sso.cotyinc.com Open in urlscan Pro
13.72.97.48 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.maultalk.com/url.php?to=https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2
Effective URL:
https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163...
Submission: On April 29 via manual (April 29th 2024, 1:55:55 am UTC) from IN — Scanned from NL

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 6 domains to perform 8 HTTP transactions. The main IP is 13.72.97.48, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is sso.cotyinc.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on September 19th 2023. Valid for: a year.

This is the only time sso.cotyinc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	177.221.140.242 177.221.140.242	270014 (GRUPO CG ...) (GRUPO CG LIMITADA)
2 3	185.42.14.179 185.42.14.179	57271 (BITWEB-AS) (BITWEB-AS)
1 2	2603:1027:1:1... 2603:1027:1:158::8	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:2800:233... 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef	15133 (EDGECAST) (EDGECAST)
2 7	13.72.97.48 13.72.97.48	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	4

1 188.114.96.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.maultalk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 177.221.140.242 (Santiago, Chile) 1 redirects

ASN270014 (GRUPO CG LIMITADA, CL)
PTR: cloud242.americahost.cl

www.natwaves.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.42.14.179 (London, United Kingdom) 2 redirects

ASN57271 (BITWEB-AS, RU)

approval-expense.allieddigltalmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2603:1027:1:158::8 (Amsterdam, Netherlands) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.72.97.48 (Washington, United States) 2 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sso.cotyinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	cotyinc.com 2 redirects sso.cotyinc.com	50 KB
3	allieddigltalmedia.com 2 redirects approval-expense.allieddigltalmedia.com	66 KB
2	microsoftonline.com 1 redirects login.microsoftonline.com — Cisco Umbrella Rank: 10	11 KB
1	msftauth.net aadcdn.msftauth.net — Cisco Umbrella Rank: 861	49 KB
1	natwaves.com 1 redirects www.natwaves.com	427 B
1	maultalk.com 1 redirects www.maultalk.com	487 B
8	6

	Domain	Requested by
7	sso.cotyinc.com	2 redirects aadcdn.msftauth.net sso.cotyinc.com
3	approval-expense.allieddigltalmedia.com	2 redirects
2	login.microsoftonline.com	1 redirects
1	aadcdn.msftauth.net	login.microsoftonline.com
1	www.natwaves.com	1 redirects
1	www.maultalk.com	1 redirects
8	6

This site contains no links.

Subject Issuer	Validity	Valid
allieddigltalmedia.com R3	`2024-04-25` - `2024-07-24`	3 months	crt.sh
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2024-02-21` - `2025-02-21`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2023-12-01` - `2024-12-01`	a year	crt.sh
sso.cotyinc.com Sectigo RSA Organization Validation Secure Server CA	`2023-09-19` - `2024-09-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1
Frame ID: 55CE435F2D2AC3958E6F6C23036E50AE
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aanmelden

Page URL History Show full URLs

https://www.maultalk.com/url.php?to=https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy... HTTP 302
https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2 HTTP 302
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t Page URL
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t HTTP 302
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t HTTP 302
https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com Page URL
https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com&sso_reload=true HTTP 302
https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55... Page URL

Page Statistics

8
Requests

88 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

4
IPs

4
Countries

174 kB
Transfer

371 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.maultalk.com/url.php?to=https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2 HTTP 302
https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2 HTTP 302
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t Page URL
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t HTTP 302
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t HTTP 302
https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com Page URL
https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com&sso_reload=true HTTP 302
https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.maultalk.com/url.php?to=https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2 HTTP 302
https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2 HTTP 302
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t

Request Chain 1

https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t HTTP 302
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t HTTP 302
https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com

Request Chain 6

https://sso.cotyinc.com/favicon.ico HTTP 302
https://sso.cotyinc.com/web HTTP 301
https://sso.cotyinc.com/web/

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
approval-expense.allieddigltalmedia.com/
Redirect Chain

https://www.maultalk.com/url.php?to=https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2
https://www.natwaves.com/ri2Pk17i2Pka_saprax0qs3RWO3k17yi2Pns3Rdy9s3RWO3BM2
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t

166 KB
66 KB

1247ms
1125ms

Document
text/html

185.42.14.179
BITWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.42.14.179 London, United Kingdom, ASN57271 (BITWEB-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 8045956f2645b46a7b788010078b2fc9d44831dc8634868e9d4de47cdbda2fe6

