cottonsettle.com Open in urlscan Pro
34.65.247.156  Malicious Activity! Public Scan

Submitted URL: http://nppharmacr.com//bb
Effective URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Submission: On February 16 via manual from US

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 24 HTTP transactions. The main IP is 34.65.247.156, located in Zurich, Switzerland and belongs to GOOGLE, US. The main domain is cottonsettle.com.
This is the only time cottonsettle.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2 190.0.230.213 263713 (Server Lo...)
16 34.65.247.156 15169 (GOOGLE)
1 2a04:4e42:1b:... 54113 (FASTLY)
5 167.71.164.19 14061 (DIGITALOC...)
1 109.236.91.3 49981 (WORLDSTREAM)
24 5
Domain Requested by
16 cottonsettle.com cottonsettle.com
2 nppharmacr.com 1 redirects
1 extreme-ip-lookup.com cottonsettle.com
1 cdn.jsdelivr.net cottonsettle.com
24 4

This site contains links to these domains. Also see Links.

Domain
easybankingbusiness.bnpparibasfortis.be
Subject Issuer Validity Valid
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh

This page contains 1 frames:

Primary Page: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Frame ID: 5CAD79DC6D32315ACFFF41DFC60501AE
Requests: 24 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://nppharmacr.com//bb HTTP 301
    http://nppharmacr.com/bb/ Page URL
  2. http://cottonsettle.com/bnpparibasfortis/clientv2/app.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /socket\.io.*\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /socket\.io.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

24
Requests

4 %
HTTPS

20 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

319 kB
Transfer

440 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nppharmacr.com//bb HTTP 301
    http://nppharmacr.com/bb/ Page URL
  2. http://cottonsettle.com/bnpparibasfortis/clientv2/app.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://nppharmacr.com//bb HTTP 301
  • http://nppharmacr.com/bb/

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
nppharmacr.com/bb/
Redirect Chain
  • http://nppharmacr.com//bb
  • http://nppharmacr.com/bb/
177 B
504 B
Document
General
Full URL
http://nppharmacr.com/bb/
Protocol
HTTP/1.1
Server
190.0.230.213 Santa Ana, Costa Rica, ASN263713 (Server Lodge S.A., CR),
Reverse DNS
sl3.cyberfuel.com
Software
nginx / PleskLin
Resource Hash
c05e6c8ebda14ec680f08dd4cb01570c7b63835cfad9710f68ff3b66ed098e38

Request headers

Host
nppharmacr.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Tue, 16 Feb 2021 18:03:45 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Accel-Version
0.01
Last-Modified
Tue, 16 Feb 2021 15:22:08 GMT
ETag
W/"b1-5bb75aa670800"
X-Cache-Status
BYPASS
X-Powered-By
PleskLin
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Tue, 16 Feb 2021 18:03:44 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
233
Connection
keep-alive
Location
http://nppharmacr.com/bb/
X-Cache-Status
BYPASS
X-Powered-By
PleskLin
Primary Request app.html
cottonsettle.com/bnpparibasfortis/clientv2/
2 KB
2 KB
Document
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
0b0d46c8058250105cbbae5ccadbc5544f444d7768682d680d60ac104292be5c

Request headers

Host
cottonsettle.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://nppharmacr.com/bb/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://nppharmacr.com/bb/

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Server
Apache
Last-Modified
Sat, 13 Feb 2021 09:24:06 GMT
Accept-Ranges
bytes
Content-Length
1608
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
jquery.min.js
cottonsettle.com/bnpparibasfortis/clientv2/js/
86 KB
86 KB
Script
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/js/jquery.min.js
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Fri, 08 Nov 2019 20:47:20 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
88145
socket.io.js
cottonsettle.com/bnpparibasfortis/clientv2/js/
67 KB
67 KB
Script
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
5673ce875286e3de66805a301db623b5957d27b1e6390cb821f4f026da7d4151

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Fri, 08 Nov 2019 20:47:20 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
68694
login.css
cottonsettle.com/bnpparibasfortis/clientv2/css/
15 KB
15 KB
Stylesheet
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/css/login.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
76215343c758ef1a64028aec789f8f2ea6f43aafd4c6dd7cff675f6f62a2a08e

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Thu, 11 Feb 2021 02:19:42 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
15425
loading.css
cottonsettle.com/bnpparibasfortis/clientv2/css/
912 B
1 KB
Stylesheet
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/css/loading.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
880e5de7217c08f95836f65f2db4c4c6d22f9da841d423025d9654099895c133

