urlscan.io logo urlscan.io
SecurityTrails logo

lucky-mercurial-camera.glitch.me Open in urlscan Pro
3.232.209.174  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.bing.com/ck/a?!&&p=f0cfdf16a156b8f0JmltdHM9MTcxNDYwODAwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmOD...
Effective URL: https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html
Submission: On May 04 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 25 HTTP transactions. The main IP is 3.232.209.174, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is lucky-mercurial-camera.glitch.me.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.
This is the only time lucky-mercurial-camera.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

IP Address AS Autonomous System
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 4 172.67.130.250 13335 (CLOUDFLAR...)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:1401:200... 20940 (AKAMAI-ASN1)
1 3.232.209.174 14618 (AMAZON-AES)
16 2a02:26f0:ab0... 20940 (AKAMAI-ASN1)
1 52.216.154.164 16509 (AMAZON-02)
25 9
1    2a02:26f0:3500:1b::1724:a392 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
www.bing.com
4    172.67.130.250 (United States)

ASN13335 (CLOUDFLARENET, US)
clics.info
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2600:1401:2000:2ab::f50 (Boston, United States)

ASN20940 (AKAMAI-ASN1, NL)
www.irs.gov
1    3.232.209.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-209-174.compute-1.amazonaws.com
lucky-mercurial-camera.glitch.me
16    2a02:26f0:ab00::214:8e73 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
api.id.me
1    52.216.154.164 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
idme-production.s3.amazonaws.com
Apex Domain
Subdomains		 Transfer
16 id.me
api.id.me — Cisco Umbrella Rank: 32743
288 KB
4 clics.info
clics.info
12 KB
1 amazonaws.com
idme-production.s3.amazonaws.com — Cisco Umbrella Rank: 62558
8 KB
1 glitch.me
lucky-mercurial-camera.glitch.me
8 KB
1 irs.gov
www.irs.gov — Cisco Umbrella Rank: 18545
4 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
28 KB
1 bing.com
www.bing.com — Cisco Umbrella Rank: 52
2 KB
25 8
Domain Requested by
16 api.id.me lucky-mercurial-camera.glitch.me
api.id.me
4 clics.info 1 redirects www.bing.com
clics.info
1 idme-production.s3.amazonaws.com lucky-mercurial-camera.glitch.me
1 lucky-mercurial-camera.glitch.me clics.info
1 www.irs.gov clics.info
1 fonts.googleapis.com clics.info
1 cdnjs.cloudflare.com clics.info
1 www.bing.com
25 8

This site contains links to these domains. Also see Links.

Domain
api.id.me
www.id.me
Subject Issuer Validity Valid
r.bing.com
Microsoft Azure ECC TLS Issuing CA 05		 2023-10-18 -
2024-06-27		 8 months crt.sh
clics.info
GTS CA 1P5		 2024-05-02 -
2024-07-31		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
www.irs.gov
Entrust Certification Authority - L1F		 2023-09-26 -
2024-10-26		 a year crt.sh
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
api.id.me
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2023-09-15 -
2024-09-17		 a year crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-10-10 -
2024-07-03		 9 months crt.sh

This page contains 2 frames:

Primary Page: https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html
Frame ID: 067A2B524ECE4A63A387A65B47C2019E
Requests: 25 HTTP requests in this frame

Frame: https://clics.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
Frame ID: 37AE569B624D399578BE6D4D4F7DD561
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in to ID.me - ID.me

Page URL History Show full URLs

  1. https://www.bing.com/ck/a?!&&p=f0cfdf16a156b8f0JmltdHM9MTcxNDYwODAwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LT... Page URL
  2. https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/ Page URL
  3. https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

