darksex.info Open in urlscan Pro
2606:4700:3032::ac43:cab4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.studiobachiscaffidi.it/softaculous/
Effective URL:
https://darksex.info/-/auth/app/user.php
Submission: On September 04 via manual (September 4th 2023, 2:37:10 pm UTC) from DE — Scanned from DE

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 32 HTTP transactions. The main IP is 2606:4700:3032::ac43:cab4, located in United States and belongs to CLOUDFLARENET, US. The main domain is darksex.info.
TLS certificate: Issued by GTS CA 1P5 on July 27th 2023. Valid for: 3 months.

This is the only time darksex.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: targobank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	89.46.108.41 89.46.108.41	31034 (ARUBA-ASN) (ARUBA-ASN)
8 15	2606:4700:303... 2606:4700:3032::ac43:cab4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	145.226.174.154 145.226.174.154	8255 (EURO-INFO...) (EURO-INFORMATION)
1	91.235.133.188 91.235.133.188	30286 (THM) (THM)
32	5

1 89.46.108.41 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: webx1297.aruba.it

www.studiobachiscaffidi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3032::ac43:cab4 (United States) 8 redirects

ASN13335 (CLOUDFLARENET, US)

darksex.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 145.226.174.154 (France)

ASN8255 (EURO-INFORMATION, FR)

cdnii.e-i.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.133.188 (United States)

ASN30286 (THM, US)

ydkwim.targobank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	e-i.com cdnii.e-i.com — Cisco Umbrella Rank: 285935	295 KB
15	darksex.info 8 redirects darksex.info	25 KB
1	targobank.de ydkwim.targobank.de — Cisco Umbrella Rank: 434806	13 KB
1	studiobachiscaffidi.it www.studiobachiscaffidi.it	227 B
32	4

	Domain	Requested by
15	cdnii.e-i.com	darksex.info cdnii.e-i.com
15	darksex.info	8 redirects darksex.info
1	ydkwim.targobank.de	darksex.info
1	www.studiobachiscaffidi.it
32	4

This site contains no links.

Subject Issuer	Validity	Valid
*.studiobachiscaffidi.it Actalis Domain Validation Server CA G3	`2023-05-06` - `2024-06-05`	a year	crt.sh
darksex.info GTS CA 1P5	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.e-i.com GlobalSign RSA OV SSL CA 2018	`2023-06-26` - `2024-07-27`	a year	crt.sh
ydkwim.targobank.de DigiCert TLS RSA SHA256 2020 CA1	`2022-12-14` - `2024-01-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://darksex.info/-/auth/app/user.php
Frame ID: D5AA71E407495C018B3E320F67251E4E
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login Online Banking | TARGOBANK

Page URL History Show full URLs

https://www.studiobachiscaffidi.it/softaculous/ Page URL
https://darksex.info/-/auth HTTP 301
http://darksex.info/-/auth/ HTTP 301
https://darksex.info/-/auth/ HTTP 302
https://darksex.info/-/auth/app/index.php HTTP 302
https://darksex.info/-/auth/app/user.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Lightbox (JavaScript Libraries) Expand

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

32
Requests

63 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

329 kB
Transfer

1448 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.studiobachiscaffidi.it/softaculous/ Page URL
https://darksex.info/-/auth HTTP 301
http://darksex.info/-/auth/ HTTP 301
https://darksex.info/-/auth/ HTTP 302
https://darksex.info/-/auth/app/index.php HTTP 302
https://darksex.info/-/auth/app/user.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://darksex.info/-/auth/app/?laws HTTP 302
https://darksex.info/-/auth/app/user.php

Request Chain 17

https://darksex.info/-/auth/app/?laws HTTP 302
https://darksex.info/-/auth/app/user.php

Request Chain 18

https://darksex.info/-/auth/app/?laws HTTP 302
https://darksex.info/-/auth/app/user.php

Request Chain 19

https://darksex.info/-/auth/app/?laws HTTP 302
https://darksex.info/-/auth/app/user.php

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
www.studiobachiscaffidi.it/softaculous/ 74 B
227 B 133ms
46ms Document
text/html 89.46.108.41
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.studiobachiscaffidi.it/softaculous/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.46.108.41 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx1297.aruba.it
Software: aruba-proxy /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 04 Sep 2023 14:37:06 GMT
server: aruba-proxy
vary: Accept-Encoding
x-servername: ipvsproxy149.ad.aruba.it

