urlscan.io logo urlscan.io
SecurityTrails logo

wordpress-green-kangaroo-slm.codeanyapp.com Open in urlscan Pro
198.199.109.95  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Submission: On October 19 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 198.199.109.95, located in San Francisco, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is wordpress-green-kangaroo-slm.codeanyapp.com.
TLS certificate: Issued by E5 on October 14th 2024. Valid for: 3 months.
This is the only time wordpress-green-kangaroo-slm.codeanyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Gjensidige (Insurance)

Domain & IP information

IP Address AS Autonomous System
11 198.199.109.95 14061 (DIGITALOC...)
2 2600:9000:251... 16509 (AMAZON-02)
13 2
Apex Domain
Subdomains		 Transfer
11 codeanyapp.com
wordpress-green-kangaroo-slm.codeanyapp.com
168 KB
2 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1314
11 KB
13 2
Domain Requested by
11 wordpress-green-kangaroo-slm.codeanyapp.com wordpress-green-kangaroo-slm.codeanyapp.com
2 tags.tiqcdn.com wordpress-green-kangaroo-slm.codeanyapp.com
13 2

This site contains no links.

Subject Issuer Validity Valid
codeanyapp.com
E5		 2024-10-14 -
2025-01-12		 3 months crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2024-03-19 -
2025-04-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Frame ID: 637AF29F428D519557981539FD5FFB01
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Gjensidige

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

179 kB
Transfer

876 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.htm
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/ 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
c64ebb41f089f740652cf58dee1ef57c1006d5aca18a495d25b38f38c4895169

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
2217
content-type
text/html
date
Sat, 19 Oct 2024 04:13:49 GMT
etag
"1a9f-621678bf98e80-gzip"
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
vary
Accept-Encoding
utag.js
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		77 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/utag.js
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
87077dcddf56b917cf35d9f4915f1417cf4bf859c82bde414fb822e1e33f0dfe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm

Response headers

content-encoding
gzip
etag
"1342d-621678bf98e80-gzip"
accept-ranges
bytes
content-length
19921
date
Sat, 19 Oct 2024 04:13:50 GMT
content-type
application/javascript
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
vary
Accept-Encoding
utag.sync.js
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		1 KB
816 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/utag.sync.js
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
378bdc98f3b3d7d0938dd3b2d09c199ad8f2f6d8af6cec9541a0a6502d9663cc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm

Response headers

content-encoding
gzip
etag
"409-621678bf98e80-gzip"
accept-ranges
bytes
content-length
622
date
Sat, 19 Oct 2024 04:13:50 GMT
content-type
application/javascript
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
vary
Accept-Encoding
gjeff.css
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		547 KB
75 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/gjeff.css
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
ecff1eec9f503aa52ad46a7e3b1b456d62b6290947dbeee2b8465ca7c2759d7e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm

Response headers

content-encoding
gzip
etag
"88cdc-621678bf98e80-gzip"
accept-ranges
bytes
date
Sat, 19 Oct 2024 04:13:50 GMT
content-type
text/css
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
vary
Accept-Encoding
main.css
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		2 KB
779 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/main.css
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
4c5b69b606d822d1eebf8af630ebd8ced3ab782fa67d4538f601f5d06625f163

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm

Response headers

content-encoding
gzip
etag
"626-621678bf98e80-gzip"
accept-ranges
bytes
content-length
595
date
Sat, 19 Oct 2024 04:13:50 GMT
content-type
text/css
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
vary
Accept-Encoding
gjeff.min.js
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		203 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/gjeff.min.js
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
83e71e55571bd3d4e7298768cfe226b3fb65a68ba7dbea5d60a4fd076050d429

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm

Response headers

content-encoding
gzip
etag
"32a2e-621678bf98e80-gzip"
accept-ranges
bytes
date
Sat, 19 Oct 2024 04:13:50 GMT
content-type
application/javascript
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
vary
Accept-Encoding
utag.v.js
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		2 B
154 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/utag.v.js
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/

Response headers

accept-ranges
bytes
content-length
2
date
Sat, 19 Oct 2024 04:13:51 GMT
etag
"2-621678bf98e80"
content-type
application/javascript
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
gjensidige-no_prod_180504.js
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		317 B
447 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/gjensidige-no_prod_180504.js
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
94750789a5c3968d5922a3feacba21c410b710b3e84d3ec4e3b893cd240c04b4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/

