oslopark-simoerkich001552735.codeanyapp.com Open in urlscan Pro
45.55.112.74 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://powerful-porpoise-1qfzv.instawp.xyz/go.html
Effective URL:
https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Submission: On October 11 via manual (October 11th 2023, 6:15:31 am UTC) from IN — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 16 HTTP transactions. The main IP is 45.55.112.74, located in San Francisco, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is oslopark-simoerkich001552735.codeanyapp.com.
TLS certificate: Issued by R3 on July 21st 2023. Valid for: 3 months.

This is the only time oslopark-simoerkich001552735.codeanyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Autopay (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	143.198.78.244 143.198.78.244	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	195.216.243.155 195.216.243.155	57724 (DDOS-GUARD) (DDOS-GUARD)
4	45.55.112.74 45.55.112.74	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a04:4e42:600... 2a04:4e42:600::729	54113 (FASTLY) (FASTLY)
4	35.180.145.57 35.180.145.57	16509 (AMAZON-02) (AMAZON-02)
1	52.222.236.4 52.222.236.4	16509 (AMAZON-02) (AMAZON-02)
4	15.188.103.18 15.188.103.18	16509 (AMAZON-02) (AMAZON-02)
1	151.101.65.195 151.101.65.195	54113 (FASTLY) (FASTLY)
16	8

1 143.198.78.244 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

powerful-porpoise-1qfzv.instawp.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.216.243.155 (Moscow, Russian Federation) 1 redirects

ASN57724 (DDOS-GUARD, RU)
PTR: s5.uid.me

u.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.55.112.74 (San Francisco, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

oslopark-simoerkich001552735.codeanyapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::729 (United States)

ASN54113 (FASTLY, US)

cdn.ravenjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.180.145.57 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-180-145-57.eu-west-3.compute.amazonaws.com

stonly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-4.fra56.r.cloudfront.net

s.stonly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.188.103.18 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-103-18.eu-west-3.compute.amazonaws.com

api.stonly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.195 (United States)

ASN54113 (FASTLY, US)

autopay.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	stonly.com stonly.com — Cisco Umbrella Rank: 34077 s.stonly.com — Cisco Umbrella Rank: 52977 api.stonly.com — Cisco Umbrella Rank: 37125	130 KB
4	codeanyapp.com oslopark-simoerkich001552735.codeanyapp.com	1 MB
1	autopay.io autopay.io	20 KB
1	ravenjs.com cdn.ravenjs.com — Cisco Umbrella Rank: 9848	13 KB
1	u.to 1 redirects u.to	355 B
1	instawp.xyz powerful-porpoise-1qfzv.instawp.xyz	209 B
16	6

	Domain	Requested by
4	api.stonly.com	stonly.com
4	stonly.com	oslopark-simoerkich001552735.codeanyapp.com stonly.com
4	oslopark-simoerkich001552735.codeanyapp.com	oslopark-simoerkich001552735.codeanyapp.com
1	autopay.io	oslopark-simoerkich001552735.codeanyapp.com
1	s.stonly.com	stonly.com
1	cdn.ravenjs.com	oslopark-simoerkich001552735.codeanyapp.com
1	u.to	1 redirects
1	powerful-porpoise-1qfzv.instawp.xyz
16	8

This site contains no links.

Subject Issuer	Validity	Valid
*.instawp.xyz R3	`2023-09-05` - `2023-12-04`	3 months	crt.sh
codeanyapp.com R3	`2023-07-21` - `2023-10-19`	3 months	crt.sh
cdn.ravenjs.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-06-03` - `2024-07-04`	a year	crt.sh
stonly.com R3	`2023-07-31` - `2023-10-29`	3 months	crt.sh
autopay.io GTS CA 1D4	`2023-09-24` - `2023-12-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Frame ID: 3D229FB0638FCAFFFAAF8FA5F7282827
Requests: 16 HTTP requests in this frame

Frame: https://s.stonly.com/stonly-stat-id.html?widgetId=357f5036-c506-11eb-8dbf-062882f67cfe&v=1.5
Frame ID: 7A6F9AE6BE215B8BFC87E325AE7A6A0D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Autopay