GET
H3

200

Primary Request user.php Show response
darksex.info/-/auth/app/
Redirect Chain

https://darksex.info/-/auth
http://darksex.info/-/auth/
https://darksex.info/-/auth/
https://darksex.info/-/auth/app/index.php
https://darksex.info/-/auth/app/user.php

13 KB
4 KB

252ms
252ms

Document
text/html

2606:4700:3032::ac43:cab4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://darksex.info/-/auth/app/user.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.studiobachiscaffidi.it/softaculous/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8016f7ff49b3361f-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 04 Sep 2023 14:37:08 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqM9ZNYvSJnuOKiZVxsbCugLokKVU5it9%2B5djwmzeUQQqILguXVIWy9zAaKhSGQ4hP3ZPcRdqQlIimsAaSgbFzn0P2tXE4UslcIMhL6PgYJVT9X1pkZEp%2BwE5LNEce%2FjVp%2Fq5dUV7GflWnk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WordOps

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8016f7fd4ed6361f-FRA
content-type: text/html; charset=UTF-8
date: Mon, 04 Sep 2023 14:37:08 GMT
location: user.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D1lxDS7FtSlqrRxBi2xNLuouW7r4arQIxGJkb5eZaC8098Rx0E8C4K7BISCTI6AylCEbb55%2BpRgINm%2F4v3Wz%2F1SI43fizXgWWwIm3a72gjpbO2VGzjlktDpIv86ruKii73q9g7j%2BE2o%2FA0Y%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WordOps

GET
H3

200

user.php Show response
darksex.info/-/auth/app/
Redirect Chain

https://darksex.info/-/auth/app/?laws
https://darksex.info/-/auth/app/user.php

13 KB
4 KB

376ms
375ms

Script
text/html

2606:4700:3032::ac43:cab4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://darksex.info/-/auth/app/user.php

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

Server

2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/-/auth/app/user.php
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Mon, 04 Sep 2023 14:37:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IiwL7AG9xI78HPw%2BaOJ3CX0F%2B2nRMxIZ8ua3E74NrXo8CVyBqoHAJAzQ2jkaJ%2FkuoRvvaa%2ByijoC0rwgfZSvo57LYriPemLBXnzsDZM65c4FDnBPr4eLUC10HtN%2B9rlQJvL2ikwtdg92lu4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 8016f801fd8e361f-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date: Mon, 04 Sep 2023 14:37:08 GMT
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: WordOps
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ws5VZ%2Fv40GcwXkfjsKfad9P5Vprhg5%2F7CaUFmpwDGweFZVNR3ObTve%2BIMg6SNgzNqV94sgydQ0LUKHmh4K18yVgdEdg%2Fjgl4TeDIqqvS%2BqvV4DTHrLGAybwSJsMrQVEZySfKROBEUjS1wuU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: user.php
cf-ray: 8016f800ebf3361f-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK ei_base.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 752 KB
85 KB 116ms
30ms Stylesheet
text/css 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

10ba0effb9c3910637ba92a59c9f5562e2dd76954d4275ff57455cedbf9ab93a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "bbe34-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=50
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK jquery_ei.js Show response
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ 105 KB
37 KB 147ms
26ms Script
application/javascript 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/jquery_ei.js

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

bf446b764bc51ad54f00ecacb66d62a3d9ce67a5bf768db9f5fee94340e2d426

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "1a23a-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=49
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK devb_base.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 57 KB
10 KB 115ms
29ms Stylesheet
text/css 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/devb_base.css

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

3c80d0dfe22348e1d8cfc37e6b64dfb353daa4961b847e0a95a5e54ec8863348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "e2ba-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=50
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK ei_custom_responsive.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 106 KB
12 KB 116ms
31ms Stylesheet
text/css 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_custom_responsive.css

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

ed9403031e40e51b0eed6f141270fcd12a543a5018ee53cbf03e0fe02c95a67d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "1a7e2-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=50
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK auth.js Show response
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ 939 B
846 B 149ms
27ms Script
application/javascript 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/auth.js

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

f3087ccba6634e5434bf86dbdc9583a7ad8ef4953ab99223883548d449a94b34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "3ab-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=49
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK ei_needscript.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 10 KB
2 KB 118ms
31ms Stylesheet
text/css 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_needscript.css

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

cbdcf2ea8f4d64060463a8429d20ed497be36146a4de14ab7c6cc7aef722f1f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "28af-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=50
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK ei_custom_tile.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 111 KB
13 KB 120ms
33ms Stylesheet
text/css 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_custom_tile.css

