cottonsllps.com
Open in
urlscan Pro
167.88.36.216
Public Scan
Submitted URL: https://www.turnkeyinterior.org.user-os.co/
Effective URL: https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVud...
Submission: On July 29 via automatic, source openphish — Scanned from CH
Effective URL: https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVud...
Submission: On July 29 via automatic, source openphish — Scanned from CH
Summary
This website contacted 4 IPs
in 3 countries
across 4 domains to perform 6 HTTP transactions.
The main IP is 167.88.36.216, located in
Canada and
belongs to .
The main domain is cottonsllps.com.
TLS certificate: Issued by R11 on July 16th 2024. Valid for: 3 months.
This is the only time cottonsllps.com was scanned on urlscan.io!
TLS certificate: Issued by R11 on July 16th 2024. Valid for: 3 months.
This is the only time cottonsllps.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 179.43.170.230 179.43.170.230 | () () | |
| 4 8 | 167.88.36.216 167.88.36.216 | () () | |
| 1 | 40.126.31.67 40.126.31.67 | () () | |
| 6 | 4 |
1
179.43.170.230
(Zurich, Switzerland)
ASN- ()
PTR: hostedby.privatelayer.com
ASN- ()
PTR: hostedby.privatelayer.com
| www.turnkeyinterior.org.user-os.co |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
cottonsllps.com
3 redirects
cottonsllps.com |
65 KB |
| 1 |
live.com
login.live.com — Cisco Umbrella Rank: 37 |
|
| 1 |
server02939.com
1 redirects
server02939.com |
593 B |
| 1 |
user-os.co
www.turnkeyinterior.org.user-os.co |
661 B |
| 6 | 4 |
| Domain | Requested by | |
|---|---|---|
| 7 | cottonsllps.com |
3 redirects
www.turnkeyinterior.org.user-os.co
cottonsllps.com |
| 1 | login.live.com |
cottonsllps.com
|
| 1 | server02939.com | 1 redirects |
| 1 | www.turnkeyinterior.org.user-os.co | |
| 6 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| cpcontacts.turnkeyinterior.org R10 |
2024-07-20 - 2024-10-18 |
3 months | crt.sh |
| cottonsllps.com R11 |
2024-07-16 - 2024-10-14 |
3 months | crt.sh |
| login.live.com DigiCert SHA2 Secure Server CA |
2024-05-09 - 2025-05-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NzJkYWJkYTctNDdiOS02OWQwLWJlZGQtZTE2YWE3YjJiYTg0JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3ODU4ODg0Nzk1MTQ4MS42ZjZkODg4OS0xZmZiLTRjNDUtYjEzMi03MzUwN2YxYzFlZGEmc3RhdGU9RFl0QkVvQWdDQUN4cHVlUWtpRDRITFc0ZHV6N2NkaWQyY01tQU5pRExVZ2xCTnFxaVpxWUdXc1hZcU96ZWJ1ak81TDdSRjRzT0tsZXFGV0tPaTE2N3BIaVBmTDdqZndE
Frame ID: EA68E4AFE689D60BD05B35A22802AEFC
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.turnkeyinterior.org.user-os.co/ Page URL
-
https://server02939.com/?fmuzrlbo
HTTP 302
https://cottonsllps.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2NvdHRvbn... HTTP 302
https://cottonsllps.com/ HTTP 301
https://cottonsllps.com/owa/ HTTP 302
https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvY... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.turnkeyinterior.org.user-os.co/ Page URL
-
https://server02939.com/?fmuzrlbo
HTTP 302
https://cottonsllps.com/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2NvdHRvbnNsbHBzLmNvbS8iLCJkb21haW4iOiJjb3R0b25zbGxwcy5jb20iLCJrZXkiOiJWS3VPU3RXTzE5OTMiLCJxcmMiOm51bGwsImlhdCI6MTcyMjI2MjA4MSwiZXhwIjoxNzIyMjYyMjAxfQ.ZSUeKdJQHEZCxQO8CizZIlh-a_IpNcYMYoHxCUH2Vpw HTTP 302
https://cottonsllps.com/ HTTP 301
https://cottonsllps.com/owa/ HTTP 302
