appdangky.site Open in urlscan Pro
2606:4700:3032::6815:29dc Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://beta.sigma-ed.com/wp-content/
Effective URL:
https://appdangky.site/news/
Submission: On March 17 via api (March 17th 2024, 6:53:13 pm UTC) from EE — Scanned from CH

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 21 HTTP transactions. The main IP is 2606:4700:3032::6815:29dc, located in United States and belongs to CLOUDFLARENET, US. The main domain is appdangky.site.
TLS certificate: Issued by GTS CA 1P5 on January 25th 2024. Valid for: 3 months.

This is the only time appdangky.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Schweizerische Bundesbahnen (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	157.7.189.54 157.7.189.54	7506 (INTERQ GM...) (INTERQ GMO Internet)
2 20	2606:4700:303... 2606:4700:3032::6815:29dc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	18.245.61.52 18.245.61.52	16509 (AMAZON-02) (AMAZON-02)
1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	4

1 157.7.189.54 (Japan)

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: users226.vip.heteml.jp

beta.sigma-ed.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700:3032::6815:29dc (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

appdangky.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.61.52 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-245-61-52.fra60.r.cloudfront.net

logs1407.xiti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

userstatics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	appdangky.site 2 redirects appdangky.site	256 KB
2	xiti.com 1 redirects logs1407.xiti.com — Cisco Umbrella Rank: 106419	1 KB
1	userstatics.com userstatics.com — Cisco Umbrella Rank: 107128	708 B
1	sigma-ed.com beta.sigma-ed.com	290 B
21	4

	Domain	Requested by
20	appdangky.site	2 redirects appdangky.site
2	logs1407.xiti.com	1 redirects appdangky.site
1	userstatics.com	appdangky.site
1	beta.sigma-ed.com
21	4

This site contains no links.

Subject Issuer	Validity	Valid
sigma-ed.com R3	`2024-02-13` - `2024-05-13`	3 months	crt.sh
appdangky.site GTS CA 1P5	`2024-01-25` - `2024-04-24`	3 months	crt.sh
userstatics.com E1	`2024-01-29` - `2024-04-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://appdangky.site/news/
Frame ID: C98998A0A53D861F5AD59094FFBC44D3
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anmeldung | SwissPass

Page URL History Show full URLs

https://beta.sigma-ed.com/wp-content/ Page URL
https://appdangky.site/news HTTP 301
http://appdangky.site/news/ HTTP 301
https://appdangky.site/news/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

95 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

256 kB
Transfer

992 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://beta.sigma-ed.com/wp-content/ Page URL
https://appdangky.site/news HTTP 301
http://appdangky.site/news/ HTTP 301
https://appdangky.site/news/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://logs1407.xiti.com/event?s=611076 HTTP 307
https://logs1407.xiti.com/event?s=611076&Rdt=On

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
beta.sigma-ed.com/wp-content/ 74 B
290 B 1060ms
278ms Document
text/html 157.7.189.54
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL: https://beta.sigma-ed.com/wp-content/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.7.189.54 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS: users226.vip.heteml.jp
Software: Apache / PHP/8.2.17
Resource Hash: e194c43ce6dd09ec464e5ae2543dc301f72b5b7121f51924a55a91f5f334c685

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-CH,de;q=0.9

Response headers

accept-ranges: none
content-encoding: gzip
content-length: 92
content-type: text/html; charset=UTF-8
date: Sun, 17 Mar 2024 18:53:09 GMT
referrer-policy: no-referrer-when-downgrade
server: Apache
vary: Range,Accept-Encoding
x-powered-by: PHP/8.2.17

GET
H2

200

Primary Request / Show response
appdangky.site/news/
Redirect Chain

https://appdangky.site/news
http://appdangky.site/news/
https://appdangky.site/news/

25 KB
5 KB

216ms
215ms

Document
text/html

2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f6e67bc886cbf171ee9cb58e9985ddbf7e636315cec4f2034625a758d1f5b45