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

8bbbebccaba8e0296e91d0118aa7e60a1cf7a947dacfa1d9c395d218fe13d437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "1bc48-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=50
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK ei_custom_identification.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ 8 KB
2 KB 119ms
32ms Stylesheet
text/css 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ei_custom_identification.css

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

344b4143622b5c8814e8c3f3b1bfa6f4f9c336fd37066064eed44ede0da8d9a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "1ee1-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=50
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK display.js Show response
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/SDTK/ 6 KB
3 KB 149ms
27ms Script
application/javascript 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/SDTK/display.js

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

c0f2427a6d94e5d304775bd674cf7eba9ef2182939bf0705fa0fedf7001b9a36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "1760-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=49
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK lightbox.js Show response
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ 1 KB
1 KB 166ms
26ms Script
application/javascript 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/lightbox.js

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

92ba41aa9873d8f826083e78bbc5ead09ea62f3d2e13dfc453765c9aae1a16f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "52f-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=49
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK tracking_event.js Show response
cdnii.e-i.com/WEBO/sd/wat/1.0.12//javascripts/ 5 KB
2 KB 172ms
27ms Script
application/javascript 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/WEBO/sd/wat/1.0.12//javascripts/tracking_event.js

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

1e1d86b1154ee380b5200b0aedeb3a4fd302c1b4e0efb925317ff733b1dee220

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Fri, 14 Apr 2023 09:01:19 GMT
Server: eiws
ETag: "13ff-5f948159b15c0-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=49
Expires: Sat, 14 Oct 2023 14:37:08 GMT

GET
H/1.1 200
OK tags.js Show response
ydkwim.targobank.de/fp/ 95 KB
13 KB 64ms
17ms Script
text/javascript 91.235.133.188
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://ydkwim.targobank.de/fp/tags.js?org_id=dixnx85s&page_id=1&session_id=TARGO-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.188 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

7e64e04ebc3ad952377534db1564c160274699976eed4d1154b81384794dfba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
X-Robots-Tag: noindex, nofollow
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET loginpage.css
darksex.info/-/auth/html/css/ 0
0

GET
H3 404 m.js
darksex.info/-/auth/app/inc/ 0
0 15ms
14ms Script
text/html 2606:4700:3032::ac43:cab4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://darksex.info/-/auth/app/inc/m.js

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/-/auth/app/user.php
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Mon, 04 Sep 2023 14:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 103
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdvOuh2HzTqKw6My6w2MsuOybK%2BtgNRUjyCaE%2BKNcE4%2Bz1kyAWHRL6SsqfGtV%2BWqRQveUVA9xvu3V%2BeUjGVtwoY3OVGpI6%2FoJSVXGrsWaIEcjg%2BDXARRWLpgnss8kYgoxoTEodAvkvrhLyQ%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400, no-transform
cf-ray: 8016f800ebf8361f-FRA

GET
H3 404 cv.js
darksex.info/-/auth/app/inc/ 0
0 15ms
15ms Script
text/html 2606:4700:3032::ac43:cab4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://darksex.info/-/auth/app/inc/cv.js

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/-/auth/app/user.php
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Mon, 04 Sep 2023 14:37:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 103
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLxZzSIsIrKgLzYE2pklmJlePLkZSyVZef8Pfry4ndtDzbqvJBsvUeYIKrqyzITMObjltdL%2F7RVZluaZPLhjXvXTfMMEo7IKwvSCswZOMUM9nduAvi1Z9%2BnLZ%2BfrE9OPl%2B9Cu10JqX2wGig%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400, no-transform
cf-ray: 8016f800ebfb361f-FRA

GET
H3

200

user.php Show response
darksex.info/-/auth/app/
Redirect Chain

https://darksex.info/-/auth/app/?laws
https://darksex.info/-/auth/app/user.php

13 KB
4 KB

247ms
247ms

Script
text/html

2606:4700:3032::ac43:cab4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://darksex.info/-/auth/app/user.php

