cottonsettle.com Open in urlscan Pro
34.65.247.156 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nppharmacr.com//bb
Effective URL:
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Submission: On February 16 via api (February 16th 2021, 5:09:58 pm UTC) from BE

Summary HTTP 24 Redirects Links 1 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 24 HTTP transactions. The main IP is 34.65.247.156, located in Zurich, Switzerland and belongs to GOOGLE, US. The main domain is cottonsettle.com.

This is the only time cottonsettle.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 2	190.0.230.213 190.0.230.213		263713 (Server Lo...) (Server Lodge S.A.)
16	34.65.247.156 34.65.247.156		15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:1b:... 2a04:4e42:1b::621		54113 (FASTLY) (FASTLY)
5	167.71.164.19 167.71.164.19		14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	109.236.91.3 109.236.91.3		49981 (WORLDSTREAM) (WORLDSTREAM)
24	5

2 190.0.230.213 (Santa Ana, Costa Rica) 1 redirects

ASN263713 (Server Lodge S.A., CR)
PTR: sl3.cyberfuel.com

nppharmacr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 34.65.247.156 (Zurich, Switzerland)

ASN15169 (GOOGLE, US)
PTR: 156.247.65.34.bc.googleusercontent.com

cottonsettle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 167.71.164.19 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

167.71.164.19	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.236.91.3 (Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: customer.worldstream.nl

extreme-ip-lookup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	cottonsettle.com cottonsettle.com	294 KB
2	nppharmacr.com 1 redirects nppharmacr.com	765 B
1	extreme-ip-lookup.com extreme-ip-lookup.com	646 B
1	jsdelivr.net cdn.jsdelivr.net	22 KB
24	4

	Domain	Requested by
16	cottonsettle.com	cottonsettle.com
2	nppharmacr.com	1 redirects
1	extreme-ip-lookup.com	cottonsettle.com
1	cdn.jsdelivr.net	cottonsettle.com
24	4

This site contains links to these domains. Also see Links.

Domain
easybankingbusiness.bnpparibasfortis.be

Subject Issuer	Validity	Valid
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh

This page contains 1 frames:

Primary Page: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Frame ID: 61D878EAF88A1C8A5C1214F0780FF15F
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://nppharmacr.com//bb HTTP 301
http://nppharmacr.com/bb/ Page URL
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html Page URL

Detected technologies

Node.js (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /socket\.io.*\.js/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /socket\.io.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

24
Requests

4 %
HTTPS

20 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

319 kB
Transfer

440 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://easybankingbusiness.bnpparibasfortis.be/?axes1=nl&axes4=rpb
Title: Easy Banking Business

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nppharmacr.com//bb HTTP 301
http://nppharmacr.com/bb/ Page URL
http://cottonsettle.com/bnpparibasfortis/clientv2/app.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://nppharmacr.com//bb HTTP 301
http://nppharmacr.com/bb/

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
nppharmacr.com/bb/
Redirect Chain

http://nppharmacr.com//bb
http://nppharmacr.com/bb/

177 B
504 B

171ms
171ms

Document
text/html

190.0.230.213
Server Lodge S.A.

General

Check archive.org

Show headers Download Go to

Full URL: http://nppharmacr.com/bb/
Protocol: HTTP/1.1
Server: 190.0.230.213 Santa Ana, Costa Rica, ASN263713 (Server Lodge S.A., CR),
Reverse DNS: sl3.cyberfuel.com
Software: nginx / PleskLin
Resource Hash: c05e6c8ebda14ec680f08dd4cb01570c7b63835cfad9710f68ff3b66ed098e38

Request headers

Host: nppharmacr.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Tue, 16 Feb 2021 17:09:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Accel-Version: 0.01
Last-Modified: Tue, 16 Feb 2021 15:22:08 GMT
ETag: W/"b1-5bb75aa670800"
X-Cache-Status: BYPASS
X-Powered-By: PleskLin
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Tue, 16 Feb 2021 17:09:41 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 233
Connection: keep-alive
Location: http://nppharmacr.com/bb/
X-Cache-Status: BYPASS
X-Powered-By: PleskLin