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Referer: https://beta.sigma-ed.com/wp-content/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 865f2f2a7a370b46-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 17 Mar 2024 18:53:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H%2BNF7%2FSIlAiqc83X656vKplZzvgnqnNe0uSh%2Fz1SnxEhpL9l6XvL6DnDoPw4uIoCqvrJQfkr6xHpbSugBVBHMOFxNknGMdeVz76R3yQGmLu7g1SC%2BCRE2MV3Mblh8ZDONZjhHPncIyZkYHQjEA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
vary: Accept-Encoding
x-content-type-options: "nosniff" always
x-xss-protection: "1; mode=block" always

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 865f2f27ea6f6576-AMS
Connection: keep-alive
Content-Type: text/html
Date: Sun, 17 Mar 2024 18:53:10 GMT
Location: https://appdangky.site/news/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Referrer-Policy: no-referrer-when-downgrade
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJK%2FkyP%2BQ6RRIahA1%2BNvzaplv50BwyfQ%2B6GjCPwcJMDMyf%2BPju3sBIfndX0NIa9cvLKyTKVk0JJhUkolQakNbvpCr%2BWggAPPY5b8wdk0d1b3C4yj8eWbBtoifvhKaUYKLEsQO2%2B0BuzrDHy0pw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload" always
Transfer-Encoding: chunked
X-Content-Type-Options: "nosniff" always
X-XSS-Protection: "1; mode=block" always
alt-svc: h3=":443"; ma=86400

GET
H3 200 sso.min-20200819.css
appdangky.site/news/css/ 180 KB
24 KB 57ms
56ms Stylesheet
text/css 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/css/sso.min-20200819.css

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c365cf63e0edecc072b99e919e45604dfbca32ec0a19dac39275c9c67d334caf

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9755
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-2ce1f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=REyEx2UzF4K0Dh2uKBh8rgS52g9x9LIEaKol9tIvnVCyDZzMhUp2sbbY80sa%2BY7DvjMSQ%2BnArBCllaeZvp7wZFpHXVaxZXGxKeOjjwksrXurIiLkXFV3lqiCK0crUOiPA0Z3xO80njP597wsmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 865f2f2bcbdd66c8-AMS
expires: Mon, 17 Mar 2025 16:10:35 GMT

GET
H3 200 modernizr-20200819.js Show response
appdangky.site/news/js/ 8 KB
4 KB 90ms
89ms Script
application/javascript 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/js/modernizr-20200819.js

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a9fa521a58ee93001981f3a7db498c589233d8cc616e8d09af0119388a865bc

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9755
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-1e5c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0cNF31BEf98EKSbpGwEoH9jNQVglnybv0oEdRzjZ%2FoqKDqwHmKS2lOIwYPrhoUnDwyTrhC1KEhXxuhZQ4GaGr84UsUX%2FuK4ObVJIBrqS56qReQdMftDss6FoKttBwKTrnExst51nbM1jwN%2FJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 865f2f2bdbe066c8-AMS
expires: Mon, 17 Mar 2025 16:10:35 GMT

GET
H3 200 otSDKStub.js Show response
appdangky.site/news/js/ 21 KB
8 KB 91ms
90ms Script
application/javascript 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/js/otSDKStub.js

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9755
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-526c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10MQIHhxU7bGWhXC7GUGereTx16CCTG0z270TUNHTphKOWHWNnZHM0ZI%2FvPi06OArF9NLqoFtPehzvOKXN458NHzm0qBG9zsAQEoW3o%2FbyyHU%2F%2Bgw%2B0tVGO0pB8zBEUf6boLpTlCDbAXTngJrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 865f2f2bdbeb66c8-AMS
expires: Mon, 17 Mar 2025 16:10:35 GMT

GET
H3 200 launch-6cc731e967aa.min.js Show response
appdangky.site/news/js/ 124 KB
39 KB 187ms
187ms Script
application/javascript 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/js/launch-6cc731e967aa.min.js

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f053f049a78c3afbce0d34f57d0bea4a24f7964d0e1e45197a35c06124b5e357

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9754
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-1efde"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiTAp9TlCy4nMvKdPV627CLzRCRCJPWHBHrnKQUQZES35mQmQQr7y5u5AJks0L08VGKhsFN5Yv65FqFRT29FY%2BOfNBywxTJpWuiSXPUx9TGk0hUArPqgaQSoJpicoRzFO4nOiHGEcXEgXF3x0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 865f2f2cddc266c8-AMS
expires: Mon, 17 Mar 2025 16:10:36 GMT

