cobalten.com
139.45.197.8  Public Scan Open in urlscan Pro

Internal
urlscan.io (IP) urlscan.io (Domain)
Effective Hostname
VirusTotal SecurityTrails crt.sh
Submitted URL
Google Safe Browsing Archive.org
Effective URL Pivot
Google Safe Browsing Archive.org
Effective IP
VirusTotal SecurityTrails Domaintools Censys
Go To Rescan
Add Verdict Report
Submitted URL:
http://go.onclasrv.com/apu.php?zoneid=1543391 12yr old
Effective URL:
http://cobalten.com/apu.php?zoneid=1543391 8yr old
Submission Tags: falconsandbox
Submission: On November 12 via api (November 12th 2020, 3:14:05 am UTC) from US
Summary HTTP 1 Redirects  Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 1 HTTP transactions. The main IP is 139.45.197.8, located in Ascension Island and belongs to RETN-AS, EU. The main domain is cobalten.com. 8yr old
This is the only time cobalten.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 139.45.195.43 139.45.195.43 9002 (RETN-AS) (RETN-AS)
1 139.45.197.8 139.45.197.8 9002 (RETN-AS) (RETN-AS)
1 1
Apex Domain
Subdomains		 Transfer
1 cobalten.com
cobalten.com 8yr old
22 KB
1 onclasrv.com 1 redirects
go.onclasrv.com 12yr old
305 B
1 2
Domain Requested by
1 cobalten.com
1 go.onclasrv.com 1 redirects
1 2

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://cobalten.com/apu.php?zoneid=1543391
Frame ID: 1597705F27074844480970F0E31E1002
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://go.onclasrv.com/apu.php?zoneid=1543391 HTTP 302
    http://cobalten.com/apu.php?zoneid=1543391 Page URL

Detected technologies

(Programming languages)
Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
(Web servers)
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

1
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

22 kB
Transfer

61 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://go.onclasrv.com/apu.php?zoneid=1543391 HTTP 302
    http://cobalten.com/apu.php?zoneid=1543391 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
0 data transactions

Method
Protocol		 Status Resource
Path		 Size
x-fer		 Time
Latency		 Type
MIME-Type		 IP
Location
GET
H/1.1 		200
OK 		Primary Request Cookie set apu.php Show response
cobalten.com/
Redirect Chain
  • http://go.onclasrv.com/apu.php?zoneid=1543391
  • http://cobalten.com/apu.php?zoneid=1543391
61 KB
22 KB 		41ms
26ms 		Document
application/javascript		 139.45.197.8
RETN-AS
General
Check archive.org
Download Go to
Full URL
http://cobalten.com/apu.php?zoneid=1543391
Protocol
HTTP/1.1
Server
139.45.197.8 , Ascension Island, ASN9002 (RETN-AS, EU),
Reverse DNS
Software
nginx /
Resource Hash
76575f82a153c8f7e0870dd1a9ba1ee345cf27d841fbd0316a0b740195009727
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Host
cobalten.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Thu, 12 Nov 2020 03:14:06 GMT
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding
Pragma
no-cache
Cache-Control
no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires
Tue, 11 Jan 1994 10:00:00 GMT
Timing-Allow-Origin
* *
X-Trace-Id
7a436830562216b2ffe631a106d36f61
Set-Cookie
OAID=b9ae3dd04f674952ada4fe414bb3a22b; expires=Fri, 12 Nov 2021 03:14:06 GMT oaidts=1605150846; expires=Fri, 12 Nov 2021 03:14:06 GMT
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 12 Nov 2020 03:14:05 GMT
Content-Type
text/html
Content-Length
138
Connection
keep-alive
Location
http://cobalten.com/apu.php?zoneid=1543391
Strict-Transport-Security
max-age=1
X-Content-Type-Options
nosniff
Timing-Allow-Origin
*

Verdicts & Comments Add Verdict or Comment

1 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path Expires Name / Value
cobalten.com/ 1970-01-19
22:38:06 		Name: oaidts
Value: 1605150846
cobalten.com/ 1970-01-19
22:38:06 		Name: OAID
Value: b9ae3dd04f674952ada4fe414bb3a22b

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cobalten.com
go.onclasrv.com
139.45.195.43
139.45.197.8
76575f82a153c8f7e0870dd1a9ba1ee345cf27d841fbd0316a0b740195009727