urlscan.io logo urlscan.io
SecurityTrails logo

darksex.info Open in urlscan Pro
2606:4700:3032::ac43:cab4  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bel1taxi.be/noel
Effective URL: https://darksex.info/-/auth/app/user.php
Submission: On September 05 via api from IE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 33 HTTP transactions. The main IP is 2606:4700:3032::ac43:cab4, located in United States and belongs to CLOUDFLARENET, US. The main domain is darksex.info.
TLS certificate: Issued by GTS CA 1P5 on July 27th 2023. Valid for: 3 months.
This is the only time darksex.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: targobank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2 2a01:7c8:f0:1... 34762 (COMBELL-AS)
8 17 2606:4700:303... 13335 (CLOUDFLAR...)
17 145.226.174.154 8255 (EURO-INFO...)
1 91.235.133.188 30286 (THM)
33 5
Apex Domain
Subdomains		 Transfer
17 e-i.com
cdnii.e-i.com — Cisco Umbrella Rank: 285935
373 KB
17 darksex.info
darksex.info
25 KB
2 bel1taxi.be
bel1taxi.be
272 B
1 targobank.de
ydkwim.targobank.de — Cisco Umbrella Rank: 434806
13 KB
33 4
Domain Requested by
17 cdnii.e-i.com darksex.info
cdnii.e-i.com
17 darksex.info 8 redirects darksex.info
2 bel1taxi.be 1 redirects
1 ydkwim.targobank.de darksex.info
33 4

This site contains links to these domains. Also see Links.

Domain
www.bsi.bund.de
www.targobank.de
Subject Issuer Validity Valid
bel1taxi.be
R3		 2023-09-04 -
2023-12-03		 3 months crt.sh
darksex.info
GTS CA 1P5		 2023-07-27 -
2023-10-25		 3 months crt.sh
*.e-i.com
GlobalSign RSA OV SSL CA 2018		 2023-06-26 -
2024-07-27		 a year crt.sh
ydkwim.targobank.de
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-14 -
2024-01-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://darksex.info/-/auth/app/user.php
Frame ID: BB0D474E5EC80EFE7B82C77BF1913E04
Requests: 33 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Online Banking | TARGOBANK

Page URL History Show full URLs

  1. https://bel1taxi.be/noel HTTP 301
    https://bel1taxi.be/noel/ Page URL
  2. https://darksex.info/-/auth HTTP 301
    http://darksex.info/-/auth/ HTTP 301
    https://darksex.info/-/auth/ HTTP 302
    https://darksex.info/-/auth/app/index.php HTTP 302
    https://darksex.info/-/auth/app/user.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

33
Requests

73 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

407 kB
Transfer

1526 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bel1taxi.be/noel HTTP 301
    https://bel1taxi.be/noel/ Page URL
  2. https://darksex.info/-/auth HTTP 301
    http://darksex.info/-/auth/ HTTP 301
    https://darksex.info/-/auth/ HTTP 302
    https://darksex.info/-/auth/app/index.php HTTP 302
    https://darksex.info/-/auth/app/user.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bel1taxi.be/noel HTTP 301
  • https://bel1taxi.be/noel/
Request Chain 1
  • https://darksex.info/-/auth/app/?laws HTTP 302
  • https://darksex.info/-/auth/app/user.php
Request Chain 17
  • https://darksex.info/-/auth/app/?laws HTTP 302
  • https://darksex.info/-/auth/app/user.php
Request Chain 18
  • https://darksex.info/-/auth/app/?laws HTTP 302
  • https://darksex.info/-/auth/app/user.php
Request Chain 19
  • https://darksex.info/-/auth/app/?laws HTTP 302
  • https://darksex.info/-/auth/app/user.php

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
bel1taxi.be/noel/
Redirect Chain
  • https://bel1taxi.be/noel
  • https://bel1taxi.be/noel/
74 B
172 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bel1taxi.be/noel/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:7c8:f0:1071:0:1:dc:c25c , Netherlands, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 14:25:32 GMT
server
nginx