50 %
IPv6

8
Domains

8
Subdomains

9
IPs

3
Countries

351 kB
Transfer

607 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.bing.com/ck/a?!&&p=f0cfdf16a156b8f0JmltdHM9MTcxNDYwODAwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmODBiNTYwNGQmaW5zaWQ9NTI3MA&ptn=3&ver=2&hsh=3&fclid=1c55f1f2-8175-6199-294d-e59f80b5604d&u=a1aHR0cHM6Ly9jbGljcy5pbmZvL2VudGVydGFpbm1lbnQvLW15LWxpdHRsZS1jYXJhdmFuLXNjaG9vbC1ob2xpZGF5LWFjdGl2aXRpZXMtZm9yLWtpZHMv&ntb=1 Page URL
  2. https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/ Page URL
  3. https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://clics.info/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://clics.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
a
www.bing.com/ck/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bing.com/ck/a?!&&p=f0cfdf16a156b8f0JmltdHM9MTcxNDYwODAwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmODBiNTYwNGQmaW5zaWQ9NTI3MA&ptn=3&ver=2&hsh=3&fclid=1c55f1f2-8175-6199-294d-e59f80b5604d&u=a1aHR0cHM6Ly9jbGljcy5pbmZvL2VudGVydGFpbm1lbnQvLW15LWxpdHRsZS1jYXJhdmFuLXNjaG9vbC1ob2xpZGF5LWFjdGl2aXRpZXMtZm9yLWtpZHMv&ntb=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:1b::1724:a392 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin
*
alt-svc
h3=":443"; ma=93600
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
1308
content-type
text/html; charset=UTF-8
date
Sat, 04 May 2024 23:53:34 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
vary
Accept-Encoding
x-cdn-traceid
0.92a12417.1714866814.3b72ba7a
x-msedge-ref
Ref A: E920C01F49AB46C3996748D11F0F5980 Ref B: FRAEDGE1815 Ref C: 2024-05-04T23:53:34Z
/
clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/ 		15 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Requested by
Host: www.bing.com
URL: https://www.bing.com/ck/a?!&&p=f0cfdf16a156b8f0JmltdHM9MTcxNDYwODAwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmODBiNTYwNGQmaW5zaWQ9NTI3MA&ptn=3&ver=2&hsh=3&fclid=1c55f1f2-8175-6199-294d-e59f80b5604d&u=a1aHR0cHM6Ly9jbGljcy5pbmZvL2VudGVydGFpbm1lbnQvLW15LWxpdHRsZS1jYXJhdmFuLXNjaG9vbC1ob2xpZGF5LWFjdGl2aXRpZXMtZm9yLWtpZHMv&ntb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.130.250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5288b02187f378022d6ae6c3da4cb9b992e6eadbca91f5db35cecd3e0533850
Security Headers
Name Value
Content-Security-Policy object-src 'none'
Strict-Transport-Security max-age=15768000;includeSubdomains
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.bing.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
4109
alt-svc
h3=":443"; ma=86400
cf-cache-status
HIT
cf-ray
87ec69395a6465dd-FRA
content-encoding
br
content-security-policy
object-src 'none'
content-type
text/html; charset=UTF-8
date
Sat, 04 May 2024 23:53:34 GMT
last-modified
Sat, 04 May 2024 22:45:05 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjb%2BCc7y7FyF%2BJgtNOAvfra5hqOKVNOAFsgGWIUnRqOOt9L1DvAelF4bvHtr7Ke7tPjtWUj1jac62WRNx%2BtTPpq%2F6GdhbUx6t5HegcKRavqrLXYvMFBBzX4plwo5"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15768000;includeSubdomains
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-nginx-upstream-cache-status
EXPIRED
x-server-powered-by
Engintron
x-xss-protection
1; mode=block 1; mode=block
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: clics.info
URL: https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
190208
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27938
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hpj%2FLJMuw97YnXnmzznanDgAD4Q43F0QZTqQ6%2B4hbzXBA0UkGdXydrmIjrQdn5qnVotGkEOREpX6QaJuThRbZmB8eHJjV8R1aYvicdsZ34BfQpkGZZmw1GGky3O%2FIO80WquT6nhA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
87ec693a5ba63a70-FRA
expires
Thu, 24 Apr 2025 23:53:35 GMT
css2
fonts.googleapis.com/ 		21 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
Requested by
Host: clics.info
URL: https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
90c4f0951056e5a82b2150c8b3fe6d011a08ea2abc957453d080b8179504e2d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 04 May 2024 23:53:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 04 May 2024 22:46:01 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 04 May 2024 23:53:35 GMT
favicon.ico
www.irs.gov/themes/custom/pup_base/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_base/favicon.ico
Requested by
Host: clics.info
URL: https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1401:2000:2ab::f50 Boston, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6d63881e43e08ef385e6c809b43b2b289a459fb2f30d5159000e2477d776b456
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Sun, 05 May 2024 23:53:35 GMT
x-edgeconnect-origin-mex-latency
2, 2
date
Sat, 04 May 2024 23:53:35 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
1, 22
x-age
140
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866815335_3088684247_31674157_40_11258_117_236_219";dur=1
content-length
3638
x-request-id
v-fdb6029e-87f2-11ed-93fd-d70670e8314e
last-modified
Sat, 02 Jul 2022 04:50:45 GMT
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
2
truncated
/ 		586 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		187 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
main.js
clics.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/ Frame 37AE
Redirect Chain
  • https://clics.info/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://clics.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://clics.info/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
Requested by
Host: clics.info
URL: https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Protocol
H3
Server
172.67.130.250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8372e089abe723278b49d5f8d89a2e6c80920a5633993a2b12a07b389f333b70
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Sat, 04 May 2024 23:53:35 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g3yOZFPKAk0z%2F1B8p%2FrjhvSKseJ%2BFUtx1klLxULOPpI56DBhbJ%2BoPcd3aiscU5szAld3BXfVvPvEWMVwogvHLltDItFUeLCBVAZ%2BbvyEaU6mjInWtMmmFsjMV7MJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