Page URL History Show full URLs

https://powerful-porpoise-1qfzv.instawp.xyz/go.html Page URL
https://u.to/1Rz6Hw HTTP 302
https://oslopark-simoerkich001552735.codeanyapp.com/Parking/ Page URL

Page Statistics

16
Requests

100 %
HTTPS

13 %
IPv6

6
Domains

8
Subdomains

8
IPs

3
Countries

1514 kB
Transfer

6226 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://powerful-porpoise-1qfzv.instawp.xyz/go.html Page URL
https://u.to/1Rz6Hw HTTP 302
https://oslopark-simoerkich001552735.codeanyapp.com/Parking/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 go.html Show response
powerful-porpoise-1qfzv.instawp.xyz/ 65 B
209 B 856ms
165ms Document
text/html 143.198.78.244
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://powerful-porpoise-1qfzv.instawp.xyz/go.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 143.198.78.244 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 4564f13a4f2042fec76ce22398856c586031d42155b14fb23a3a71d56a14e623

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-length: 65
content-type: text/html; charset=utf-8
date: Wed, 11 Oct 2023 06:15:26 GMT
etag: "41-6073e2f6b03c3"
last-modified: Mon, 09 Oct 2023 01:05:25 GMT
server: nginx

GET
H2

200

Primary Request / Show response
oslopark-simoerkich001552735.codeanyapp.com/Parking/
Redirect Chain

https://u.to/1Rz6Hw
https://oslopark-simoerkich001552735.codeanyapp.com/Parking/

101 KB
30 KB

615ms
260ms

Document
text/html

45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: 5f3b461d80a37910e1c91c9fc0f501f22a6c51689e6873728a1b61fc99d60fca

Request headers

Referer: https://powerful-porpoise-1qfzv.instawp.xyz/go.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 30506
content-type: text/html
date: Wed, 11 Oct 2023 05:43:19 GMT
etag: "194ca-60674f4bb5239-gzip"
last-modified: Fri, 29 Sep 2023 01:00:52 GMT
server: openresty
vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 11 Oct 2023 06:15:27 GMT
Keep-Alive: timeout=15
Location: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Server: nginx/1.8.0
Transfer-Encoding: chunked

GET
H2 200 raven.min.js Show response
cdn.ravenjs.com/3.24.2/ 35 KB
13 KB 23ms
6ms Script
application/javascript 2a04:4e42:600::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ravenjs.com/3.24.2/raven.min.js
Requested by: Host: oslopark-simoerkich001552735.codeanyapp.com
URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::729 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Fastly /
Resource Hash: 69070bfe524596a5e8681f08529aa9db58e953e4808d49bd585471266ae840a7

Request headers

Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
Origin: https://oslopark-simoerkich001552735.codeanyapp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 06:15:28 GMT
content-encoding: gzip
last-modified: Wed, 18 Apr 2018 11:46:49 GMT
server: Fastly
age: 20802
etag: "f1ba4f93c0582ba936494fa7a5d84908"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 13238

GET
H2 404 init.js
oslopark-simoerkich001552735.codeanyapp.com/_/raven/ 0
0 283ms
283ms Script
text/html 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://oslopark-simoerkich001552735.codeanyapp.com/_/raven/init.js
Requested by: Host: oslopark-simoerkich001552735.codeanyapp.com
URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Wed, 11 Oct 2023 05:43:20 GMT
cache-control: no-cache, must-revalidate, max-age=0
server: openresty
link: <https://oslopark-simoerkich001552735.codeanyapp.com/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 main.298bd7c7fcbf5092a9d3.js Show response
oslopark-simoerkich001552735.codeanyapp.com/Parking/css/ 4 MB
1007 KB 485ms
485ms Script
application/javascript 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/css/main.298bd7c7fcbf5092a9d3.js
Requested by: Host: oslopark-simoerkich001552735.codeanyapp.com
URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: 5ef8b1d2286af41a1d5859f67979f84b48037484ebeda0af5f18270e8c7c0ebe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 05:43:20 GMT
content-encoding: gzip
last-modified: Thu, 28 Sep 2023 21:53:36 GMT
server: openresty
etag: "452bd1-6067257013800-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes