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Wed, 10 Feb 2021 23:49:12 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
912
app.css
cottonsettle.com/bnpparibasfortis/clientv2/css/
11 KB
11 KB
Stylesheet
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/css/app.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
f988532bc628ded544495197541be3b11607360ce6bfe2e109a49abb9832e0b2

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Tue, 09 Feb 2021 18:58:14 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
11442
spinner.css
cottonsettle.com/bnpparibasfortis/clientv2/css/
1 KB
2 KB
Stylesheet
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/css/spinner.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
48743495faf319c7a89b72aa09dfc0fae3bacd239cf9723d078768dff70eed97

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Fri, 03 Jul 2020 23:33:20 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1529
app_approve.css
cottonsettle.com/bnpparibasfortis/clientv2/css/
1 KB
2 KB
Stylesheet
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/css/app_approve.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
6f179e6710440b5c7b85794c0ce63eb9da8937450b8aa4aa00c0902ce2e94201

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Sat, 04 Jul 2020 21:09:24 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1379
cle_approve.css
cottonsettle.com/bnpparibasfortis/clientv2/css/
3 KB
3 KB
Stylesheet
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/css/cle_approve.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
23cdc1a1a37aec0772041269bb2b2aae57c56843afcef2e55c8478b1401c8447

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Sun, 05 Jul 2020 03:41:08 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2939
sms.css
cottonsettle.com/bnpparibasfortis/clientv2/css/
945 B
1 KB
Stylesheet
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/css/sms.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
c6abb7dc205161615a358f10828f9b9ab36503aa536c8a2a38d5d6f197a3833b

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Sun, 05 Jul 2020 19:33:22 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
945
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/
150 KB
22 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/bootstrap.min.css
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
http://cottonsettle.com
Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
587074
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
content-length
22599
etag
W/"25617-q3SIoVyTmtfFSq15BDC3uaLXfq4"
x-served-by
cache-fra19137-FRA, cache-hhn4039-HHN
date
Tue, 16 Feb 2021 18:03:45 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
footer.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/
19 KB
19 KB
Image
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/footer.jpg
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
3b988cd351ae564ea7ea3270e9a327f1ccad0a2d9b042791f683dc293f9bd73f

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Thu, 31 Dec 2020 07:39:02 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
19254
server.js
cottonsettle.com/bnpparibasfortis/clientv2/js/
14 KB
14 KB
Script
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/js/server.js
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
329e16a83d6cf2fe731f9ac91d02151bac3f568996a0629725d64d5d954b2fc0

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Tue, 16 Feb 2021 18:03:45 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
14562
/
167.71.164.19/socket.io/
103 B
411 B
XHR
General
Full URL
http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUi0oyd
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol
HTTP/1.1
Server
167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
3d2e1bc9033812befefefdbc18a1915550a317f307f812cb9061ab625c012029

Request headers

Accept
*/*
Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
http://cottonsettle.com
Date
Tue, 16 Feb 2021 18:03:45 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
103
Content-Type
text/plain; charset=UTF-8
Login.html
cottonsettle.com/bnpparibasfortis/clientv2/divs/
7 KB
7 KB
Fetch
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/divs/Login.html
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/server.js
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
239f777618776c44c61cd23a6f29fd1675ba623bed933b08fe4fc025bdefd2f1

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Tue, 09 Feb 2021 09:37:58 GMT
Server
Apache
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
6943
/
extreme-ip-lookup.com/json/
386 B
646 B
Fetch
General
Full URL
http://extreme-ip-lookup.com/json/
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/server.js
Protocol
HTTP/1.1
Server
109.236.91.3 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS
Software
nginx /
Resource Hash
ba68aba7d0bb29ff7c5ec6e88c0d947845b32f0c424288787750d2e7b4fb64f6

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Server
nginx
Content-Type
application/json; charset=utf-8;
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
386
sprite.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/
36 KB
36 KB
Image
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/sprite.jpg
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
405d0e716fd0eb2813aada2e0ce1d1fc7233e09096a2a9c41eff7f99dff81b65

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Thu, 17 Dec 2020 03:26:44 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
37050
welcome.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/
12 KB
12 KB
Image
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/welcome.jpg
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
d93a7c5b72be76967e956c28d24b991c5b7bac2eb1c9b28bac3368aecef7791a

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Thu, 31 Dec 2020 06:58:16 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
11911
foot.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/
14 KB
14 KB
Image
General
Full URL
http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/foot.jpg
Protocol
HTTP/1.1
Server
34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.65.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
04258540eb8227e0cfc2e4ba864e2bca340307f1d19490c7764d1d5f95743761