87ec693b5b4c65dd-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sat, 04 May 2024 23:53:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7sGmiw%2FqG9NIzwcSM%2FzR%2FJ9XBIQD8IDP8mZNUL68mTPU9PC5d3edlcxgPBuQLaoWhoP80l8HzgcRMWbTA2U2Yo9slcgG1A7Qt90EgnWYD0XRVCFIHsIjRNGzyYRD"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/d0ff3ebede6b/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
87ec693b0b3265dd-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
87ec69395a6465dd
clics.info/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 37AE 		0
569 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://clics.info/cdn-cgi/challenge-platform/h/g/jsd/r/87ec69395a6465dd
Requested by
Host: clics.info
URL: https://clics.info/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.130.250 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 04 May 2024 23:53:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74Ubdi%2FhmC0kfGvpBcjxxAgxM3vt7s5E0twJYS6UqTeFjA5qWR3tgKUNUwDsuEP0QXfPX3P6w3iI8LQxH2e9eNjgyXAc2POxeg5qqne0L0%2BjfC9QtX5UxxRcd55z"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
87ec693bfb9c65dd-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
Primary Request login.ea0f.html
lucky-mercurial-camera.glitch.me/public/ 		8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html
Requested by
Host: clics.info
URL: https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.232.209.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-232-209-174.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
1cce8f566bfa4ecbfd64096885e9a8e460789f470a85601725b8f3dd586870a1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://clics.info/entertainment/-my-little-caravan-school-holiday-activities-for-kids/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
7886
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 23:53:36 GMT
etag
"a78c9592939ce83aa891e59a943e996b"
last-modified
Sat, 04 May 2024 04:32:54 GMT
server
AmazonS3
x-amz-id-2
gm+paH0hGySI8VhRNVh/CeufuQa4i9RZp54ngrc0gIOzr5YgWqFKSA2H6giT8k+yCkZj1bJIsJQ=
x-amz-request-id
RXSVN8PQN4648QVY
x-amz-server-side-encryption
AES256
x-amz-version-id
null
application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
api.id.me/assets/ 		196 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Requested by
Host: lucky-mercurial-camera.glitch.me
URL: https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
037517434f1cd6a30b95cd8a3701adb1d971191e86cd3eb9f3af6c8be04f1d5e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lucky-mercurial-camera.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"660cd0cc-8015"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=60149
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816346_34901615_466605721_80_75248_38_0_255";dur=1
accept-ranges
bytes
content-length
32789
x-node
war-machine-14.idmeinc.net
idme-logo-1d96899e99d393974ec16fa17a820e78fca132bd8ea53e01f12bdc000baf674f.svg
api.id.me/assets/logos/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.id.me/assets/logos/idme-logo-1d96899e99d393974ec16fa17a820e78fca132bd8ea53e01f12bdc000baf674f.svg
Requested by
Host: lucky-mercurial-camera.glitch.me
URL: https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
eb439f785d33858dfe7300098e5f38c7ebb471ccfe409dde80df79c90c11e5e9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lucky-mercurial-camera.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"63cdf37a-554"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=1166154
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816422_34901615_466605723_59_75199_38_0_219";dur=1
content-length
1364
x-node
war-machine-00.idmeinc.net
icon-addition-1c60f492657aa091463f6ac2e15f0f5123425f314e60383dbba0b06b3bbae0ed.svg
api.id.me/assets/icons/ 		714 B
680 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.id.me/assets/icons/icon-addition-1c60f492657aa091463f6ac2e15f0f5123425f314e60383dbba0b06b3bbae0ed.svg
Requested by
Host: lucky-mercurial-camera.glitch.me
URL: https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c47576302ee3e3045e7ab79fc4343b5316cd180d0ef46f1ce3a55d328bd7f5c3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lucky-mercurial-camera.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"6356e7a4-19c"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2218897
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816422_34901615_466605722_75_75214_38_74_219";dur=1
accept-ranges
bytes
content-length
412
x-node
war-machine-17.idmeinc.net
large.png
idme-production.s3.amazonaws.com/applications/7134/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idme-production.s3.amazonaws.com/applications/7134/large.png?1622046546
Requested by
Host: lucky-mercurial-camera.glitch.me
URL: https://lucky-mercurial-camera.glitch.me/public/login.ea0f.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.154.164 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
f572d48a10bfb645807b02d0f884bdf0d7e6188a01808ce47da1e67c00daaa0e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lucky-mercurial-camera.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 04 May 2024 23:53:37 GMT
x-amz-version-id
nk9feAaLqy_EHbgLzWe2PMMiIV6A3S2.
Last-Modified
Fri, 19 Jan 2024 13:58:30 GMT
Server
AmazonS3
x-amz-request-id
RXSYQTD4CK5FBGM5
ETag
"27085fab80b4bb02d45bd1e02af8d837"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Cache-Control
max-age=315360000, public
Accept-Ranges
bytes
Content-Length
7855
x-amz-id-2
4sciwxrD09Bl6sMSefJBT34ZxnACM4ivFxcRI9UvU/yi9brgMeLLJHHVnuofgY9y7dMqG57xagA=
Expires
Sun, 19 Jan 2025 12:50:19 GMT
Poppins-SemiBold-15cea7fedab57408d132253bd4663008d2627476be29759d00c67d716ee0570b.woff
api.id.me/assets/ 		66 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/Poppins-SemiBold-15cea7fedab57408d132253bd4663008d2627476be29759d00c67d716ee0570b.woff
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
937c7bd392e945cd2e1ee86cf47b357af016af281c2062d3249132c023f65f39