GET
H/1.1 200
OK Primary Request app.html Show response
cottonsettle.com/bnpparibasfortis/clientv2/ 2 KB
2 KB 55ms
42ms Document
text/html 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 0b0d46c8058250105cbbae5ccadbc5544f444d7768682d680d60ac104292be5c

Request headers

Host: cottonsettle.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://nppharmacr.com/bb/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://nppharmacr.com/bb/

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Server: Apache
Last-Modified: Sat, 13 Feb 2021 09:24:06 GMT
Accept-Ranges: bytes
Content-Length: 1608
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET
H/1.1 200
OK jquery.min.js Show response
cottonsettle.com/bnpparibasfortis/clientv2/js/ 86 KB
86 KB 29ms
27ms Script
application/javascript 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/jquery.min.js
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Fri, 08 Nov 2019 20:47:20 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 88145

GET
H/1.1 200
OK socket.io.js Show response
cottonsettle.com/bnpparibasfortis/clientv2/js/ 67 KB
67 KB 88ms
29ms Script
application/javascript 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 5673ce875286e3de66805a301db623b5957d27b1e6390cb821f4f026da7d4151

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Fri, 08 Nov 2019 20:47:20 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 68694

GET
H/1.1 200
OK login.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ 15 KB
15 KB 458ms
444ms Stylesheet
text/css 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/css/login.css
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 76215343c758ef1a64028aec789f8f2ea6f43aafd4c6dd7cff675f6f62a2a08e

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Thu, 11 Feb 2021 02:19:42 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 15425

GET
H/1.1 200
OK loading.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ 912 B
1 KB 57ms
43ms Stylesheet
text/css 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/css/loading.css
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 880e5de7217c08f95836f65f2db4c4c6d22f9da841d423025d9654099895c133

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Wed, 10 Feb 2021 23:49:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 912

GET
H/1.1 200
OK app.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ 11 KB
11 KB 55ms
41ms Stylesheet
text/css 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/css/app.css
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: f988532bc628ded544495197541be3b11607360ce6bfe2e109a49abb9832e0b2

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Tue, 09 Feb 2021 18:58:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 11442

GET
H/1.1 200
OK spinner.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ 1 KB
2 KB 54ms
40ms Stylesheet
text/css 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/css/spinner.css
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 48743495faf319c7a89b72aa09dfc0fae3bacd239cf9723d078768dff70eed97

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Fri, 03 Jul 2020 23:33:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1529

GET
H/1.1 200
OK app_approve.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ 1 KB
2 KB 55ms
42ms Stylesheet
text/css 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/css/app_approve.css
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 6f179e6710440b5c7b85794c0ce63eb9da8937450b8aa4aa00c0902ce2e94201

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Sat, 04 Jul 2020 21:09:24 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1379

GET
H/1.1 200
OK cle_approve.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ 3 KB
3 KB 80ms
26ms Stylesheet
text/css 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/css/cle_approve.css
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 23cdc1a1a37aec0772041269bb2b2aae57c56843afcef2e55c8478b1401c8447

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Sun, 05 Jul 2020 03:41:08 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2939

GET
H/1.1 200
OK sms.css
cottonsettle.com/bnpparibasfortis/clientv2/css/ 945 B
1 KB 85ms
29ms Stylesheet
text/css 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/css/sms.css
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: c6abb7dc205161615a358f10828f9b9ab36503aa536c8a2a38d5d6f197a3833b

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Sun, 05 Jul 2020 19:33:22 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 945

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/ 150 KB
22 KB 21ms
6ms Stylesheet
text/css 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/bootstrap.min.css

Requested by

Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/

Resource Hash

0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: http://cottonsettle.com
Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 583829
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 22599
etag: W/"25617-q3SIoVyTmtfFSq15BDC3uaLXfq4"
x-served-by: cache-fra19137-FRA, cache-hhn4049-HHN
date: Tue, 16 Feb 2021 17:09:41 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK footer.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ 19 KB
19 KB 28ms
27ms Image
image/jpeg 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/footer.jpg
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 3b988cd351ae564ea7ea3270e9a327f1ccad0a2d9b042791f683dc293f9bd73f