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 01:55:51 GMT
server: nginx
vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Mon, 29 Apr 2024 01:55:49 GMT
Keep-Alive: timeout=5, max=100
Location: https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t#/common/authorize?document=0.27516887396349-0ff1-0.28695845011946&auth=10.83108880968349-0.88229436840969
Server: Apache
Transfer-Encoding: chunked

GET
H2

200

/ Show response
login.microsoftonline.com/
Redirect Chain

https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t
https://approval-expense.allieddigltalmedia.com/?organisation=cotyinc.com&dse=cml0aWthX3NhcHJhQGNvdHlpbmMuY29t
https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com

19 KB
10 KB

180ms
41ms

Document
text/html

2603:1027:1:158::8
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2603:1027:1:158::8 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5db7ce3fff3a4394a945f5d589777bfd61a19863dfd1a05b4556f76f48c7437e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Content-Type: application/x-www-form-urlencoded
Origin: https://approval-expense.allieddigltalmedia.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache
content-encoding: gzip
content-length: 8744
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 01:55:53 GMT
expires: -1
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-ms-ests-server: 2.1.17846.6 - NEULR1 ProdSlices
x-ms-request-id: 4ba1716e-57de-44bf-91f6-56d6194e4b00
x-ms-srs: 1.P
x-xss-protection: 0

Redirect headers

content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 01:55:53 GMT
location: https://login.microsoftonline.com?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com
referrer-policy: no-referrer
server: nginx

GET
H2 200 BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js Show response
aadcdn.msftauth.net/shared/1.0/content/js/ 138 KB
49 KB 79ms
21ms Script
application/x-javascript 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
Requested by: Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/4898) /
Resource Hash: 94153f2a6daae35dfcb61dc987e2d4310b7ca021e36375e87d8b8c641c0c6121

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 29 Apr 2024 01:55:53 GMT
content-encoding: gzip
content-md5: 2vlVvyES905PeLIYeo1r7w==
age: 2662064
x-cache: HIT
content-length: 49632
x-ms-lease-status: unlocked
last-modified: Tue, 26 Mar 2024 18:05:49 GMT
server: ECAcc (ama/4898)
etag: 0x8DC4DBF5E20DC85
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b8d4076f-401e-0073-13a2-81d520000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=31536000
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H/1.1

200
OK

Primary Request / Show response
sso.cotyinc.com/adfs/ls/
Redirect Chain

https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com&sso_reload=true
https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederat...

24 KB
24 KB

413ms
117ms

Document
text/html

13.72.97.48
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1

Requested by

Host: aadcdn.msftauth.net
URL: https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.72.97.48 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

fc96c6cc0069f94f208d12dd336085800c163ab9971ad6a5d49eba2a1cbe3bb6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://login.microsoftonline.com/?organisation=cotyinc.com&username=ritika_sapra%40cotyinc.com#/common/authorize?document=0.27516887396349-0ff1-0.28695845011946&auth=10.83108880968349-0.88229436840969
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache,no-store
Content-Length: 24180
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Mon, 29 Apr 2024 01:55:54 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block

Redirect headers

cache-control: no-store, no-cache
content-encoding: gzip
content-length: 594
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 01:55:54 GMT
expires: -1
location: https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1#
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-ms-ests-server: 2.1.17846.6 - SEC ProdSlices
x-ms-request-id: 49404fec-bc6a-4085-bdc3-c1c4914fd700
x-ms-srs: 1.P
x-xss-protection: 0

GET
H/1.1 200
OK style.css
sso.cotyinc.com/adfs/portal/css/ 10 KB
11 KB 186ms
98ms Stylesheet
text/css 13.72.97.48
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://sso.cotyinc.com/adfs/portal/css/style.css?id=3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151

Requested by

Host: sso.cotyinc.com
URL: https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.72.97.48 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

3b1a0c704cdae8ecd48aa8f0d50409d981cef21d7ae6dc85b0797d270101b151

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
X-Content-Type-Options: nosniff
Date: Mon, 29 Apr 2024 01:55:54 GMT
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag: 3B1A0C704CDAE8ECD48AA8F0D50409D981CEF21D7AE6DC85B0797D270101B151
Content-Type: text/css
Content-Length: 10462
X-XSS-Protection: 1; mode=block
Expires: Wed, 29 May 2024 01:55:55 GMT