Redirect headers

content-length
233
content-type
text/html; charset=iso-8859-1
date
Tue, 05 Sep 2023 14:25:32 GMT
location
https://bel1taxi.be/noel/
server
nginx
Primary Request user.php
darksex.info/-/auth/app/
Redirect Chain
  • https://darksex.info/-/auth
  • http://darksex.info/-/auth/
  • https://darksex.info/-/auth/
  • https://darksex.info/-/auth/app/index.php
  • https://darksex.info/-/auth/app/user.php
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://darksex.info/-/auth/app/user.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bel1taxi.be/noel/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
801f2473b94b0b40-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 14:25:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ob4ImxEFR723jOztBwguyA0%2FLqbLEobuI8Xf9XLDrv26dlfC4W1S6xxhQqGEoR%2FYjwuMzQssOasf%2Ft883httZ%2F9ib0eI8X%2BiuC35rQ166t7Bkqx%2F7KzWWwXfTWHd5Mj7Ji%2FpxQsFAL28N3c%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
WordOps

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
801f24703b970b40-AMS
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 14:25:35 GMT
location
user.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SizBVhJGTWjNecROD%2FRoGBmvQpfnbxhgvzvdIeo95AACM%2FoaavcTptqClURfhI8a6KBhdzfpt6O0U730ved6ZmSBl8y3SHbsd%2FaWibt3Ds04HhOKt%2BV646hZKs4vCFEw%2B72AWnT5e4EZWmY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
WordOps
user.php
darksex.info/-/auth/app/
Redirect Chain
  • https://darksex.info/-/auth/app/?laws
  • https://darksex.info/-/auth/app/user.php
13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://darksex.info/-/auth/app/user.php
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:36 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAAcENPeCq%2B957y994IrJ1ySCNijaLa2h6LD3Iz%2F%2FBHgIamT7%2F0KkVdhTdkeCVlSNP8n6Ielp9QMxLaDMP1o%2FvG8PNGOJJwibaC%2FKdMlb1rHRNxiO7XvTKsyfU3gWI81gf7lJWj3zsI%2FuhE%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
801f2477efc10b40-AMS
expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date
Tue, 05 Sep 2023 14:25:35 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
WordOps
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f1Sg3%2Fgk4xeSfxx6k81xjD6ZWdkFbIZpgfcZxhiwdg8eS5fulHZ%2Fj0VuMBBdnmeAsbWjbNhiHZ9YOeQAqJ8qhgIgmutevM3HWmwxUDozlUFC2vwgEOYZ8pD45cQSfHlZ%2BNr2prH9cqjDKPo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
location
user.php
cf-ray
801f24769d6c0b40-AMS
alt-svc
h3=":443"; ma=86400
ei_base.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 		752 KB
85 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
10ba0effb9c3910637ba92a59c9f5562e2dd76954d4275ff57455cedbf9ab93a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"bbe34-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Expires
Sun, 15 Oct 2023 14:25:35 GMT
jquery_ei.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ 		105 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/jquery_ei.js
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
bf446b764bc51ad54f00ecacb66d62a3d9ce67a5bf768db9f5fee94340e2d426
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"1a23a-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=49
Expires
Sun, 15 Oct 2023 14:25:35 GMT
devb_base.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 		57 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/devb_base.css
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
3c80d0dfe22348e1d8cfc37e6b64dfb353daa4961b847e0a95a5e54ec8863348
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"e2ba-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Expires
Sun, 15 Oct 2023 14:25:35 GMT
ei_custom_responsive.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 		106 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_custom_responsive.css
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
ed9403031e40e51b0eed6f141270fcd12a543a5018ee53cbf03e0fe02c95a67d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"1a7e2-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Expires
Sun, 15 Oct 2023 14:25:35 GMT
auth.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ 		939 B
846 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/auth.js
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
f3087ccba6634e5434bf86dbdc9583a7ad8ef4953ab99223883548d449a94b34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"3ab-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=49
Expires
Sun, 15 Oct 2023 14:25:35 GMT
ei_needscript.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_needscript.css
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
cbdcf2ea8f4d64060463a8429d20ed497be36146a4de14ab7c6cc7aef722f1f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"28af-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Expires
Sun, 15 Oct 2023 14:25:35 GMT
ei_custom_tile.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ 		111 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_custom_tile.css
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
8bbbebccaba8e0296e91d0118aa7e60a1cf7a947dacfa1d9c395d218fe13d437
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"1bc48-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Expires
Sun, 15 Oct 2023 14:25:35 GMT
ei_custom_identification.css
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ei_custom_identification.css
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
344b4143622b5c8814e8c3f3b1bfa6f4f9c336fd37066064eed44ede0da8d9a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"1ee1-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Expires
Sun, 15 Oct 2023 14:25:35 GMT
display.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/SDTK/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/SDTK/display.js