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Thu, 31 Dec 2020 07:39:02 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 19254

GET
H/1.1 200
OK server.js Show response
cottonsettle.com/bnpparibasfortis/clientv2/js/ 14 KB
14 KB 28ms
27ms Script
application/javascript 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/server.js
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 329e16a83d6cf2fe731f9ac91d02151bac3f568996a0629725d64d5d954b2fc0

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Tue, 16 Feb 2021 17:09:41 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 14562

GET
H/1.1 200
OK / Show response
167.71.164.19/socket.io/ 103 B
411 B 191ms
96ms XHR
text/plain 167.71.164.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUhqQ-X
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol: HTTP/1.1
Server: 167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 93cb4ee6acc1f796116f6be76e927f41a50bde2cc3d99e1ca8ea8e27c95ccc9f

Request headers

Accept: */*
Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: http://cottonsettle.com
Date: Tue, 16 Feb 2021 17:09:42 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 103
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK Login.html Show response
cottonsettle.com/bnpparibasfortis/clientv2/divs/ 7 KB
7 KB 28ms
28ms Fetch
text/html 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/divs/Login.html
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/server.js
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 239f777618776c44c61cd23a6f29fd1675ba623bed933b08fe4fc025bdefd2f1

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Tue, 09 Feb 2021 09:37:58 GMT
Server: Apache
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 6943

GET
H/1.1 200
(OK) / Show response
extreme-ip-lookup.com/json/ 386 B
646 B 33ms
20ms Fetch
application/json 109.236.91.3
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: http://extreme-ip-lookup.com/json/
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/server.js
Protocol: HTTP/1.1
Server: 109.236.91.3 , Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx /
Resource Hash: ba68aba7d0bb29ff7c5ec6e88c0d947845b32f0c424288787750d2e7b4fb64f6

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Server: nginx
Content-Type: application/json; charset=utf-8;
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 386

GET
H/1.1 200
OK sprite.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ 36 KB
36 KB 29ms
28ms Image
image/jpeg 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/sprite.jpg
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 405d0e716fd0eb2813aada2e0ce1d1fc7233e09096a2a9c41eff7f99dff81b65

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Thu, 17 Dec 2020 03:26:44 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 37050

GET
H/1.1 200
OK welcome.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ 12 KB
12 KB 29ms
28ms Image
image/jpeg 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/welcome.jpg
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d93a7c5b72be76967e956c28d24b991c5b7bac2eb1c9b28bac3368aecef7791a

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Thu, 31 Dec 2020 06:58:16 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 11911

GET
H/1.1 200
OK foot.jpg
cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/ 14 KB
14 KB 27ms
27ms Image
image/jpeg 34.65.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://cottonsettle.com/bnpparibasfortis/clientv2/imgs/favicon/foot.jpg
Protocol: HTTP/1.1
Server: 34.65.247.156 Zurich, Switzerland, ASN15169 (GOOGLE, US),
Reverse DNS: 156.247.65.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 04258540eb8227e0cfc2e4ba864e2bca340307f1d19490c7764d1d5f95743761

Request headers

Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Feb 2021 17:09:41 GMT
Last-Modified: Thu, 31 Dec 2020 07:20:18 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 13906

POST
H/1.1 200
OK / Show response
167.71.164.19/socket.io/ 2 B
292 B 96ms
95ms XHR
text/html 167.71.164.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUhqR1a&sid=W3z62fQQ_sNaseGwAAGB
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol: HTTP/1.1
Server: 167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: */*
Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: http://cottonsettle.com
Date: Tue, 16 Feb 2021 17:09:42 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 2
Content-Type: text/html

GET
H/1.1 200
OK / Show response
167.71.164.19/socket.io/ 58 B
365 B 190ms
95ms XHR
text/plain 167.71.164.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUhqR1a.0&sid=W3z62fQQ_sNaseGwAAGB
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol: HTTP/1.1
Server: 167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: c45057ef058253aa7f05c6fa5cc791e59c0c0d9b42fa921fe4d6f449949b3446