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

Server

2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/-/auth/app/user.php
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Mon, 04 Sep 2023 14:37:09 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KPwqFrc%2FrrTtcQpempvzdTB9Qf5aWIupmWms5bStdcS7EkiQEfiuToSQ5D1guS1t9M%2BhdqBqpxCrJcR54fqT6pzf747mvQvOHbUKSi2%2F0cni69zD5gJTdjejmATt1nn1RQi%2FSHhx4caJ%2F6E%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 8016f805cafa361f-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date: Mon, 04 Sep 2023 14:37:09 GMT
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: WordOps
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQGVjR%2BEQNr8xTfjR6sBbQlFOS%2B%2BMcc1PCEF64J4dMtUFFvODR18IFTJjH1pvTkW7Gv4jRkXWvRsW0%2BkGjAaiACV3Yr6NTcJ4zkJqq5SNr%2BmlgdsiAzJCNgbMtb07LPMAusK356OzBT0rHo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: user.php
cf-ray: 8016f804b973361f-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

user.php Show response
darksex.info/-/auth/app/
Redirect Chain

https://darksex.info/-/auth/app/?laws
https://darksex.info/-/auth/app/user.php

13 KB
4 KB

452ms
452ms

Script
text/html

2606:4700:3032::ac43:cab4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://darksex.info/-/auth/app/user.php

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

Server

2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/-/auth/app/user.php
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Mon, 04 Sep 2023 14:37:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XaIuqKDMwTCBVJLW7E%2F%2BA0yhWmg4djyg3i5caMOkJoluB%2F2O1DNrEaQWMNItOA%2Fm0Mub2fyq937pxd585ggxFOdCj1VO4%2FKEm%2FnykGd7FSvrfqmU9RR4vEMwx5l8vRG2s1%2F7mlTmbjXUbfg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 8016f8086ed8361f-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date: Mon, 04 Sep 2023 14:37:09 GMT
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: WordOps
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wZP9IQeayfroIhNg1oQlBAFoNxjtcbmsY6EBtPnnsKapH5DMEY0nNXgVyaX8gaXvnZVPXF2s4q4V3zybLpm22WhG1ldof1a6tXOTIp3gmtuwZYZ0Y%2Bf2E2Zo0SYny35Q7iu8cZZRWhjbgGM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: user.php
cf-ray: 8016f8076d38361f-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

user.php Show response
darksex.info/-/auth/app/
Redirect Chain

https://darksex.info/-/auth/app/?laws
https://darksex.info/-/auth/app/user.php

13 KB
4 KB

252ms
252ms

Script
text/html

2606:4700:3032::ac43:cab4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://darksex.info/-/auth/app/user.php

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

Server

2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WordOps

Resource Hash

9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/-/auth/app/user.php
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

date: Mon, 04 Sep 2023 14:37:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: WordOps
alt-svc: h3=":443"; ma=86400
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2BXpjyZ5JJM%2BXtuaode03tEgltfJ7hmbakQ4ux4gCIZQRnVqtFpqYdG%2BOHUfT%2FBaHGwfU%2BROYyWY%2BDcMvQZT%2BcLk38ZJnSDkDwhcA%2FwINejKS4nAbitRW6uUdiCgAYgOWEj8bu9lCntos40%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 8016f80c5bf3361f-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date: Mon, 04 Sep 2023 14:37:10 GMT
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: WordOps
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dN3ReW5NL6RM6IUfgWa4alX5aitz%2FGQTXb87VotaTuSS0EdrnlpLtwfNfsDNIM9FyqzSfV5jd7%2FOav%2B77MjJ1AjY7VZiZrA0RBzAD8yUSLi1X585230IVpj7I2fPvIqUr%2B5Lv65GDFmSt%2FM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
location: user.php
cf-ray: 8016f80b4aaf361f-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK circular--400--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ 59 KB
59 KB 121ms
44ms Font
font/woff2 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/circular--400--normal.woff2

Requested by

Host: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Origin: https://darksex.info
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:10 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "eab8-5fd9e5c9ce700"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=50
Content-Length: 60088
Expires: Sat, 14 Oct 2023 14:37:10 GMT

GET
H/1.1 200
OK logo.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/ 3 KB
2 KB 27ms
27ms Image
image/svg+xml 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/logo.svg

Requested by

Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://darksex.info/
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:10 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "d1a-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=49
Expires: Sat, 14 Oct 2023 14:37:10 GMT

GET loginpage.css
darksex.info/-/auth/html/css/ 0
0

GET
H/1.1 200
OK targobank_icon_white.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/ 1 KB
1 KB 28ms
28ms Image
image/svg+xml 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/targobank_icon_white.svg

Requested by

Host: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ei_custom_identification.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ei_custom_identification.css
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:10 GMT
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "54f-5fd9e5c9ce700-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=48
Expires: Sat, 14 Oct 2023 14:37:10 GMT

GET
H/1.1 200
OK circular--700--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ 66 KB
67 KB 29ms
29ms Font
font/woff2 145.226.174.154
EURO-INFORMATION

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/circular--700--normal.woff2