Response headers

content-encoding
gzip
etag
"13d-621678bf98e80-gzip"
accept-ranges
bytes
content-length
253
date
Sat, 19 Oct 2024 04:13:50 GMT
content-type
application/javascript
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
vary
Accept-Encoding
gjensidige_logo.svg
wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/gjensidige_logo.svg
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
ecb0e38b4c2be3cb2ea228f88118824735de98ce8fa38167be92faa84a744931

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/

Response headers

accept-ranges
bytes
content-length
6630
date
Sat, 19 Oct 2024 04:13:50 GMT
etag
"19e6-621678bf98e80"
content-type
image/svg+xml
last-modified
Thu, 05 Sep 2024 23:21:14 GMT
server
openresty
utag.js
tags.tiqcdn.com/utag/gjensidige/eai/prod/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/gjensidige/eai/prod/utag.js
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/gjensidige-no_prod_180504.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:ce00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a4143e1ac191044c1987a32e6e8893513a7ce3106e30ccd1e0d457fe2aae102

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=300
content-encoding
br
x-amz-version-id
kq4cgiIazfd9l4g9c.ueQUiqTcoJNBbl
etag
W/"14083a8e99ef897071efda5081a0fc5d"
via
1.1 17eb4ce9c34597b3328325a19f8138fe.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
gE_-m8o-QJM8Go5DBbaLS7XTSmWV_E26Nwqpmo1t552J1p1Zru-Q-w==
date
Sat, 19 Oct 2024 05:06:37 GMT
content-type
application/javascript
last-modified
Tue, 04 Jun 2024 10:30:26 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
loginpage-ssn
wordpress-green-kangaroo-slm.codeanyapp.com/ajax/ 		326 B
415 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/ajax/loginpage-ssn
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/gjeff.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
f3be7f0cb342ebc17954d769f3a1648ece0eb57ce1e03e4c18c92f47dd73ad0d

Request headers

Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
text/html, */*; q=0.01

Response headers

content-length
326
date
Sat, 19 Oct 2024 04:13:51 GMT
content-type
text/html; charset=iso-8859-1
server
openresty
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
432 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=gjensidige/eai/202310190710&cb=1729314396268
Requested by
Host: wordpress-green-kangaroo-slm.codeanyapp.com
URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/gseno/Login%20-%20Gjensidige%20Forsikring_files/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:ce00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
etag
"7bc0ee636b3b83484fc3b9348863bd22"
age
218
x-cache
Hit from cloudfront
x-amz-cf-id
bO7ItuNgm2PyADKFoLvY3i-uC0jnJlWIngjU9GKFS5f1SMwf2Oif0w==
date
Sat, 19 Oct 2024 05:02:59 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
cache-control
max-age=300
via
1.1 17eb4ce9c34597b3328325a19f8138fe.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
2
x-amz-cf-pop
JFK50-P6
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
wordpress-green-kangaroo-slm.codeanyapp.com/ 		319 B
408 B 		Other
General
Check archive.org
Download Go to
Full URL
https://wordpress-green-kangaroo-slm.codeanyapp.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
198.199.109.95 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
codeanyproxy.com
Software
openresty /
Resource Hash
14f5d202b459656ce07b4d787e6e0737e97fcfcfae3ef64328d69620afb14615

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://wordpress-green-kangaroo-slm.codeanyapp.com/

Response headers

content-length
319
date
Sat, 19 Oct 2024 04:13:51 GMT
content-type
text/html; charset=iso-8859-1
server
openresty

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Gjensidige (Insurance)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| codi function| jQuery function| $ object| jQuery1124025662531520349185 object| gj object| utag object| utag_data function| gcct string| warningString function| simplePopup function| getScreenWidth function| getScreenHeight function| submitOrderAccess function| addUser function| submitForgottenPassword function| disableLogin function| validateLogin

1 Cookies

Domain/Path Name / Value
.codeanyapp.com/ Name: utag_main
Value: v_id:0192a32b983400136df017f8c5b705065004305d00b08$_sn:1$_se:1$_ss:1$_st:1729316196214$ses_id:1729314396214%3Bexp-session$_pn:1%3Bexp-session$_prevpage:https%3A%2F%2Fwordpress-green-kangaroo-slm.codeanyapp.com%2Fgseno%2Findex.htm%3Bexp-1729317996218

2 Console Messages

Source Level URL
Text
network error URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/ajax/loginpage-ssn
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://wordpress-green-kangaroo-slm.codeanyapp.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()