GET
H2 200 main.298bd7c7fcbf5092a9d3.css
oslopark-simoerkich001552735.codeanyapp.com/Parking/css/ 1 MB
314 KB 302ms
302ms Stylesheet
text/css 45.55.112.74
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/css/main.298bd7c7fcbf5092a9d3.css
Requested by: Host: oslopark-simoerkich001552735.codeanyapp.com
URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 45.55.112.74 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: openresty /
Resource Hash: 2955d02287c795f380ad7e7f4fa781b36c926fbc379a040a4115186878ea65df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 05:43:20 GMT
content-encoding: gzip
last-modified: Thu, 28 Sep 2023 21:53:18 GMT
server: openresty
etag: "13713a-6067255ee8f80-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes

GET
H/1.1 200
OK version Show response
stonly.com/js/widget/v2/ 8 B
347 B 63ms
16ms XHR
application/octet-stream 35.180.145.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://stonly.com/js/widget/v2/version?v=1697004929119
Requested by: Host: oslopark-simoerkich001552735.codeanyapp.com
URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 35.180.145.57 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-180-145-57.eu-west-3.compute.amazonaws.com
Software: nginx /
Resource Hash: 6deab4ef2c91e0e4fef74943eae7dac85c5daffa29a03233388b854b4b6c117d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 06:15:29 GMT
Last-Modified: Wed, 11 Oct 2023 05:11:55 GMT
Server: nginx
ETag: "65262e9b-8"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK stonly-widget.js Show response
stonly.com/js/widget/v2/ 39 KB
13 KB 64ms
31ms Script
application/javascript 35.180.145.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://stonly.com/js/widget/v2/stonly-widget.js?v=ef634653

Requested by

Host: oslopark-simoerkich001552735.codeanyapp.com
URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

35.180.145.57 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-180-145-57.eu-west-3.compute.amazonaws.com

Software

nginx /

Resource Hash

a93dc92a549d63421fb0aabfbef5119b3eaa234b5321fd6b3d2572c2f1a59ae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 06:15:29 GMT
Strict-Transport-Security: max-age=0;
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 05:11:55 GMT
Server: nginx
ETag: W/"65262e9b-9c93"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Wed, 25 Oct 2023 06:15:29 GMT

GET
H/1.1 200
OK vendors~widget-6a10b4723bf3a3343a8a.stonly.js Show response
stonly.com/js/widget/v2/ 179 KB
64 KB 21ms
20ms Script
application/javascript 35.180.145.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://stonly.com/js/widget/v2/vendors~widget-6a10b4723bf3a3343a8a.stonly.js

Requested by

Host: stonly.com
URL: https://stonly.com/js/widget/v2/stonly-widget.js?v=ef634653

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

35.180.145.57 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-180-145-57.eu-west-3.compute.amazonaws.com

Software

nginx /

Resource Hash

c62370c1f168c29ef078fe65730f0c85dc2ea3f12187b4e9896a0598aacd92b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 06:15:29 GMT
Strict-Transport-Security: max-age=0;
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 05:11:55 GMT
Server: nginx
ETag: W/"65262e9b-2cd57"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Wed, 25 Oct 2023 06:15:29 GMT

GET
H/1.1 200
OK widget-59963eafa9da84cec6a9.stonly.js Show response
stonly.com/js/widget/v2/ 169 KB
50 KB 78ms
38ms Script
application/javascript 35.180.145.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://stonly.com/js/widget/v2/widget-59963eafa9da84cec6a9.stonly.js

Requested by

Host: stonly.com
URL: https://stonly.com/js/widget/v2/stonly-widget.js?v=ef634653

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

35.180.145.57 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-180-145-57.eu-west-3.compute.amazonaws.com

Software

nginx /

Resource Hash

f7895e72477e80b1defa6a8e6194d32314c840c3b2f6a6ef97f50c239832145c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0;
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 06:15:29 GMT
Strict-Transport-Security: max-age=0;
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 05:11:55 GMT
Server: nginx
ETag: W/"65262e9b-2a2e7"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1209600
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Wed, 25 Oct 2023 06:15:29 GMT