GET
H3 200 logo_text_de-20200819.svg
appdangky.site/news/images/ 137 KB
16 KB 152ms
152ms Image
image/svg+xml 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://appdangky.site/news/images/logo_text_de-20200819.svg

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9755
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-222c3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gs87xX4iviOhcTxMlN2%2FpswGZ%2ByY6HJlA8VrnI1yyflSlw6Ww6Je8V%2FIz4jBt0kxHa5geGBIl%2BboBNY1iTh2uyrywsDMn4C01AVLPd0pB1nr7Ttz0Fp0w76cFGfYwGH2E5pmNjwg26EhOPXsqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate
cf-ray: 865f2f2bdbef66c8-AMS
expires: Mon, 17 Mar 2025 16:10:35 GMT

GET
H3 200 logo-20200819.svg
appdangky.site/news/images/ 7 KB
3 KB 153ms
153ms Image
image/svg+xml 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://appdangky.site/news/images/logo-20200819.svg

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9755
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-1cce"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ldYERMPS%2Fcj2ctTlgAe7LRnhNJ%2BWREzRPK7MuB8eFjmFa5XNv%2FfcqGGyhbb4jCJ1zpIqhIKvAE2gJ7fYTdtHAcT90jJlqVGNnzy17kwTYCRkC8aEGLgbVvzS85yUF56ErU7GmSH6SBHUcuFlqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate
cf-ray: 865f2f2bdbf166c8-AMS
expires: Mon, 17 Mar 2025 16:10:35 GMT

GET
H3 200 loader-20200819.png
appdangky.site/news/images/ 272 B
966 B 96ms
96ms Image
image/png 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://appdangky.site/news/images/loader-20200819.png

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9755
alt-svc: h3=":443"; ma=86400
content-length: 272
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: "6594fc8c-110"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rl8wYr9qHJ%2Fwx%2BxBHr9Ivr0a9K7QsXS%2FnODowIHAaXW%2FpLtIQYknCW8DTQDPSfBizbqYVTh%2BKboVCnyV%2BO%2FlqzmZSMtEEVBScDo0oGrE0xMJgfJkFsJu2BEEQ96jnTXEudMi83Z42pPJ9%2Fmldw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
accept-ranges: bytes
cf-ray: 865f2f2ccd8d66c8-AMS
expires: Mon, 17 Mar 2025 16:10:35 GMT

GET
H3 200 jquery-20200819.js Show response
appdangky.site/news/js/ 95 KB
35 KB 57ms
57ms Script
application/javascript 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/js/jquery-20200819.js

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b2485b0669a2f73c4846e82eb5a37421358591a8ac8ba21d8149bfb88adcbfb

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9754
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-17c58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iLYaq%2ByfpSxr1Ph4DGT1zEHmCPYvWzZw4qc18%2FXApNCCr0fc%2F7EFMt%2Bn4kI1ZmVBEI822IXvu%2BfU9DN%2BVGJu3Gc4LDdwa1AeJw4m3%2Fny438l4fBKYPm7E565g2d5er6OTUiqvJp2gMl%2FlNMpmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 865f2f2cddac66c8-AMS
expires: Mon, 17 Mar 2025 16:10:36 GMT

GET
H3 200 vendor.min-20200819.js Show response
appdangky.site/news/js/ 176 KB
54 KB 91ms
91ms Script
application/javascript 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/js/vendor.min-20200819.js

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

233ddeda2a0fbeee053d13f25669fe187bdef4fe708aacfadddd560905d209f1

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9754
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:58 GMT
server: cloudflare
etag: W/"6594fc8e-2beeb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H7BLDLqjX9b7TfEnnd3vxR1AXC1%2Fwwxk8z%2B350oYXI7GLEPjKQ6wNLMHvbkblFv0FcU4CDoWHu%2Fv2Zw2LrqsyGGtuK4qvRLJ4JBmPPXrs8j0Q%2FResZk9ZTWqQeOg2PsTx2q8n2OJGt5cm0DXvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 865f2f2cddb766c8-AMS
expires: Mon, 17 Mar 2025 16:10:36 GMT