Requested by

Host: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),

Reverse DNS

Software

eiws /

Resource Hash

1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Origin: https://darksex.info
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date: Mon, 04 Sep 2023 14:37:10 GMT
Strict-Transport-Security: max-age=31536000
Last-Modified: Thu, 08 Jun 2023 13:38:04 GMT
Server: eiws
ETag: "1090c-5fd9e5c9ce700"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: max-age=3456000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=49
Content-Length: 67852
Expires: Sat, 14 Oct 2023 14:37:10 GMT

GET fts_picto.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ 0
0

GET loginpage.css
darksex.info/-/auth/html/css/ 0
0

GET service_online-sicherheit.jpg
darksex.info/-/auth/html/img/ 0
0

GET tan-verfahren.jpg
darksex.info/-/auth/html/img/ 0
0

GET banking-app-620x450.jpg
darksex.info/-/auth/html/img/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: darksex.info
URL: https://darksex.info/-/auth/html/css/loginpage.css

Domain: darksex.info
URL: https://darksex.info/-/auth/html/css/loginpage.css

Domain: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/fts_picto.woff2

Domain: darksex.info
URL: https://darksex.info/-/auth/html/css/loginpage.css

Domain: darksex.info
URL: https://darksex.info/-/auth/html/css/loginpage.css

Domain: darksex.info
URL: https://darksex.info/-/auth/html/img/service_online-sicherheit.jpg

Domain: darksex.info
URL: https://darksex.info/-/auth/html/img/tan-verfahren.jpg

Domain: darksex.info
URL: https://darksex.info/-/auth/html/img/banking-app-620x450.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: targobank (Banking)

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			darksex.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: iooq10bdit3erlk1otlfine65j
			ydkwim.targobank.de/	1970-01-21 00:06:38	Name: thx_guid Value: 5915059b3aaa066bf808fdce2da2b006

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://darksex.info/-/auth/app/user.php Message: Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network	error	URL: https://darksex.info/-/auth/app/inc/m.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://darksex.info/-/auth/app/inc/cv.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://darksex.info/-/auth/app/user.php Message: Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php Message: Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php Message: Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php Message: Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php(Line 21) Message: Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php(Line 21) Message: Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php(Line 21) Message: Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php Message: Refused to execute script from 'https://darksex.info/-/auth/app/inc/m.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://darksex.info/-/auth/app/user.php Message: Refused to execute script from 'https://darksex.info/-/auth/app/inc/cv.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://darksex.info/-/auth/html/img/tan-verfahren.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://darksex.info/-/auth/html/img/banking-app-620x450.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://darksex.info/-/auth/html/img/service_online-sicherheit.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnii.e-i.com
darksex.info
www.studiobachiscaffidi.it
ydkwim.targobank.de
cdnii.e-i.com
darksex.info
145.226.174.154
2606:4700:3032::ac43:cab4
89.46.108.41
91.235.133.188
10ba0effb9c3910637ba92a59c9f5562e2dd76954d4275ff57455cedbf9ab93a
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
1e1d86b1154ee380b5200b0aedeb3a4fd302c1b4e0efb925317ff733b1dee220
344b4143622b5c8814e8c3f3b1bfa6f4f9c336fd37066064eed44ede0da8d9a2
3c80d0dfe22348e1d8cfc37e6b64dfb353daa4961b847e0a95a5e54ec8863348
475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
7e64e04ebc3ad952377534db1564c160274699976eed4d1154b81384794dfba6
8bbbebccaba8e0296e91d0118aa7e60a1cf7a947dacfa1d9c395d218fe13d437
92ba41aa9873d8f826083e78bbc5ead09ea62f3d2e13dfc453765c9aae1a16f1
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
bf446b764bc51ad54f00ecacb66d62a3d9ce67a5bf768db9f5fee94340e2d426
c0f2427a6d94e5d304775bd674cf7eba9ef2182939bf0705fa0fedf7001b9a36
cbdcf2ea8f4d64060463a8429d20ed497be36146a4de14ab7c6cc7aef722f1f6
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
ed9403031e40e51b0eed6f141270fcd12a543a5018ee53cbf03e0fe02c95a67d
f3087ccba6634e5434bf86dbdc9583a7ad8ef4953ab99223883548d449a94b34

darksex.info Open in urlscan Pro 2606:4700:3032::ac43:cab4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

63 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

329 kBTransfer

1448 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

darksex.info Open in urlscan Pro
2606:4700:3032::ac43:cab4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

63 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

329 kB
Transfer

1448 kB
Size

2
Cookies

32 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!