Request headers

Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 16 Feb 2021 18:03:45 GMT
Last-Modified
Thu, 31 Dec 2020 07:20:18 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
13906
/
167.71.164.19/socket.io/
2 B
292 B
XHR
General
Full URL
http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUi0o_a&sid=DlF6k58O9jyTdgOQAAHp
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol
HTTP/1.1
Server
167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept
*/*
Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
http://cottonsettle.com
Date
Tue, 16 Feb 2021 18:03:46 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2
Content-Type
text/html
/
167.71.164.19/socket.io/
58 B
365 B
XHR
General
Full URL
http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUi0o_b&sid=DlF6k58O9jyTdgOQAAHp
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol
HTTP/1.1
Server
167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
04f1571d324ef474b6f8dc184f577adfecae6dac1b355e90afe3d063bd8f592a

Request headers

Accept
*/*
Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
http://cottonsettle.com
Date
Tue, 16 Feb 2021 18:03:46 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
58
Content-Type
text/plain; charset=UTF-8
/
167.71.164.19/socket.io/
2 B
292 B
XHR
General
Full URL
http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUi0p12&sid=DlF6k58O9jyTdgOQAAHp
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol
HTTP/1.1
Server
167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept
*/*
Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
http://cottonsettle.com
Date
Tue, 16 Feb 2021 18:03:46 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2
Content-Type
text/html
/
167.71.164.19/socket.io/
154 B
462 B
XHR
General
Full URL
http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUi0p2U&sid=DlF6k58O9jyTdgOQAAHp
Requested by
Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol
HTTP/1.1
Server
167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
810e5f48e78ecda19a08888ebf12b011d7276213ed1abb0c2dd9787f60ffcdcb

Request headers

Accept
*/*
Referer
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
http://cottonsettle.com
Date
Tue, 16 Feb 2021 18:03:46 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
154
Content-Type
text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| io function| Validate_Inputs function| showClavierAllUser function| hideClavierAllUser function| showClavierLetter function| showmethenumbers

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cottonsettle.com
extreme-ip-lookup.com
nppharmacr.com
109.236.91.3
167.71.164.19
190.0.230.213
2a04:4e42:1b::621
34.65.247.156
0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6
04258540eb8227e0cfc2e4ba864e2bca340307f1d19490c7764d1d5f95743761
04f1571d324ef474b6f8dc184f577adfecae6dac1b355e90afe3d063bd8f592a
0b0d46c8058250105cbbae5ccadbc5544f444d7768682d680d60ac104292be5c
239f777618776c44c61cd23a6f29fd1675ba623bed933b08fe4fc025bdefd2f1
23cdc1a1a37aec0772041269bb2b2aae57c56843afcef2e55c8478b1401c8447
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
329e16a83d6cf2fe731f9ac91d02151bac3f568996a0629725d64d5d954b2fc0
3b988cd351ae564ea7ea3270e9a327f1ccad0a2d9b042791f683dc293f9bd73f
3d2e1bc9033812befefefdbc18a1915550a317f307f812cb9061ab625c012029
405d0e716fd0eb2813aada2e0ce1d1fc7233e09096a2a9c41eff7f99dff81b65
48743495faf319c7a89b72aa09dfc0fae3bacd239cf9723d078768dff70eed97
5673ce875286e3de66805a301db623b5957d27b1e6390cb821f4f026da7d4151
6f179e6710440b5c7b85794c0ce63eb9da8937450b8aa4aa00c0902ce2e94201
76215343c758ef1a64028aec789f8f2ea6f43aafd4c6dd7cff675f6f62a2a08e
810e5f48e78ecda19a08888ebf12b011d7276213ed1abb0c2dd9787f60ffcdcb
880e5de7217c08f95836f65f2db4c4c6d22f9da841d423025d9654099895c133
ba68aba7d0bb29ff7c5ec6e88c0d947845b32f0c424288787750d2e7b4fb64f6
c05e6c8ebda14ec680f08dd4cb01570c7b63835cfad9710f68ff3b66ed098e38
c6abb7dc205161615a358f10828f9b9ab36503aa536c8a2a38d5d6f197a3833b
d93a7c5b72be76967e956c28d24b991c5b7bac2eb1c9b28bac3368aecef7791a
f988532bc628ded544495197541be3b11607360ce6bfe2e109a49abb9832e0b2