GET
H3 200 swisspass.min-20200819.js Show response
appdangky.site/news/js/ 97 KB
26 KB 155ms
155ms Script
application/javascript 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/js/swisspass.min-20200819.js

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c50211b34ab0377f3b35c243c98e402315127bfa5b51e147cb22c702174ca60

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9754
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: W/"6594fc8c-18410"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lg6tWnqphn2A9DzO8989vIrGckWDSA6WBtHmCGEXKPGt6iCUz%2FPiFoxZ8UxITmr9bJLtd1U9LE5k%2F7ePWq6O7%2BMBL%2FsJKcMXYe6%2F1cL6A4Ly9Q8bMrDDT%2FCkpgtFsFi6wP21QAakfjknK7YI1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate, immutable, stale-while-revalidate=86400, stale-if-error=604800
cf-ray: 865f2f2cddbd66c8-AMS
expires: Mon, 17 Mar 2025 16:10:36 GMT

GET
H3 200 SBBWeb-Light.woff2
appdangky.site/news/fonts/ 14 KB
15 KB 80ms
80ms Font
font/woff2 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/fonts/SBBWeb-Light.woff2

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/css/sso.min-20200819.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Referer: https://appdangky.site/news/css/sso.min-20200819.css
Origin: https://appdangky.site
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 9754
alt-svc: h3=":443"; ma=86400
content-length: 14212
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 03 Jan 2024 06:19:56 GMT
server: cloudflare
etag: "6594fc8c-3784"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TafQ3prZm59cyt1R7Jee64qXspXjAYShLQrpbKTLELIaAZHan1co7sNLA6o1t7yh5I9P9xpYLrtxLDwZg3c9MQSr2v9T6Z5xQVm1hyPEgzUcddXi44Wt%2Fbl4S9ruzJp8ev4J6V0pVq%2FoomXMDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=31536000, must-revalidate, proxy-revalidate
accept-ranges: bytes
cf-ray: 865f2f2c6cdd66c8-AMS
expires: Mon, 17 Mar 2025 16:10:36 GMT

GET
H3 404 e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json Show response
appdangky.site/news/js/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/ 55 KB
12 KB 930ms
930ms XHR
text/html 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/news/js/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/js/otSDKStub.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25d6f124b1eda629b0b3be03cc1ae51bd9f18770837cd684defcc645cda57b77

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:11 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NrVn3Hl1uv5ik1i%2BdUdteuFBUrTKEF%2FPXgKyfr1AGIzE5ISEKSHGdtEgVeKZ2M2bvOvhfaTzsNGS5BAZSDB7fEFTQZ3Mms90FqfzVzXFjzJLxSRvV0%2FLRzjHZoS%2BxcSotWoJ0xW0TUJO9%2BY4mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 865f2f2ccd8766c8-AMS
link: <http://appdangky.site/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3 404 login_bg.jpg
appdangky.site/news/resources/img/ 548 B
548 B 58ms
57ms Image
text/html 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://appdangky.site/news/resources/img/login_bg.jpg

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2BTDbbkzgcn4BekAYvmTg%2FyLUSHLr%2FIoElpqDq26IBR8fRsxrbl1r%2Fng%2Bq3Dm7%2B9qVPScookvzegZAvml6WZS4jVC%2FAnXfkzSgdmZVcMtYGUwd6m8VcP39h42zBRLOGkcD4og1vUa%2FMyh66g7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-ray: 865f2f2cddc866c8-AMS

GET
H3 404 icomoon.woff2
appdangky.site/fonts/icomoon/ 0
0 224ms
224ms Font
text/html 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/fonts/icomoon/icomoon.woff2?7m5yri

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/css/sso.min-20200819.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Referer: https://appdangky.site/news/css/sso.min-20200819.css
Origin: https://appdangky.site
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H4%2BQenEAAiCvuYbZ3EZmOL7ZKHbseiggzSCF%2BlfEy2ZkWKnAjn6A54pcz98fyY9gAo9LbEiNIMaDLY35If3hBP0r%2BZC95lht8UwI%2Ft3GTpVY%2FwsSSc6utYQxht8adQsfkKmSbyZXap4hm5699w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-ray: 865f2f2cddd966c8-AMS