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
c0f2427a6d94e5d304775bd674cf7eba9ef2182939bf0705fa0fedf7001b9a36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:35 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"1760-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=49
Expires
Sun, 15 Oct 2023 14:25:35 GMT
lightbox.js
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/javascript/appli/lightbox.js
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
92ba41aa9873d8f826083e78bbc5ead09ea62f3d2e13dfc453765c9aae1a16f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:36 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"52f-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=49
Expires
Sun, 15 Oct 2023 14:25:36 GMT
tracking_event.js
cdnii.e-i.com/WEBO/sd/wat/1.0.12//javascripts/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/WEBO/sd/wat/1.0.12//javascripts/tracking_event.js
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
1e1d86b1154ee380b5200b0aedeb3a4fd302c1b4e0efb925317ff733b1dee220
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:36 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2023 09:01:19 GMT
Server
eiws
ETag
"13ff-5f948159b15c0-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=49
Expires
Sun, 15 Oct 2023 14:25:36 GMT
tags.js
ydkwim.targobank.de/fp/ 		95 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ydkwim.targobank.de/fp/tags.js?org_id=dixnx85s&page_id=1&session_id=TARGO-2023-08-13-13-18-58-120-0434041d-71be-427f-a653-1ad591aac0d6
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.188 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
ca1ea031255ee7a6d9693f9f51def657c5ed2633adca36c83d965bab868ac7ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:36 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
CP=IVAa PSAa
Connection
Keep-Alive, Keep-Alive
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
X-Robots-Tag
noindex, nofollow
Keep-Alive
timeout=2, max=100
Expires
Thu, 01 Jan 1970 00:00:00 GMT
loginpage.css
darksex.info/-/auth/html/css/ 		0
0
m.js
darksex.info/-/auth/app/inc/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darksex.info/-/auth/app/inc/m.js
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7iyP3xb%2FfmelLogfJ0%2B5d7GKDa8clPKkFKDkdnI9AGomgebYC86wOFNQDn7MQRgnDCdaGsmjK8Vu4ioRkOis04GCQtENx6VRHcGKrlJmiemyhxiRBoHm37R4XXwv8HOCxrsRTSIYq%2FVKbAI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=14400, no-transform
cf-ray
801f24769d6f0b40-AMS
cv.js
darksex.info/-/auth/app/inc/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darksex.info/-/auth/app/inc/cv.js
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OL1M0DSRDrysoPj5RHBNjEWEKN3B%2Bw3Uvnyzu2dhwMYMI0nKMNAUVK3w3kbI%2F1FlO3k69BBZ5dSW9XU4prNeOPPllI2BeIPy%2BaFIPmpfQRKo6Ug5wvIxQwAESTnSJAO9cBUYGEzJXFXjEdc%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=14400, no-transform
cf-ray
801f24769d710b40-AMS
user.php
darksex.info/-/auth/app/
Redirect Chain
  • https://darksex.info/-/auth/app/?laws
  • https://darksex.info/-/auth/app/user.php
13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://darksex.info/-/auth/app/user.php
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0elkKW1q8iEBrBQYMf%2BMzHeuY2WMHXFM6PcZD67vJnb1jA6K8wUD11hjxuJpoHg%2Fli5Wwr%2FueHBxxi5DH5vTJLnc6w41wvFxFUtH6wAWA%2Bx2giPok13f22CMkt2ILdfUr1v2PjVoKZG0dpI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
801f247b4dd90b40-AMS
expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date
Tue, 05 Sep 2023 14:25:36 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
WordOps
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PRltdKdT%2Bhw3kos8NNJQd2NwNsG46Pj%2F4YPhpdtnvmRjmNxhSeulZF1SssG3521vUE7mED5ONfzR1d1RzX5SQS1sQCSNFm%2F7Slm9eNwExFX0b1uaBcKyLO2CDQzybeFmbp8fBtf%2BzTPj8fs%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
location
user.php
cf-ray
801f247a0bd10b40-AMS
alt-svc
h3=":443"; ma=86400
user.php
darksex.info/-/auth/app/
Redirect Chain
  • https://darksex.info/-/auth/app/?laws
  • https://darksex.info/-/auth/app/user.php
13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://darksex.info/-/auth/app/user.php
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:37 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7Ir4zkQimgIyzK1%2BBH%2BHbOgNNaNHzQ4nh0N%2B7I1sWZjC4DvjSO7WB1j0yH3ZZWchNGJRKz%2BvnAE5OU1pvguf0QqYGUKUMgCb226eq7M3%2BXu8sMjXLuNuWvu%2BrD6sOcZ%2B7Cd0aqdEjah8UY%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
801f24802d810b40-AMS
expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date
Tue, 05 Sep 2023 14:25:37 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
WordOps
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkP3sLwo9nbxLo6q0vxJ0XTrA0Jg4WRXxybRbwBS2PEY7q%2FTUkigqahfWE05F8OsBzWSJmCAZIti68Z3E%2By%2FGIHZUIicvwJEGYP1ZxiMbc6mLxs3NVeRPB0iSqlwYNkfES6ga9kINMNEXlI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
location
user.php
cf-ray
801f247eeb890b40-AMS
alt-svc
h3=":443"; ma=86400
user.php
darksex.info/-/auth/app/
Redirect Chain
  • https://darksex.info/-/auth/app/?laws
  • https://darksex.info/-/auth/app/user.php
13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://darksex.info/-/auth/app/user.php
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:38 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LzAaqEzgmqNhmjyWTHZi0cVDxDYeT1wWUs1G%2BlJkXdtEU4SZW5LrbXVEaTev9naRj7zLCYX509cbFLMt%2BO9TK93GXv8JanWjDEum312%2FQ6VYYkemCNomtRZ3shHDgm964fgi3g%2B7To5vEPY%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate
cf-ray
801f24849cda0b40-AMS
expires
Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date
Tue, 05 Sep 2023 14:25:37 GMT
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