GET
H2 200 stonly-stat-id.html Show response
s.stonly.com/ Frame 7A6F 3 KB
1 KB 34ms
6ms Document
text/html 52.222.236.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.stonly.com/stonly-stat-id.html?widgetId=357f5036-c506-11eb-8dbf-062882f67cfe&v=1.5
Requested by: Host: stonly.com
URL: https://stonly.com/js/widget/v2/widget-59963eafa9da84cec6a9.stonly.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-4.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1290c09b37acd3340000035d9cd01338f557e85d46748202ecefe02cfae9a343

Request headers

Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1423
content-encoding: gzip
content-type: text/html
date: Wed, 11 Oct 2023 05:51:47 GMT
etag: W/"b714291e1f3178ac2a5d4e3c7974d64b"
last-modified: Fri, 06 Oct 2023 07:17:34 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 2c29bb35ddacc1dc2616fe65bdf5122e.cloudfront.net (CloudFront)
x-amz-cf-id: Pd03ceJEcYcsCgdu9zmw14ceHcAAAx-TY1QnL337xb1laqg8SL2cHQ==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

POST
H2 200 identify Show response
api.stonly.com/api/v1/targeting/ 38 B
470 B 52ms
20ms XHR
application/json 15.188.103.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.stonly.com/api/v1/targeting/identify

Requested by

Host: stonly.com
URL: https://stonly.com/js/widget/v2/widget-59963eafa9da84cec6a9.stonly.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

15.188.103.18 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-103-18.eu-west-3.compute.amazonaws.com

Software

nginx /

Resource Hash

d2d7b962231a739105665b0b4d7ca5dc566beb4354a10c477ec8b1b12d955bbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

timestamp: 1697004929454
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Wed, 11 Oct 2023 06:15:29 GMT
strict-transport-security: max-age=2592000;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-encoding: gzip
server: nginx
etag: W/"26-NFKChCaGCPgLuaMJn62pKH75t6U"
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://oslopark-simoerkich001552735.codeanyapp.com
cache-control: no-cache
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:01 GMT

OPTIONS
H2 204 identify
api.stonly.com/api/v1/targeting/ Frame 0
0 74ms
16ms Preflight 15.188.103.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.stonly.com/api/v1/targeting/identify

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

15.188.103.18 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-103-18.eu-west-3.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,timestamp
Access-Control-Request-Method: POST
Origin: https://oslopark-simoerkich001552735.codeanyapp.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,timestamp
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://oslopark-simoerkich001552735.codeanyapp.com
cache-control: no-cache
date: Wed, 11 Oct 2023 06:15:29 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=2592000;
vary: Origin, Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e9bdebb56f6570d058efb3ced46404b0ac6e1e22211034718e2be3e45cfd76a9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 310 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 655199b2752e3af7d438b913d76dc47604d96f8f1dfeea0f2541e0c598beb1fd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97d008fb403dd9b58a4293ce2e543488ccba64f8644b7e11ff4070670dff51ec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 neIXzD-0qpwxpaWvjeD0X88SAOeasc8btSyqxA.woff2
autopay.io/fonts/ 18 KB
20 KB 70ms
8ms Font
font/woff2 151.101.65.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://autopay.io/fonts/neIXzD-0qpwxpaWvjeD0X88SAOeasc8btSyqxA.woff2

Requested by

Host: oslopark-simoerkich001552735.codeanyapp.com
URL: https://oslopark-simoerkich001552735.codeanyapp.com/Parking/css/main.298bd7c7fcbf5092a9d3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e4ea46fe174609ff5f5460eaebd4e1eb98763b1cda636af69238922be0f51d7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; media-src 'self'; frame-src 'self' https://.autopay.io https://stonly.com https://.stonly.com https://player.vimeo.com; script-src 'self' cdn.ravenjs.com www.google-analytics.com apis.google.com stonly.com https://player.vimeo.com https://plausible.io 'sha256-fwc0mpDa8OHTVGvj46tzJTK/4veec5TxZJQNTFjzBw0='; connect-src 'self' .autopay.io .googleapis.com .google-analytics.com sentry.io https://vimeo.com api.pwnedpasswords.com stonly.com .stonly.com https://plausible.io; img-src 'self' https://storage.googleapis.com/autopay-test-api.appspot.com/ https://storage.googleapis.com/autopay-qa-api.appspot.com/ https://storage.googleapis.com/autopay-prod-api.appspot.com/ https://.autopay.io/ .tile.osm.org www.google-analytics.com https://*.vimeocdn.com data:; style-src 'unsafe-inline' 'self'; font-src data: autopay.io qa.autopay.io test.autopay.io; manifest-src 'self'
Strict-Transport-Security	max-age=31556926
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1