GET
H3 404 co-branding Show response
appdangky.site/idp/ 55 KB
12 KB 968ms
968ms XHR
text/html 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/idp/co-branding?resource=co-branding&lang=de&provider=

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/js/jquery-20200819.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d0a1f77bcc91562df237b2dddf4d45ea716029675b49d5559e1867ce5f9cca

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Accept: */*
Referer: https://appdangky.site/news/
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:11 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l9HOntKRqY%2FZcEx%2F78e0kmgQ91Y%2BSvfE7ee5H9Lb6PlG4741VorE2VIzXLtmjYTLhoLCkR2w%2BA5monNiT0nhamImEQ3drEY0StNssPbUbF7JxtoTgZrm1bamZVnc1%2FrONck90lh1W3VyUp%2FT7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 865f2f2e285e66c8-AMS
link: <http://appdangky.site/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3 404 icomoon.ttf
appdangky.site/fonts/icomoon/ 0
0 54ms
53ms Font
text/html 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/fonts/icomoon/icomoon.ttf?7m5yri

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/css/sso.min-20200819.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Referer: https://appdangky.site/news/css/sso.min-20200819.css
Origin: https://appdangky.site
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=udatFJtwDhcUZZPu9UbBPEffkzBTz6dSS0TGBR1CRf%2BmBacimk%2B1kHClo3T%2BVMXvdkYuPPOhiN9421mDfQXknQwfGKOAKCfc8FVLHZ7Pb4JF%2Bf518gycLh6%2BLw63kYY2A65B6IS7%2BMLLYHka7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-ray: 865f2f2e58cc66c8-AMS

POST
H2

204

event
logs1407.xiti.com/
Redirect Chain

https://logs1407.xiti.com/event?s=611076
https://logs1407.xiti.com/event?s=611076&Rdt=On

0
327 B

25ms
25ms

Ping
text/plain

18.245.61.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://logs1407.xiti.com/event?s=611076&Rdt=On

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/

Protocol

Server

18.245.61.52 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-61-52.fra60.r.cloudfront.net

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: max-age=15768000
via: 1.1 b459d8cae3f218ce39711fc3ecdcc998.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
access-control-max-age: 600
x-cache: Miss from cloudfront
access-control-allow-origin: https://appdangky.site
cache-control: no-store
access-control-allow-credentials: true
x-amz-cf-id: 3uXu69wFrZyPly6v3Gxq_Zty_xKFh06t3jdLOxzPuBY0gp_JSUzMsQ==

Redirect headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: max-age=15768000
via: 1.1 b459d8cae3f218ce39711fc3ecdcc998.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
access-control-max-age: 600
x-cache: Miss from cloudfront
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
access-control-allow-origin: https://appdangky.site
location: /event?s=611076&Rdt=On
cache-control: no-store
access-control-allow-credentials: true
content-length: 0
x-amz-cf-id: rDl7G5ofpQggAB9wgHVQbSB51DZSWFVDY2alZWMBUxgTIZc33iv0WQ==

GET
H3 404 icomoon.woff
appdangky.site/fonts/icomoon/ 0
0 47ms
47ms Font
text/html 2606:4700:3032::6815:29dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://appdangky.site/fonts/icomoon/icomoon.woff?7m5yri

Requested by

Host: appdangky.site
URL: https://appdangky.site/news/css/sso.min-20200819.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:29dc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	"max-age=31536000; includeSubDomains; preload" always
X-Content-Type-Options	"nosniff" always
X-Xss-Protection	"1; mode=block" always

Request headers

Referer: https://appdangky.site/news/css/sso.min-20200819.css
Origin: https://appdangky.site
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:10 GMT
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
x-content-type-options: "nosniff" always
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 33
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: "1; mode=block" always
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BmogIniZ1KnFmUOn1X%2Fm1mzLyx8aT55jXEpbXQgNpehuLdke6qvBFg5LF05nUkQZtZ42Ae%2FiWBevmSIAm1yhhb%2FOrJ1%2B7UUQ5k%2BHltZMLaNlrwwgpW8pzY%2B7az%2F6A8MPFx06RC73WddV%2BnG9nw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
cf-ray: 865f2f2ea9a366c8-AMS