WordOps
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=70W527%2FIhwe5cmeXZ9aANOHNMoubXRD60vLEfd85GjYUicVQ12%2BCbiSS4%2FsHF93Gll0WpfPcHmyNi6Dc%2BS5uaSWsseHWrwRconmGFZcBrMevz2%2B6nNdQiJAaWFbykk1%2BKHtbe0caBRuKo1c%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
location
user.php
cf-ray
801f24835a960b40-AMS
alt-svc
h3=":443"; ma=86400
circular--400--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ 		59 KB
59 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/circular--400--normal.woff2
Requested by
Host: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Origin
https://darksex.info
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:37 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"eab8-5fd9e5c9ce700"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Content-Length
60088
Expires
Sun, 15 Oct 2023 14:25:37 GMT
logo.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/logo.svg
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:37 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"d1a-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=49
Expires
Sun, 15 Oct 2023 14:25:37 GMT
loginpage.css
darksex.info/-/auth/html/css/ 		0
0
targobank_icon_white.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/targobank_icon_white.svg
Requested by
Host: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ei_custom_identification.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/appli/ei_custom_identification.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:38 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"54f-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=48
Expires
Sun, 15 Oct 2023 14:25:38 GMT
circular--700--normal.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ 		66 KB
67 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/circular--700--normal.woff2
Requested by
Host: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Origin
https://darksex.info
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:38 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"1090c-5fd9e5c9ce700"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=49
Content-Length
67852
Expires
Sun, 15 Oct 2023 14:25:38 GMT
fts_picto.woff2
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/ 		76 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/commun/fonts/fts_picto.woff2
Requested by
Host: cdnii.e-i.com
URL: https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
a5850616e81a1083429e862600597db59b3a5114291eae884ab2f9a7847dedc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/css/ei_base.css
Origin
https://darksex.info
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:38 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"13038-5fd9e5c9ce700"
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=50
Content-Length
77880
Expires
Sun, 15 Oct 2023 14:25:38 GMT
loginpage.css
darksex.info/-/auth/html/css/ 		0
0
loginpage.css
darksex.info/-/auth/html/css/ 		0
0
service_online-sicherheit.jpg
darksex.info/-/auth/html/img/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://darksex.info/-/auth/html/img/service_online-sicherheit.jpg
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKbueZo7CDMl%2FumMmopVvkCpCqFZNC5rQGz5m%2BvWj8vadpTYSi9gs4wJ%2FN1MXQikaomfb6M3n4KF3CZgWBrKf9s3DjdjLd9%2BmspZduNXHcQS3RKlUOuPZG6UBMPlk8Okmbc%2Bgm%2BYLpPAe6Q%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=14400, no-transform
cf-ray
801f2487aa010b40-AMS
tan-verfahren.jpg
darksex.info/-/auth/html/img/ 		548 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://darksex.info/-/auth/html/img/tan-verfahren.jpg
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:cab4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / WordOps
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/-/auth/app/user.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 14:25:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
WordOps
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/html
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q4qywal8BWM5aaeEIZe0eSH4EuB4OaIiS%2FfM40rI%2ByEKuNI1LyDecgu1%2FoEQoFsIWPbRxgW0gc33YviZZWbt60MhpDFCfvOFRJtpXXfaAuiFBA%2FuIDSYo1nCN7aD8J7S8qaAaST67Zn9yNs%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=14400, no-transform
cf-ray
801f2487aa030b40-AMS
banking-app-620x450.jpg
darksex.info/-/auth/html/img/ 		0
0
targobank_icon_white.svg
cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnii.e-i.com/INGR/sd/targobank_de_2019/0.107.39/de/images/css/perso/targobank_icon_white.svg
Requested by
Host: darksex.info
URL: https://darksex.info/-/auth/app/user.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
145.226.174.154 , France, ASN8255 (EURO-INFORMATION, FR),
Reverse DNS
Software
eiws /
Resource Hash
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://darksex.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Date
Tue, 05 Sep 2023 14:25:38 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Thu, 08 Jun 2023 13:38:04 GMT
Server
eiws
ETag
"54f-5fd9e5c9ce700-gzip"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=3456000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=47
Expires
Sun, 15 Oct 2023 14:25:38 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
darksex.info
URL
https://darksex.info/-/auth/html/css/loginpage.css
Domain
darksex.info
URL
https://darksex.info/-/auth/html/css/loginpage.css
Domain
darksex.info
URL
https://darksex.info/-/auth/html/css/loginpage.css
Domain
darksex.info
URL
https://darksex.info/-/auth/html/css/loginpage.css
Domain
darksex.info
URL
https://darksex.info/-/auth/html/img/banking-app-620x450.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: targobank (Banking)