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Origin
https://lucky-mercurial-camera.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"6356e7a5-1095c"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=845515
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816646_34901615_466605755_123_12238_38_41_255";dur=1
accept-ranges
bytes
content-length
67932
x-node
war-machine-13.idmeinc.net
OpenSans-Semibold-6c9bf1664cc6e8151624c0c19613cb4183278f26f97011c172542d5d574faab8.woff
api.id.me/assets/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/OpenSans-Semibold-6c9bf1664cc6e8151624c0c19613cb4183278f26f97011c172542d5d574faab8.woff
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
28e5a7bc5703c00c8bc6fd0cfe45a3088e0a88a7862d206bb93f6cba655157ff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Origin
https://lucky-mercurial-camera.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"6356e7a5-3800"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=527536
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816688_34901615_466605760_62_12184_38_0_255";dur=1
accept-ranges
bytes
content-length
14336
x-node
war-machine-01.idmeinc.net
Poppins-Medium-a5829f09868f62506459177f6872e751d023527e6cfd42525bce8d1c33365003.woff
api.id.me/assets/ 		67 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/Poppins-Medium-a5829f09868f62506459177f6872e751d023527e6cfd42525bce8d1c33365003.woff
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6dfdf411a70ae4d26942efdf1034e66976435758d29f2a7d556d77e08b9e2412

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Origin
https://lucky-mercurial-camera.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"63cdf378-10b04"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=928858
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816688_34901615_466605761_125_12062_38_0_255";dur=1
accept-ranges
bytes
content-length
68356
x-node
war-machine-10.idmeinc.net
Poppins-Regular-f7d5d006eb67f9f5b1499b3140f4cedbe8e0d4d500810216a022e3acd64fb989.woff
api.id.me/assets/ 		67 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/Poppins-Regular-f7d5d006eb67f9f5b1499b3140f4cedbe8e0d4d500810216a022e3acd64fb989.woff
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ad5fb58ad11730ef707d4f28db7a83ec4804bb3e8373dc69bedd94cd7a872efc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Origin
https://lucky-mercurial-camera.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"6356e7a6-10b84"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=1726043
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816688_34901615_466605759_137_11993_38_0_255";dur=1
accept-ranges
bytes
content-length
68484
x-node
war-machine-05.idmeinc.net
facebook-116f6267ff4d14d3dd98fcf4e3dc9931cf5fba014bf16d44a17fd791d05201fd.svg
api.id.me/assets/icons/login/ 		1 KB
809 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.id.me/assets/icons/login/facebook-116f6267ff4d14d3dd98fcf4e3dc9931cf5fba014bf16d44a17fd791d05201fd.svg
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
10737a20653122a358d1eb32dbb940fb9b09e7721a3e669e502851c63cf05910