GET
H2 200 script.js Show response
userstatics.com/get/ 133 B
708 B 139ms
63ms Script
text/html 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://userstatics.com/get/script.js?referrer=https://appdangky.site/news/
Requested by: Host: appdangky.site
URL: https://appdangky.site/news/js/vendor.min-20200819.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.1
Resource Hash: df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://appdangky.site/news/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 17 Mar 2024 18:53:11 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.2.1
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: text/html; charset=utf-8
access-control-allow-origin: https://appdangky.site
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2FE0IKNIVceenfyDed6bXj29cyTaKeOSsWxJXelYA2Gb9PAA%2BA%2BnuS9j%2BH9hIHOdDYk%2B9%2Bjxt1LENGz%2B6EduayUMxmQISju%2B9HHQTweu0DTqoV39%2FPSUS3Mtwbms5LGxUvo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 865f2f348a65994e-FRA
access-control-allow-headers: X-Requested-With,content-type
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Schweizerische Bundesbahnen (Transportation)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
appdangky.site/news	1970-01-20 19:12:21	Name: PHPREFS Value: full
.appdangky.site/	1970-01-21 04:40:29	Name: pa_privacy Value: %22optin%22
.appdangky.site/	1970-01-21 04:40:25	Name: _pctx Value: %7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXSwH18yBbAJwBrABwBjKAHcATAB9U%2BAG5LhAZnEyQAXyA
.xiti.com/	1970-01-21 04:41:55	Name: atid Value: 06959335-A2AE-47F1-906D-AE21C6718C93

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://appdangky.site/news/resources/img/login_bg.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://appdangky.site/fonts/icomoon/icomoon.woff2?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://appdangky.site/fonts/icomoon/icomoon.ttf?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://appdangky.site/fonts/icomoon/icomoon.woff?7m5yri Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://appdangky.site/news/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://appdangky.site/news/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://appdangky.site/news/js/otSDKStub.js/consent/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test/e91f4b90-f9aa-4ace-891b-96dd07595d9f-test.json Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://appdangky.site/idp/co-branding?resource=co-branding&lang=de&provider= Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

appdangky.site
beta.sigma-ed.com
logs1407.xiti.com
userstatics.com
157.7.189.54
18.245.61.52
188.114.96.3
2606:4700:3032::6815:29dc
1f6e67bc886cbf171ee9cb58e9985ddbf7e636315cec4f2034625a758d1f5b45
233ddeda2a0fbeee053d13f25669fe187bdef4fe708aacfadddd560905d209f1
25d6f124b1eda629b0b3be03cc1ae51bd9f18770837cd684defcc645cda57b77
2b2485b0669a2f73c4846e82eb5a37421358591a8ac8ba21d8149bfb88adcbfb
5c7f0e173844556da7ca5eb8936fa3dab1c00206960920a49a1eea9cde2bfaaf
6d72fa0f78c80b1874d3ee4aadf43d973edc442a65fef83d37e684ac559893b7
7a9fa521a58ee93001981f3a7db498c589233d8cc616e8d09af0119388a865bc
9c50211b34ab0377f3b35c243c98e402315127bfa5b51e147cb22c702174ca60
a4d0a1f77bcc91562df237b2dddf4d45ea716029675b49d5559e1867ce5f9cca
c337d42ed7979c6be0282900bd957dd9d112a430dc7761463d655eb8f0d9bc07
c365cf63e0edecc072b99e919e45604dfbca32ec0a19dac39275c9c67d334caf
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
deeee170c3759a6ed35c0c05c5b935d0e7638f1c0c5677166918ecff6edb1909
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26
e194c43ce6dd09ec464e5ae2543dc301f72b5b7121f51924a55a91f5f334c685
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f053f049a78c3afbce0d34f57d0bea4a24f7964d0e1e45197a35c06124b5e357
f766c7457c6ec463eaa85778aa47261344f1772e0b7cf1987ad212f889f472f5

appdangky.site Open in urlscan Pro 2606:4700:3032::6815:29dc Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

95 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

256 kBTransfer

992 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

32 JavaScript Global Variables

4 Cookies

8 Console Messages

Indicators

appdangky.site Open in urlscan Pro
2606:4700:3032::6815:29dc Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

95 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

256 kB
Transfer

992 kB
Size

4
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!