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture undefined| jqueryIsLoaded boolean| jQueryIsLoaded function| $ function| jQuery function| Display function| OnEventDisplay function| OnEventDisplayOptions function| OnEventDisplayNew function| OnEventDisplayHelp function| setFontSize function| addFav function| setIFrameHeight function| setItemSel string| wlib_pid function| wlib_createCookie function| wlib_readCookie function| wlib_deleteCookie function| wlib_getNodeId function| wlib_swapDisplayInit function| wlib_swapDisplay function| wlib_show function| wlib_swapDisplayElements function| wlib_hideAll function| wlib_showAll object| wlib_http string| wlib_httpMethod string| wlib_httpUrl function| wlib_httpInit function| wlib_httpOpenToSend function| wlib_httpRefreshHtml function| wlib_initDisplays function| auto_fill number| numberOfFrames function| esd1_displayWait function| esd1_displayWaitAnim function| OpenLB function| CloseLB function| OpenLightBox function| CloseLightBox function| trackEvent function| GACEvent function| GUAEvent function| ATEvent function| PianoEvent function| TCEvent function| GTMEvent function| DCLICEvent function| MTMEvent function| trackCustomEvent boolean| triggeredFormSubmit boolean| formSubmitted function| submitForm function| submitFormOrCaptcha function| submitFormIfNecessary function| shouldSubmitForm function| tmx_post_session_params_fixed boolean| tmx_profiling_started function| tmx_run_page_fingerprinting string| cd

