Security Scan Report: cottonwoodfinancial.hostedrmm.com

Redirected to: https://cottonwoodfinancial.hostedrmm.com/WCC2/Home/Login?ReturnUrl=%2fWCC2%2f

Submitted: Dec 21, 2025, 12:22:44 AMCompleted: Dec 21, 2025, 12:23:36 AMpubliccompleted
Loading additional data...

Summary

This website contacted 4 IPs in 1 country across 4 domains to perform 22 HTTP transactions. The main domain is cottonwoodfinancial.hostedrmm.com and was registered NaN years ago.

Submitted URL: https://cottonwoodfinancial.hostedrmm.com

Effective URL: https://cottonwoodfinancial.hostedrmm.com/WCC2/Home/Login?ReturnUrl=%2fWCC2%2fRedirected

The Cisco Umbrella rank of the primary domain is #5,542 of the top 1 million websitesTop 10K Site

AI Security Verdict

Confirmed Scam

Confidence: 95%

9
Risk Score

Site hosts a credential‑harvesting login form and links to a known malicious file – treat as confirmed phishing scam.

Risk Factors
Malicious external link to known malware (s3.amazonaws.com/assets-cp/assets/agent_uninstaller.zip)
Password field collecting credentials on a site that references malicious cloud storage
Cloud storage domain associated with login form triggers CONFIRMED_SCAM rule
Domain age information unavailable

Details

Page Title

Index

Scan Type

public

Language

🇺🇸

English

(55% confidence)

Category

documentation technical

(40%)

Domain Information

The domain name 'cottonwoodfinancial.hostedrmm.com' uses the commercial generic top-level domain (.com), featuring subdomain 'cottonwoodfinancial'. Count 9 characters in 'hostedrmm' split between 2 vowels and seven consonants. Tokenizing the label suggests 3 words: hosted, r, mm. Expect two characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://cottonwoodfinancial.hostedrmm.com

Page Load Overview

5.54s
Total Load Time
22
HTTP Requests
4
Domains
927 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:55%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:55%
Script Type:Latin
Text Length:476 chars
Detector Agreement:100%

Website Classification

Primary Category

documentation technical40% confidence
Type: webapp
Method: ml+structural

All Detected Categories

documentation technical
40%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
7216.239.32.36United States
AS15169GOOGLE
5216.58.209.168United States
AS15169GOOGLE
53.101.143.166San Jose, California, United States
AS16509AMAZON-02
5216.58.209.206United States
AS15169GOOGLE
224--

Detected Technologies4

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1C44283186CE26A151423B4F5B6F2E11D79D49107C200EE08B9FC86E64FD8DA98F73B9C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:MqqPxzblh1qJ1bPDmPBAu4XS6drwFvw0xX5DPNu6VEHUEfL1e/kO6FvEUS1SY0ML:Y1qJ1bPqZAu4i6O+0jt6HZfpe/kO6i17

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:12112:ASUDIAkYASAhISgnHniAzSCiMqBBpFAMLkIC0EqvwhJysUJ2CWhJICBCTEAAcHCwQKxYiCAJRwBYBkASYQIBBwIQbh9wAJoD

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00c3c3ffffffff00
Perceptual Hash:e16173d353c36171
Difference Hash:4896964618020030
Wavelet Hash:00c30323cfcfe700
Color Hash:#e06cc7

Other Hashes

Crop Resistant:4896964618020030

Scan History

Scan history not available

Unable to load historical scan data