https://cottonsllps.com/?acpdby8y7=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9NzJkYWJkYTctNDdiOS02OWQwLWJlZGQtZTE2YWE3YjJiYTg0JnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODU3ODU4ODg0Nzk1MTQ4MS42ZjZkODg4OS0xZmZiLTRjNDUtYjEzMi03MzUwN2YxYzFlZGEmc3RhdGU9RFl0QkVvQWdDQUN4cHVlUWtpRDRITFc0ZHV6N2NkaWQyY01tQU5pRExVZ2xCTnFxaVpxWUdXc1hZcU96ZWJ1ak81TDdSRjRzT0tsZXFGV0tPaTE2N3BIaVBmTDdqZndE Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
www.turnkeyinterior.org.user-os.co/ |
921 B 661 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
cottonsllps.com/ Redirect Chain
|
38 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
341 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
converged.v2.login.min_mc5ac6ol0l4d2iaqspstyg2.css
cottonsllps.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
111 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ConvergedLogin_PCore_Q3A1xKaK6oPrhbQSUwvJBQ2.js
cottonsllps.com/aadcdn.msauth.net/~/shared/1.0/content/js/ |
185 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ux.converged.login.strings-de.min_mwkrjugjbdtxzv3fly3p-q2.js
cottonsllps.com/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ |
61 KB 19 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| c object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData16 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| server02939.com/ | Name: qPdM Value: VKuOStWO1993 |
|
| server02939.com/ | Name: qPdM.sig Value: NhP4ZWZ10oxXU1_DVbcAKudaGNE |
|
| cottonsllps.com/ | Name: qPdM Value: VKuOStWO1993 |
|
| cottonsllps.com/ | Name: qPdM.sig Value: NhP4ZWZ10oxXU1_DVbcAKudaGNE |
|
| cottonsllps.com/ | Name: ClientId Value: 0D2120811DC74BCD87D724CB484EAA62 |
|
| cottonsllps.com/ | Name: OIDC Value: 1 |
|
| cottonsllps.com/ | Name: OpenIdConnect.nonce.v3.QQMF_c_J1HC4tpfqWoiUhqCL4MQgzeeH2ZnBfQs7T0w Value: 638578588847951481.6f6d8889-1ffb-4c45-b132-73507f1c1eda |
|
| cottonsllps.com/ | Name: X-OWA-RedirectHistory Value: ArLym14Bec5z3dev3Ag |
|
| cottonsllps.com/ | Name: buid Value: 0.AXEBMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYxaDR9WO1zktOOOTsZIoCOVm8SiAY1X-K-N_gDgGqZApOUqTViCjsqlTIcFjTPG1M21K_CLW6dEQiQk58LCnJm_yl-_Tfazq3_AOBFvq9AgEgAA |
|
| .cottonsllps.com/ | Name: esctx Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYJgbF2w-QtQr3HO1x0PDhh_546hCFP_gN5kF3uVgimNJHf7u1ZDTFJQnkQvwJqZb_2qnHNzPSWJbu2R9oXDFf_ufn5MHNcX0oj-NASjZeMCc14YaQiGVYfsnKyZw6xCW2DDmLUkh3ukQEkpKDLjOOL_klI9Cny7qffaZXNeepX6EgAA |
|
| .cottonsllps.com/ | Name: esctx-tAUDkNYJWRM Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYeCs1ily0evZIGkm0DXPNDcHnaFRZKCbulzlOfWs6mJ2f0x7ToTiJxLufDwopEwz8jVzsoz1ikc4P6y2jBN0atSiueBAuiWRHBsosa_HUwchffGKCDsEfWMKmmclPCXDdFFZrrcea6Wu9JlFjH-OrMyAA |
|
| cottonsllps.com/ | Name: fpc Value: Aq2mkGnFNJJHgxsCYyLjNVierOTJAQAAAEWZOd4OAAAA |
|
| cottonsllps.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
| cottonsllps.com/ | Name: stsservicecookie Value: estsfd |
|
| .login.live.com/ | Name: uaid Value: 0eb3e5c3a501460fa0e77d9f1a023caf |
|
| .login.live.com/ | Name: MSPRequ Value: id=N<=1722262090&co=1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cottonsllps.com
login.live.com
server02939.com
www.turnkeyinterior.org.user-os.co
167.88.36.216
179.43.170.230
40.126.31.67
82d5741a453e8429bf3f3c686e0120d771bfb0156a1bfa878e8a9ac3e1745621
8b81b6dbb9af6502d78abe8a85d135861848e0597989901da42c62ecb841a07d
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221
c3726f297fa7bfbf444de4a62e7d9ac0adc4ba0b816018e43fc85ad609663260
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855