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"6356e7a5-21d"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=962384
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816596_34901615_466605740_43_12423_38_0_146";dur=1
accept-ranges
bytes
content-length
541
x-node
war-machine-01.idmeinc.net
google-a43b7bcd4be906d16c347ac7c53f07ebae6f75732b8a8038844b95b737b90ffa.svg
api.id.me/assets/icons/login/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.id.me/assets/icons/login/google-a43b7bcd4be906d16c347ac7c53f07ebae6f75732b8a8038844b95b737b90ffa.svg
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
88287bf73c699b030a6dd9a581ca97d4771ef04bb699acec172629d25dc3b457

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"6356e7a5-3be"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=642886
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816610_34901615_466605743_104_12494_38_0_219";dur=1
accept-ranges
bytes
content-length
958
x-node
war-machine-13.idmeinc.net
apple-a7464638f21272811259a7dec32cb0ea2a95080256372ea5640b9a78395d9fd4.svg
api.id.me/assets/icons/login/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.id.me/assets/icons/login/apple-a7464638f21272811259a7dec32cb0ea2a95080256372ea5640b9a78395d9fd4.svg
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
148242d360df5aa8ec82f16d037a6244c815fd56978d7a4f1979b43e285fa39e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"6356e7a5-36c"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2507892
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816611_34901615_466605744_106_12370_38_0_219";dur=1
content-length
876
x-node
war-machine-13.idmeinc.net
linkedin-da38d5cac6618d9aad720407d94fbe0b1275531502044ed173de95da2ee3ce3c.svg
api.id.me/assets/icons/login/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.id.me/assets/icons/login/linkedin-da38d5cac6618d9aad720407d94fbe0b1275531502044ed173de95da2ee3ce3c.svg
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
a229e323ff491babb44e0a4bfde9dded15f70886c84b2e09e606552631cd71fa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"6356e7a5-303"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=337486
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816611_34901615_466605745_107_12356_38_0_219";dur=1
accept-ranges
bytes
content-length
771
x-node
war-machine-04.idmeinc.net
OpenSans-Bold-13cd71fff17a279d6c6c8fe515396b6a9898a0e46c26bca41a031a7ee652e227.woff
api.id.me/assets/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/OpenSans-Bold-13cd71fff17a279d6c6c8fe515396b6a9898a0e46c26bca41a031a7ee652e227.woff
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9d5575173e17b34916779d395ad1fdbe82e3a463fbad9813bfc83b334bf12265

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Origin
https://lucky-mercurial-camera.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"6356e7a5-3764"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=2058274
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816688_34901615_466605758_42_12159_38_0_255";dur=1
accept-ranges
bytes
content-length
14180
x-node
war-machine-07.idmeinc.net
idme-icons-c3564b493883649310630f8dc6dade2afa6abb524883066ed094b32dea58659e.woff
api.id.me/assets/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/idme-icons-c3564b493883649310630f8dc6dade2afa6abb524883066ed094b32dea58659e.woff
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c4a4d40db319f197884cc8538d396f575aa7cc301e4b975d3ced688f572dbb09

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Origin
https://lucky-mercurial-camera.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"6356e7a5-e90"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=606421
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816687_34901615_466605757_46_12095_38_0_255";dur=1
accept-ranges
bytes
content-length
3728
x-node
war-machine-11.idmeinc.net
OpenSans-f965889da0ef7fe9f91270decb4638eafb62e358ac08b974059512f9b4fa099b.woff
api.id.me/assets/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/OpenSans-f965889da0ef7fe9f91270decb4638eafb62e358ac08b974059512f9b4fa099b.woff
Requested by
Host: api.id.me
URL: https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cfda84577729425a91460b1220d5ed31b76bb0f63e1bd55014c35127798eb355

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://api.id.me/assets/application-c6cdac8cc7b544f9643842060f1574756a06e867819201be2288325e80d8595c.css
Origin
https://lucky-mercurial-camera.glitch.me
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"65a41ecf-37b4"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=413340
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816687_34901615_466605756_50_12053_38_0_255";dur=1
accept-ranges
bytes
content-length
14260
x-node
war-machine-20.idmeinc.net
favicon-3b57957bde0ba341f2e080013aa6d42d303e29a4594c8f231c013514b22241f0.ico
api.id.me/assets/icons/favicon/ 		1 KB
723 B 		Other
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/icons/favicon/favicon-3b57957bde0ba341f2e080013aa6d42d303e29a4594c8f231c013514b22241f0.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09fe42dff8b0fb2b4ea51818ecd86fb540615a1f185bb98b40168638a9d8a563

