cottonsettle.com
Open in
urlscan Pro
34.65.247.156
Malicious Activity!
Public Scan
Effective URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Submission: On February 16 via manual from US
Summary
This is the only time cottonsettle.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 190.0.230.213 190.0.230.213 | 263713 (Server Lo...) (Server Lodge S.A.) | |
16 | 34.65.247.156 34.65.247.156 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a04:4e42:1b:... 2a04:4e42:1b::621 | 54113 (FASTLY) (FASTLY) | |
5 | 167.71.164.19 167.71.164.19 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 109.236.91.3 109.236.91.3 | 49981 (WORLDSTREAM) (WORLDSTREAM) | |
24 | 5 |
ASN263713 (Server Lodge S.A., CR)
PTR: sl3.cyberfuel.com
nppharmacr.com |
ASN15169 (GOOGLE, US)
PTR: 156.247.65.34.bc.googleusercontent.com
cottonsettle.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
cottonsettle.com
cottonsettle.com |
294 KB |
2 |
nppharmacr.com
1 redirects
nppharmacr.com |
765 B |
1 |
extreme-ip-lookup.com
extreme-ip-lookup.com |
646 B |
1 |
jsdelivr.net
cdn.jsdelivr.net |
22 KB |
24 | 4 |
Domain | Requested by | |
---|---|---|
16 | cottonsettle.com |
cottonsettle.com
|
2 | nppharmacr.com | 1 redirects |
1 | extreme-ip-lookup.com |
cottonsettle.com
|
1 | cdn.jsdelivr.net |
cottonsettle.com
|
24 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
easybankingbusiness.bnpparibasfortis.be |
Subject Issuer | Validity | Valid | |
---|---|---|---|
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2020-10-26 - 2021-04-17 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Frame ID: 5CAD79DC6D32315ACFFF41DFC60501AE
Requests: 24 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://nppharmacr.com//bb
HTTP 301
http://nppharmacr.com/bb/ Page URL
- http://cottonsettle.com/bnpparibasfortis/clientv2/app.html Page URL
Detected technologies
Node.js (Programming Languages) ExpandDetected patterns
- script /socket\.io.*\.js/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Socket.io (JavaScript Frameworks) Expand
Detected patterns
- script /socket\.io.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Easy Banking Business
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nppharmacr.com//bb
HTTP 301
http://nppharmacr.com/bb/ Page URL
- http://cottonsettle.com/bnpparibasfortis/clientv2/app.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://nppharmacr.com//bb HTTP 301
- http://nppharmacr.com/bb/
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
nppharmacr.com/bb/ Redirect Chain
|
177 B 504 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
app.html
cottonsettle.com/bnpparibasfortis/clientv2/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cottonsettle.com/bnpparibasfortis/clientv2/js/ |
86 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
socket.io.js
cottonsettle.com/bnpparibasfortis/clientv2/js/ |
67 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ |
912 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ |
11 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spinner.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_approve.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cle_approve.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sms.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ |
945 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/ |
150 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
server.js
cottonsettle.com/bnpparibasfortis/clientv2/js/ |
14 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
167.71.164.19/socket.io/ |
103 B 411 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login.html
cottonsettle.com/bnpparibasfortis/clientv2/divs/ |
7 KB 7 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
extreme-ip-lookup.com/json/ |
386 B 646 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ |
36 KB 36 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
welcome.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
foot.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
167.71.164.19/socket.io/ |
2 B 292 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
167.71.164.19/socket.io/ |
58 B 365 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
167.71.164.19/socket.io/ |
2 B 292 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
167.71.164.19/socket.io/ |
154 B 462 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| io function| Validate_Inputs function| showClavierAllUser function| hideClavierAllUser function| showClavierLetter function| showmethenumbers0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cottonsettle.com
extreme-ip-lookup.com
nppharmacr.com
109.236.91.3
167.71.164.19
190.0.230.213
2a04:4e42:1b::621
34.65.247.156
0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6
04258540eb8227e0cfc2e4ba864e2bca340307f1d19490c7764d1d5f95743761
04f1571d324ef474b6f8dc184f577adfecae6dac1b355e90afe3d063bd8f592a
0b0d46c8058250105cbbae5ccadbc5544f444d7768682d680d60ac104292be5c
239f777618776c44c61cd23a6f29fd1675ba623bed933b08fe4fc025bdefd2f1
23cdc1a1a37aec0772041269bb2b2aae57c56843afcef2e55c8478b1401c8447
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
329e16a83d6cf2fe731f9ac91d02151bac3f568996a0629725d64d5d954b2fc0
3b988cd351ae564ea7ea3270e9a327f1ccad0a2d9b042791f683dc293f9bd73f
3d2e1bc9033812befefefdbc18a1915550a317f307f812cb9061ab625c012029
405d0e716fd0eb2813aada2e0ce1d1fc7233e09096a2a9c41eff7f99dff81b65
48743495faf319c7a89b72aa09dfc0fae3bacd239cf9723d078768dff70eed97
5673ce875286e3de66805a301db623b5957d27b1e6390cb821f4f026da7d4151
6f179e6710440b5c7b85794c0ce63eb9da8937450b8aa4aa00c0902ce2e94201
76215343c758ef1a64028aec789f8f2ea6f43aafd4c6dd7cff675f6f62a2a08e
810e5f48e78ecda19a08888ebf12b011d7276213ed1abb0c2dd9787f60ffcdcb
880e5de7217c08f95836f65f2db4c4c6d22f9da841d423025d9654099895c133
ba68aba7d0bb29ff7c5ec6e88c0d947845b32f0c424288787750d2e7b4fb64f6
c05e6c8ebda14ec680f08dd4cb01570c7b63835cfad9710f68ff3b66ed098e38
c6abb7dc205161615a358f10828f9b9ab36503aa536c8a2a38d5d6f197a3833b
d93a7c5b72be76967e956c28d24b991c5b7bac2eb1c9b28bac3368aecef7791a
f988532bc628ded544495197541be3b11607360ce6bfe2e109a49abb9832e0b2