cottonsllps.com
Open in
urlscan Pro
167.88.36.216
Public Scan
Effective URL: https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVud...
Submission: On July 29 via automatic, source openphish — Scanned from CH
Summary
TLS certificate: Issued by R11 on July 16th 2024. Valid for: 3 months.
This is the only time cottonsllps.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 179.43.170.230 179.43.170.230 | () () | |
4 8 | 167.88.36.216 167.88.36.216 | () () | |
1 | 20.190.159.68 20.190.159.68 | () () | |
6 | 4 |
ASN- ()
PTR: hostedby.privatelayer.com
turnkeyinterior.org.user-os.co |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
cottonsllps.com
3 redirects
cottonsllps.com |
65 KB |
1 |
live.com
login.live.com — Cisco Umbrella Rank: 37 |
|
1 |
server02939.com
1 redirects
server02939.com |
593 B |
1 |
user-os.co
turnkeyinterior.org.user-os.co |
661 B |
6 | 4 |
Domain | Requested by | |
---|---|---|
7 | cottonsllps.com |
3 redirects
turnkeyinterior.org.user-os.co
cottonsllps.com |
1 | login.live.com |
cottonsllps.com
|
1 | server02939.com | 1 redirects |
1 | turnkeyinterior.org.user-os.co | |
6 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpcontacts.turnkeyinterior.org R10 |
2024-07-20 - 2024-10-18 |
3 months | crt.sh |
cottonsllps.com R11 |
2024-07-16 - 2024-10-14 |
3 months | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2024-05-09 - 2025-05-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2JlMzYwNDMtN2ZjNC0yMDE5LWY4ODEtZDgyN2YwOTUxZGFlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3ODU4ODg0MTM4OTQ5My5jM2ZlYWIyMi03ZmU0LTQ3OWEtOGU0Mi01NWY0NzJkNGY4NzEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallBd2ZJY2VKR2xwTHJ5X0ZiTGNGQU5hMHBISmt3RTUyTlZkM2w4YmVwZk4tYzh4eEVhSEZGQlRyQTMwS29XcUkwU1BoMWtxLVczMl9VWDg=
Frame ID: D548D5283B8BF1C0F7D63617BDC410F7
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://turnkeyinterior.org.user-os.co/
HTTP 307
https://turnkeyinterior.org.user-os.co/ Page URL
-
https://server02939.com/?fmuzrlbo
HTTP 302
https://cottonsllps.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2NvdHRvbn... HTTP 302
https://cottonsllps.com/ HTTP 301
https://cottonsllps.com/owa/ HTTP 302
https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvY... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://turnkeyinterior.org.user-os.co/
HTTP 307
https://turnkeyinterior.org.user-os.co/ Page URL
-
https://server02939.com/?fmuzrlbo
HTTP 302
https://cottonsllps.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2NvdHRvbnNsbHBzLmNvbS8iLCJkb21haW4iOiJjb3R0b25zbGxwcy5jb20iLCJrZXkiOiJGUVZiNHp2VDFYS2kiLCJxcmMiOm51bGwsImlhdCI6MTcyMjI2MjA4MiwiZXhwIjoxNzIyMjYyMjAyfQ.-VH1rcl1z8GiPycqz-t2Y18nbtbKDIXYSmayyOvanQ4 HTTP 302
https://cottonsllps.com/ HTTP 301
https://cottonsllps.com/owa/ HTTP 302
https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9Y2JlMzYwNDMtN2ZjNC0yMDE5LWY4ODEtZDgyN2YwOTUxZGFlJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3ODU4ODg0MTM4OTQ5My5jM2ZlYWIyMi03ZmU0LTQ3OWEtOGU0Mi01NWY0NzJkNGY4NzEmc3RhdGU9RGNzN0ZvQXdDQUJCb3NfallBd2ZJY2VKR2xwTHJ5X0ZiTGNGQU5hMHBISmt3RTUyTlZkM2w4YmVwZk4tYzh4eEVhSEZGQlRyQTMwS29XcUkwU1BoMWtxLVczMl9VWDg= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://turnkeyinterior.org.user-os.co/ HTTP 307