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lucky-mercurial-camera.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
content-encoding
gzip
etag
"65a41ed0-1d0"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public, max-age=581172
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816888_34901615_466605790_69_11948_39_0_219";dur=1
content-length
464
x-node
war-machine-24.idmeinc.net
favicon-32x32-88474466ed084a8ad0cab7ddd9b1711a8b96e09d9fbeb769a1d3be9d5c728fa7.png
api.id.me/assets/icons/favicon/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://api.id.me/assets/icons/favicon/favicon-32x32-88474466ed084a8ad0cab7ddd9b1711a8b96e09d9fbeb769a1d3be9d5c728fa7.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f1c53c98d6a9488f4cb6748dbb6cce63b8c14e5969dddf1a459197c0dbb1f11b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://lucky-mercurial-camera.glitch.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 23:53:36 GMT
etag
"6356e7a6-5f1"
content-type
image/png
cache-control
public, max-age=732271
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1714866816942_34901615_466605804_38_12551_39_0_219";dur=1
accept-ranges
bytes
content-length
1521
x-node
war-machine-09.idmeinc.net

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
.clics.info/ Name: cf_clearance
Value: 8on8FpuimDdqklAPZmK9kc7f.o7q6_o.NTwsMx.AeCY-1714866815-1.0.1.1-lMxGyNq9usJv3IMo4LDph8ACaXuPRxRFF0qTQUO93IAYdZOLhYX0qMfauoEApXLQlvu5zuGNTER6l1rgWyqx8A

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.id.me
cdnjs.cloudflare.com
clics.info
fonts.googleapis.com
idme-production.s3.amazonaws.com
lucky-mercurial-camera.glitch.me
www.bing.com
www.irs.gov
104.17.25.14
172.67.130.250
2600:1401:2000:2ab::f50
2a00:1450:4001:81c::200a
2a02:26f0:3500:1b::1724:a392
2a02:26f0:ab00::214:8e73
3.232.209.174
52.216.154.164
037517434f1cd6a30b95cd8a3701adb1d971191e86cd3eb9f3af6c8be04f1d5e
09fe42dff8b0fb2b4ea51818ecd86fb540615a1f185bb98b40168638a9d8a563
10737a20653122a358d1eb32dbb940fb9b09e7721a3e669e502851c63cf05910
148242d360df5aa8ec82f16d037a6244c815fd56978d7a4f1979b43e285fa39e
1cce8f566bfa4ecbfd64096885e9a8e460789f470a85601725b8f3dd586870a1
28e5a7bc5703c00c8bc6fd0cfe45a3088e0a88a7862d206bb93f6cba655157ff
4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578
6d63881e43e08ef385e6c809b43b2b289a459fb2f30d5159000e2477d776b456
6dfdf411a70ae4d26942efdf1034e66976435758d29f2a7d556d77e08b9e2412
8372e089abe723278b49d5f8d89a2e6c80920a5633993a2b12a07b389f333b70
88287bf73c699b030a6dd9a581ca97d4771ef04bb699acec172629d25dc3b457
90c4f0951056e5a82b2150c8b3fe6d011a08ea2abc957453d080b8179504e2d7
937c7bd392e945cd2e1ee86cf47b357af016af281c2062d3249132c023f65f39
9d5575173e17b34916779d395ad1fdbe82e3a463fbad9813bfc83b334bf12265
a229e323ff491babb44e0a4bfde9dded15f70886c84b2e09e606552631cd71fa
a5288b02187f378022d6ae6c3da4cb9b992e6eadbca91f5db35cecd3e0533850
ad5fb58ad11730ef707d4f28db7a83ec4804bb3e8373dc69bedd94cd7a872efc
c47576302ee3e3045e7ab79fc4343b5316cd180d0ef46f1ce3a55d328bd7f5c3
c4a4d40db319f197884cc8538d396f575aa7cc301e4b975d3ced688f572dbb09
cfda84577729425a91460b1220d5ed31b76bb0f63e1bd55014c35127798eb355
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb439f785d33858dfe7300098e5f38c7ebb471ccfe409dde80df79c90c11e5e9
f1c53c98d6a9488f4cb6748dbb6cce63b8c14e5969dddf1a459197c0dbb1f11b
f572d48a10bfb645807b02d0f884bdf0d7e6188a01808ce47da1e67c00daaa0e
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e