2 Cookies

Domain/Path Name / Value
darksex.info/ Name: PHPSESSID
Value: ag41gj1n8bk0dlo7thccpomqdv
ydkwim.targobank.de/ Name: thx_guid
Value: 4d73ef887efcc5142812fcb385f6bfda

15 Console Messages

Source Level URL
Text
security error URL: https://darksex.info/-/auth/app/user.php
Message:
Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://darksex.info/-/auth/app/inc/cv.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://darksex.info/-/auth/app/inc/m.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://darksex.info/-/auth/app/user.php
Message:
Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php
Message:
Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php
Message:
Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php
Message:
Refused to execute script from 'https://darksex.info/-/auth/app/user.php' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php(Line 21)
Message:
Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php(Line 21)
Message:
Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php(Line 21)
Message:
Refused to apply style from 'https://darksex.info/-/auth/html/css/loginpage.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php
Message:
Refused to execute script from 'https://darksex.info/-/auth/app/inc/m.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://darksex.info/-/auth/app/user.php
Message:
Refused to execute script from 'https://darksex.info/-/auth/app/inc/cv.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network error URL: https://darksex.info/-/auth/html/img/tan-verfahren.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://darksex.info/-/auth/html/img/service_online-sicherheit.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://darksex.info/-/auth/html/img/banking-app-620x450.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bel1taxi.be
cdnii.e-i.com
darksex.info
ydkwim.targobank.de
darksex.info
145.226.174.154
2606:4700:3032::ac43:cab4
2a01:7c8:f0:1071:0:1:dc:c25c
91.235.133.188
10ba0effb9c3910637ba92a59c9f5562e2dd76954d4275ff57455cedbf9ab93a
1aa3edd533940d94c1e417143713e5aaf22c2d269b0a205d611b770c6bb092c6
1e1d86b1154ee380b5200b0aedeb3a4fd302c1b4e0efb925317ff733b1dee220
344b4143622b5c8814e8c3f3b1bfa6f4f9c336fd37066064eed44ede0da8d9a2
3c80d0dfe22348e1d8cfc37e6b64dfb353daa4961b847e0a95a5e54ec8863348
475d4aa3fbc311d30979535bec5e9922dec32caf59661567bf507235122a1015
754235af94ace68ec407cdbdbcaab45f4baf868f32feb3ec0bca57adbc0c9193
8bbbebccaba8e0296e91d0118aa7e60a1cf7a947dacfa1d9c395d218fe13d437
92ba41aa9873d8f826083e78bbc5ead09ea62f3d2e13dfc453765c9aae1a16f1
9de4010cbeae73ea48252f4c4baf68f65bc45d1f5e10f3f852ed65fd263e97f9
a5850616e81a1083429e862600597db59b3a5114291eae884ab2f9a7847dedc2
bf446b764bc51ad54f00ecacb66d62a3d9ce67a5bf768db9f5fee94340e2d426
c0f2427a6d94e5d304775bd674cf7eba9ef2182939bf0705fa0fedf7001b9a36
ca1ea031255ee7a6d9693f9f51def657c5ed2633adca36c83d965bab868ac7ae
cbdcf2ea8f4d64060463a8429d20ed497be36146a4de14ab7c6cc7aef722f1f6
cfefc3d1e1fd30433488f4faf720e638f0567faeee99cec325f7fb726f40db66
ed9403031e40e51b0eed6f141270fcd12a543a5018ee53cbf03e0fe02c95a67d
f3087ccba6634e5434bf86dbdc9583a7ad8ef4953ab99223883548d449a94b34