- https://turnkeyinterior.org.user-os.co/
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
turnkeyinterior.org.user-os.co/ Redirect Chain
|
921 B 661 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
cottonsllps.com/ Redirect Chain
|
38 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
341 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
cottonsllps.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ |
111 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
cottonsllps.com/aadcdn.msftauth.net/~/shared/1.0/content/js/ |
217 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-de.min_mwkrjugjbdtxzv3fly3p-q2.js
cottonsllps.com/aadcdn.msftauth.net/~/ests/2.1/content/cdnbundles/ |
61 KB 19 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| c object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData16 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
server02939.com/ | Name: qPdM Value: FQVb4zvT1XKi |
|
server02939.com/ | Name: qPdM.sig Value: o8RBa_PuXdC1Tnj54rPxF6dBVYg |
|
cottonsllps.com/ | Name: qPdM Value: FQVb4zvT1XKi |
|
cottonsllps.com/ | Name: qPdM.sig Value: o8RBa_PuXdC1Tnj54rPxF6dBVYg |
|
cottonsllps.com/ | Name: ClientId Value: 44B0F208434246EE903BCFE5FF306F54 |
|
cottonsllps.com/ | Name: OIDC Value: 1 |
|
cottonsllps.com/ | Name: OpenIdConnect.nonce.v3.qdYXrnxIpyj7KEIwc0fahDs7bmytORDNXlh1AEmyaKY Value: 638578588841389493.c3feab22-7fe4-479a-8e42-55f472d4f871 |
|
cottonsllps.com/ | Name: X-OWA-RedirectHistory Value: ArLym14Bta0P3dev3Ag |
|
cottonsllps.com/ | Name: buid Value: 0.AXUAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYhjRfhoDGCFCtBQHDMxclbM6QKaMAG85mOmZsbnHxmTA08UnqpGQGgYKA0RegLWzQ0VxUnzEJecXZlHPTuwtt7g960dA49EiOWTjXKlJ_d_EgAA |
|
.cottonsllps.com/ | Name: esctx Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYGBycXUEUHm2PNmv7b8tT2l3s6yExlkophFaiZng2I-Fak-P3eMXeVirNjRKGWKloEfhT5lI3D7b1QU-q7O7X7spfbdnoqmLQq46ozV1xIvlaclFHq3dvG7VbGA8as1hf5PqZ68lXdPt997pryPzD45NfcIx_wDA3HyUGpdtAbYogAA |
|
.cottonsllps.com/ | Name: esctx-lbnfQCnKlM Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYzByMWHPQehVnjoEhPQl2XXj4ZBCVYMlEGwA0BPubhCqNPLUPRhtpWWB4gqZZfk3UagvWlzqNzIvqHl1dwUHhoAdHlJ8DTTOHT37ydp-nPEC0ENDcRAr1ZmuMdhnVzFLmwsHNubc9-hjLgz41_HVG8CAA |
|
cottonsllps.com/ | Name: fpc Value: Am6YiK61S2ZCjVLrQH_8JEierOTJAQAAAEaZOd4OAAAA |
|
cottonsllps.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
cottonsllps.com/ | Name: stsservicecookie Value: estsfd |
|
.login.live.com/ | Name: uaid Value: e8cd0f6a42104545b3d4208e9e1a5f9f |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1722262090&co=1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cottonsllps.com
login.live.com
server02939.com
turnkeyinterior.org.user-os.co
167.88.36.216
179.43.170.230
20.190.159.68
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221
c3726f297fa7bfbf444de4a62e7d9ac0adc4ba0b816018e43fc85ad609663260
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f9166f4cc1b0cbff4cde58788a11940ece0cbb97fc8f23c68c1c024c56b28338