GET
H/1.1 200
OK logo.png
sso.cotyinc.com/adfs/portal/logo/ 7 KB
7 KB 284ms
97ms Image
image/png 13.72.97.48
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sso.cotyinc.com/adfs/portal/logo/logo.png?id=7D085D8F98C7A4A939EFDBBB48EC826693F272CAF227C52C21DFEAB3111EB916

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.72.97.48 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

7d085d8f98c7a4a939efdbbb48ec826693f272caf227c52c21dfeab3111eb916

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
X-Content-Type-Options: nosniff
Date: Mon, 29 Apr 2024 01:55:54 GMT
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag: 7D085D8F98C7A4A939EFDBBB48EC826693F272CAF227C52C21DFEAB3111EB916
Content-Type: image/png
Content-Length: 6906
X-XSS-Protection: 1; mode=block
Expires: Wed, 29 May 2024 01:55:55 GMT

GET
H/1.1 200
OK illustration.png
sso.cotyinc.com/adfs/portal/illustration/ 6 KB
7 KB 97ms
97ms Image
image/png 13.72.97.48
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sso.cotyinc.com/adfs/portal/illustration/illustration.png?id=367D7AD57B01172BB646E27A11B0E51C3B13815E89456ECBF363B21A9FDE1C99

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.72.97.48 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

367d7ad57b01172bb646e27a11b0e51c3b13815e89456ecbf363b21a9fde1c99

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
X-Content-Type-Options: nosniff
Date: Mon, 29 Apr 2024 01:55:54 GMT
Server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ETag: 367D7AD57B01172BB646E27A11B0E51C3B13815E89456ECBF363B21A9FDE1C99
Content-Type: image/png
Content-Length: 6349
X-XSS-Protection: 1; mode=block
Expires: Wed, 29 May 2024 01:55:55 GMT

GET
H/1.1

200
OK

/
sso.cotyinc.com/web/
Redirect Chain

https://sso.cotyinc.com/favicon.ico
https://sso.cotyinc.com/web
https://sso.cotyinc.com/web/

492 B
739 B

97ms
97ms

Other
text/html

13.72.97.48
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sso.cotyinc.com/web/
Protocol: HTTP/1.1
Server: 13.72.97.48 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 988e22046ddb68d8a17346f8a5ec13d6c85db00c7f1ce42845feaa76cbc1beff

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Referer: https://sso.cotyinc.com/adfs/ls/?login_hint=ritika_sapra%40cotyinc.com&client-request-id=8a355036-55d9-4506-93c1-30ad163fb7cd&username=ritika_sapra%40cotyinc.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuATMAky7boayuU4-aLBWzH772VWMyoSN0L_AyPiCkXESk0RRZklmdmJ8cWJBUaJDcn5JZWZeMkjFLSZB_6J0z5TwYrfUlNSixJLM_LxHzDiVX2AReMXCY8BsxcHBJcAgwaDA8IOFcREr0H1v_B08s_a0Ouw9fPDIRP_rDKdY9TOCvfL9tE0j0hK1KwLzXYOMXcsCQrLCwjItwi0DHcNNqlLMDcOT88w9y5JtLa0MJ7AJTWBjOsXG8IGNsYOdYRY7wwFOxgO8DD_47l861Pbj78x3HhsEGAA1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Apr 2024 01:55:54 GMT
Last-Modified: Tue, 23 Jan 2024 19:20:19 GMT
Server: Microsoft-IIS/10.0 Microsoft-HTTPAPI/2.0
Accept-Ranges: bytes
ETag: "a07b2934314eda1:0"
Content-Length: 492
Content-Type: text/html