Request headers

Accept: */*
Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: http://cottonsettle.com
Date: Tue, 16 Feb 2021 17:09:42 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 58
Content-Type: text/plain; charset=UTF-8

POST
H/1.1 200
OK / Show response
167.71.164.19/socket.io/ 2 B
292 B 95ms
95ms XHR
text/html 167.71.164.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUhqR35&sid=W3z62fQQ_sNaseGwAAGB
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol: HTTP/1.1
Server: 167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Accept: */*
Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: http://cottonsettle.com
Date: Tue, 16 Feb 2021 17:09:42 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 2
Content-Type: text/html

GET
H/1.1 200
OK / Show response
167.71.164.19/socket.io/ 154 B
462 B 95ms
95ms XHR
text/plain 167.71.164.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://167.71.164.19:4000/socket.io/?EIO=3&transport=polling&t=NUhqR4a&sid=W3z62fQQ_sNaseGwAAGB
Requested by: Host: cottonsettle.com
URL: http://cottonsettle.com/bnpparibasfortis/clientv2/js/socket.io.js
Protocol: HTTP/1.1
Server: 167.71.164.19 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: 23e45b8ca1d346aeb2e30ab95652d5504068c793e9a77c5ad75d82f7ce3403da

Request headers

Accept: */*
Referer: http://cottonsettle.com/bnpparibasfortis/clientv2/app.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: http://cottonsettle.com
Date: Tue, 16 Feb 2021 17:09:42 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 154
Content-Type: text/plain; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| io function| Validate_Inputs function| showClavierAllUser function| hideClavierAllUser function| showClavierLetter function| showmethenumbers

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cottonsettle.com
extreme-ip-lookup.com
nppharmacr.com
109.236.91.3
167.71.164.19
190.0.230.213
2a04:4e42:1b::621
34.65.247.156
0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6
04258540eb8227e0cfc2e4ba864e2bca340307f1d19490c7764d1d5f95743761
0b0d46c8058250105cbbae5ccadbc5544f444d7768682d680d60ac104292be5c
239f777618776c44c61cd23a6f29fd1675ba623bed933b08fe4fc025bdefd2f1
23cdc1a1a37aec0772041269bb2b2aae57c56843afcef2e55c8478b1401c8447
23e45b8ca1d346aeb2e30ab95652d5504068c793e9a77c5ad75d82f7ce3403da
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
329e16a83d6cf2fe731f9ac91d02151bac3f568996a0629725d64d5d954b2fc0
3b988cd351ae564ea7ea3270e9a327f1ccad0a2d9b042791f683dc293f9bd73f
405d0e716fd0eb2813aada2e0ce1d1fc7233e09096a2a9c41eff7f99dff81b65
48743495faf319c7a89b72aa09dfc0fae3bacd239cf9723d078768dff70eed97
5673ce875286e3de66805a301db623b5957d27b1e6390cb821f4f026da7d4151
6f179e6710440b5c7b85794c0ce63eb9da8937450b8aa4aa00c0902ce2e94201
76215343c758ef1a64028aec789f8f2ea6f43aafd4c6dd7cff675f6f62a2a08e
880e5de7217c08f95836f65f2db4c4c6d22f9da841d423025d9654099895c133
93cb4ee6acc1f796116f6be76e927f41a50bde2cc3d99e1ca8ea8e27c95ccc9f
ba68aba7d0bb29ff7c5ec6e88c0d947845b32f0c424288787750d2e7b4fb64f6
c05e6c8ebda14ec680f08dd4cb01570c7b63835cfad9710f68ff3b66ed098e38
c45057ef058253aa7f05c6fa5cc791e59c0c0d9b42fa921fe4d6f449949b3446
c6abb7dc205161615a358f10828f9b9ab36503aa536c8a2a38d5d6f197a3833b
d93a7c5b72be76967e956c28d24b991c5b7bac2eb1c9b28bac3368aecef7791a
f988532bc628ded544495197541be3b11607360ce6bfe2e109a49abb9832e0b2