with non-unique id #ip: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o
recommendation	warning	URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html Message: [DOM] Found 4 elements with non-unique id #password: (More info: https://goo.gl/9p2vKq) %o %o %o %o
recommendation	warning	URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html Message: [DOM] Found 4 elements with non-unique id #passwordIcon: (More info: https://goo.gl/9p2vKq) %o %o %o %o
recommendation	warning	URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html Message: [DOM] Found 7 elements with non-unique id #signInButton: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o %o
recommendation	warning	URL: https://burnt-veiled-lightning.glitch.me/public/nfcu.html Message: [DOM] Found 6 elements with non-unique id #username: (More info: https://goo.gl/9p2vKq) %o %o %o %o %o %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

burnt-veiled-lightning.glitch.me
cdn.glitch.com
cdn.glitch.me
cdnjs.cloudflare.com
digitalapps.navyfederal.org
l2.io
104.17.24.14
18.238.55.29
195.80.159.133
2600:1408:c400:380::44e8
2a04:4e42:400::571
3.167.69.3
0a6961e6e3001146084584bc435b476f233c6b91005ac8ccae2cadc9c4e1b3e0
1750fe016465e096b7bce0ce6e6a29dea8c99fa2d945a3118d99ef2baedc15c6
1fa934880a173f877c7e90f95fca2ade66544e05daa88707d0866b6f903a9c05
314657d2f8121f4b44b50900eccfb8c7ebc336da2dc7e62182cce48c77018dd3
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d029c824720875cf5af4d2afab4be3438f665ef1f9e0f9df263cd1252ee0475
8079305a9472cd641e98b5957be3bbaffd3275535a04e22909cb82faa400793b
a013af9f2e74ca2ba4cce61114b44fa5bd304d849e85fd41d269c835dc6f0db1
aa3dff12b9e06fe7fcc8a026e1f346f6746d3e7d4b3730aea6a4315705bfa85d
b046d0a2d5aee84490778562132d24c154df87102a667ef878d6c00158dfbce7
b5e56dd6cd597cd3b5cf93494e16ba5bb83f91d30457264346fd6fafd8e3729a
bf2be7ef61da2531777b8842061b44510de73a14886600e74eedb7fa7dd9dde0
e0281f2df196096e82e299b0804ddf9553c1c008616fa21f3dfbc39478f77e78
e34454ec288ac1b0f30a24a29f69a39ce0d07fe75694b6f401c4088ddd76278d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e80d024dca764170eec0c890e20dadbc9013ecd2b98ac3cb30587965bc0c62b5

burnt-veiled-lightning.glitch.me Open in urlscan Pro 2a04:4e42:400::571 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

77 %HTTPS

33 %IPv6

5 Domains

6 Subdomains

6 IPs

3 Countries

1425 kBTransfer

1487 kBSize

1 Cookies

16 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

7 Console Messages

Indicators

burnt-veiled-lightning.glitch.me Open in urlscan Pro
2a04:4e42:400::571 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

77 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

1425 kB
Transfer

1487 kB
Size

1
Cookies

13 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!