Redirect headers

Location: https://sso.cotyinc.com/web/
Date: Mon, 29 Apr 2024 01:55:54 GMT
Server: Microsoft-IIS/10.0 Microsoft-HTTPAPI/2.0
Content-Length: 151
Content-Type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.allieddigltalmedia.com/	1969-12-31 23:59:59	Name: nAZlPU Value: "ZDlmYWQ0OTQtZWQ5Ni00ZTRiLTg5M2MtMTExM2RhZjUwMzUyOjY4ZmZiOWJiLTYyY2ItNDljOS1hNzRhLThjMzI0ZThjZmQ3Zg=="
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: esctx-jrqzvj8SOOA Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8I_azW-_YbtBP1SDdtCIvUdTdddcz8bpy8bwakauCRZfoKUqcORvElSgOc4ijP7mQS1pfbNs4TvHOBLmYi-e_WJLvH9WySNesye4y64Pe9RhpFY1MaoQYVtkf70Fe8qt9u7GHgyQym5JDHGbvJjfbByAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8jAglD5xKkK0LArr5w2TnRznnMEete4R-51i8mqikgXAikcBqI1ALgWDLcv5qFBfYqNXiP1WZ3jb98pZNKh9mXV5BV0D4aO-oA7YwKjhgohrcUAKBgFQcr5tWlyxG0c4WDw02Z22tuW_dLIIawOhP5OPmYWHMdq0_bVmqAeoF8v8gAA
login.microsoftonline.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
login.microsoftonline.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: AADSSO Value: NA\|NoExtension
login.microsoftonline.com/	1970-01-20 20:12:35	Name: SSOCOOKIEPULLED Value: 1
login.microsoftonline.com/	1970-01-20 20:55:47	Name: buid Value: 0.AQIAqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAA.AQABGgEAAADnfolhJpSnRYB1SVj-Hgd8tJ5VKR-MwtDKKrqUYfNw4KqDEbk5741U4mX1iqP_JpmaCsXkF5ASoLfSWkdKi8DbxN2LBgo0Bf40kHwnRwXytAAJ02EDrjiXlu0zhcChIZEgAA
.login.microsoftonline.com/	1969-12-31 23:59:59	Name: ESTSWCTXFLOWTOKEN Value: AQABIQEAAADnfolhJpSnRYB1SVj-Hgd8LT0Clsf2ZsZi1hhHyuTTsD4JhlKta6MvuTriHrYbKBVTEOQxW6DHOyhOQ6Sl9bZy7QU3bgAxLh1bTeMTMCg8nTMM4EaB8JcZQcSYV9c_cMTgTGVifiEWwyv5jdFDRLOgIW45ymYvMQGjTalhwcKTnk8DJvZBGsul20gNtby1T3qj-OS0VQIA1R3Zgh51-b4Kgxrp8jBeQ4szBQInzmMsgmutvDI0bzOI8PcOSv6WJCV20zdJ9A249uZ9wWWF7hx8kFszCbpUqI9fxy7xLs3q8PVjwDZEov_2rISqW6_r7qHkfWvULbpaproGnZ08KzWewk2-aG5m7qn3sX2Vdv0xsrLjUodGPD3fqKN89VXB05lUmkDBYxobCDgODA6mAePUNjjWLVEv3H21rOqSlZvAEvHNJ7hnlib01HNJwPwD3ZooqEdabh_4QzFwpoaC9KGoj7axjWOboSc8Z-FafRRRMZ6luptzeBRrqFrfc2n5VJUgAA
login.microsoftonline.com/	1970-01-20 20:55:47	Name: fpc Value: Ajr3rQi5nXVPuOkKMJNBonK4vjNwAQAAACn1wN0OAAAA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
approval-expense.allieddigltalmedia.com
login.microsoftonline.com
sso.cotyinc.com
www.maultalk.com
www.natwaves.com
13.72.97.48
177.221.140.242
185.42.14.179
188.114.96.3
2603:1027:1:158::8
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
367d7ad57b01172bb646e27a11b0e51c3b13815e89456ecbf363b21a9fde1c99
3b1a0c704cdae8ecd48aa8f0d50409d981cef21d7ae6dc85b0797d270101b151
5db7ce3fff3a4394a945f5d589777bfd61a19863dfd1a05b4556f76f48c7437e
7d085d8f98c7a4a939efdbbb48ec826693f272caf227c52c21dfeab3111eb916
8045956f2645b46a7b788010078b2fc9d44831dc8634868e9d4de47cdbda2fe6
94153f2a6daae35dfcb61dc987e2d4310b7ca021e36375e87d8b8c641c0c6121
988e22046ddb68d8a17346f8a5ec13d6c85db00c7f1ce42845feaa76cbc1beff
fc96c6cc0069f94f208d12dd336085800c163ab9971ad6a5d49eba2a1cbe3bb6

sso.cotyinc.com Open in urlscan Pro 13.72.97.48 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

8 Requests

88 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

4 IPs

4 Countries

174 kBTransfer

371 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

10 Cookies

Indicators

sso.cotyinc.com Open in urlscan Pro
13.72.97.48 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

4
IPs

4
Countries

174 kB
Transfer

371 kB
Size

10
Cookies

8 HTTP transactions
0 data transactions