Request headers

Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
Origin: https://oslopark-simoerkich001552735.codeanyapp.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src 'none'; media-src 'self'; frame-src 'self' https://*.autopay.io https://stonly.com https://*.stonly.com https://player.vimeo.com; script-src 'self' cdn.ravenjs.com www.google-analytics.com apis.google.com stonly.com https://player.vimeo.com https://plausible.io 'sha256-fwc0mpDa8OHTVGvj46tzJTK/4veec5TxZJQNTFjzBw0='; connect-src 'self' *.autopay.io *.googleapis.com *.google-analytics.com sentry.io https://vimeo.com api.pwnedpasswords.com stonly.com *.stonly.com https://plausible.io; img-src 'self' https://storage.googleapis.com/autopay-test-api.appspot.com/ https://storage.googleapis.com/autopay-qa-api.appspot.com/ https://storage.googleapis.com/autopay-prod-api.appspot.com/ https://*.autopay.io/ *.tile.osm.org www.google-analytics.com https://*.vimeocdn.com data:; style-src 'unsafe-inline' 'self'; font-src data: autopay.io qa.autopay.io test.autopay.io; manifest-src 'self'
strict-transport-security: max-age=31556926
x-content-type-options: nosniff
date: Wed, 11 Oct 2023 06:15:29 GMT
content-security-policy-report-only: default-src 'none'; media-src 'self'; frame-src 'self' https://*.autopay.io https://stonly.com https://*.stonly.com https://player.vimeo.com; script-src 'self' cdn.ravenjs.com www.google-analytics.com apis.google.com stonly.com https://player.vimeo.com https://plausible.io 'sha256-fwc0mpDa8OHTVGvj46tzJTK/4veec5TxZJQNTFjzBw0=' 'unsafe-eval'; connect-src 'self' *.autopay.io *.googleapis.com *.google-analytics.com sentry.io https://vimeo.com api.pwnedpasswords.com stonly.com *.stonly.com https://plausible.io; img-src 'self' https://storage.googleapis.com/autopay-test-api.appspot.com/ https://storage.googleapis.com/autopay-qa-api.appspot.com/ https://storage.googleapis.com/autopay-prod-api.appspot.com/ https://*.autopay.io/ *.tile.osm.org www.google-analytics.com https://*.vimeocdn.com data:; style-src 'unsafe-inline' 'self'; font-src data: autopay.io qa.autopay.io test.autopay.io; manifest-src 'self'
x-cache: HIT
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18588
x-xss-protection: 1
x-served-by: cache-fra-eddf8230037-FRA
referrer-policy: origin
last-modified: Thu, 05 Oct 2023 08:12:55 GMT
x-timer: S1697004930.750455,VS0,VE1
etag: "5e627f4b9546ec44cb1920599e8bc034464512ca42a84207b5600f2f30119f4b"
x-frame-options: deny
vary: x-fh-requested-host, accept-encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-cache-hits: 1

OPTIONS
H2 204 integration
api.stonly.com/api/v2/widget/ Frame 0
0 18ms
17ms Preflight 15.188.103.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.stonly.com/api/v2/widget/integration?widgetId=357f5036-c506-11eb-8dbf-062882f67cfe&stonlyAnonymousId=9390cb43-62fa-4acc-92f1-fcb21d52e405&url=https%3A%2F%2Foslopark-simoerkich001552735.codeanyapp.com%2FParking%2F

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

15.188.103.18 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-103-18.eu-west-3.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: timestamp
Access-Control-Request-Method: GET
Origin: https://oslopark-simoerkich001552735.codeanyapp.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: timestamp
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://oslopark-simoerkich001552735.codeanyapp.com
cache-control: no-cache
date: Wed, 11 Oct 2023 06:15:29 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=2592000;
vary: Origin, Access-Control-Request-Headers
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 403 integration Show response
api.stonly.com/api/v2/widget/ 56 B
439 B 18ms
18ms XHR
application/json 15.188.103.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: stonly.com
URL: https://stonly.com/js/widget/v2/widget-59963eafa9da84cec6a9.stonly.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

15.188.103.18 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-103-18.eu-west-3.compute.amazonaws.com

Software

nginx /

Resource Hash

bdcf23bda88d035697ee4948a74b458a81054f24270b795c48be5c56c0ce06e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;

Request headers

timestamp: 1697004929700
Referer: https://oslopark-simoerkich001552735.codeanyapp.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 06:15:29 GMT
strict-transport-security: max-age=2592000;
content-encoding: gzip
server: nginx
etag: W/"38-zgzUKC0gMbPjPxw1AM6ojwqJXhQ"
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://oslopark-simoerkich001552735.codeanyapp.com
access-control-allow-credentials: true

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Autopay (Transportation)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.u.to/	1970-01-21 00:09:00	Name: lng Value: de
			.api.stonly.com/	1969-12-31 23:59:59	Name: _csrf Value: 6Hi3Rxk1d1sdOjFVOJbKscY4

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://oslopark-simoerkich001552735.codeanyapp.com/_/raven/init.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://api.stonly.com/api/v2/widget/integration?widgetId=357f5036-c506-11eb-8dbf-062882f67cfe&stonlyAnonymousId=9390cb43-62fa-4acc-92f1-fcb21d52e405&url=https%3A%2F%2Foslopark-simoerkich001552735.codeanyapp.com%2FParking%2F Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.stonly.com
autopay.io
cdn.ravenjs.com
oslopark-simoerkich001552735.codeanyapp.com
powerful-porpoise-1qfzv.instawp.xyz
s.stonly.com
stonly.com
u.to
143.198.78.244
15.188.103.18
151.101.65.195
195.216.243.155
2a04:4e42:600::729
35.180.145.57
45.55.112.74
52.222.236.4
1290c09b37acd3340000035d9cd01338f557e85d46748202ecefe02cfae9a343
2955d02287c795f380ad7e7f4fa781b36c926fbc379a040a4115186878ea65df
4564f13a4f2042fec76ce22398856c586031d42155b14fb23a3a71d56a14e623
5ef8b1d2286af41a1d5859f67979f84b48037484ebeda0af5f18270e8c7c0ebe
5f3b461d80a37910e1c91c9fc0f501f22a6c51689e6873728a1b61fc99d60fca
655199b2752e3af7d438b913d76dc47604d96f8f1dfeea0f2541e0c598beb1fd
69070bfe524596a5e8681f08529aa9db58e953e4808d49bd585471266ae840a7
6deab4ef2c91e0e4fef74943eae7dac85c5daffa29a03233388b854b4b6c117d
97d008fb403dd9b58a4293ce2e543488ccba64f8644b7e11ff4070670dff51ec
a93dc92a549d63421fb0aabfbef5119b3eaa234b5321fd6b3d2572c2f1a59ae6
bdcf23bda88d035697ee4948a74b458a81054f24270b795c48be5c56c0ce06e9
c62370c1f168c29ef078fe65730f0c85dc2ea3f12187b4e9896a0598aacd92b6
d2d7b962231a739105665b0b4d7ca5dc566beb4354a10c477ec8b1b12d955bbe
e4ea46fe174609ff5f5460eaebd4e1eb98763b1cda636af69238922be0f51d7a
e9bdebb56f6570d058efb3ced46404b0ac6e1e22211034718e2be3e45cfd76a9
f7895e72477e80b1defa6a8e6194d32314c840c3b2f6a6ef97f50c239832145c

oslopark-simoerkich001552735.codeanyapp.com Open in urlscan Pro 45.55.112.74 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

100 %HTTPS

13 %IPv6

6 Domains

8 Subdomains

8 IPs

3 Countries

1514 kBTransfer

6226 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

oslopark-simoerkich001552735.codeanyapp.com Open in urlscan Pro
45.55.112.74 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

13 %
IPv6

6
Domains

8
Subdomains

8
IPs

3
Countries

1514 kB
Transfer

6226 kB
Size

2
Cookies

16 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!