cottaclub.azurewebsites.net Open in urlscan Pro
20.119.16.58  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cottaclub.azurewebsites.net/0WpwaAWq7Cxu92_3n6xUd5Ptq_meEcPcteiess-Baxo/	45 KB 22 KB	557ms 141ms	Document text/html	20.119.16.58 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://cottaclub.azurewebsites.net/0WpwaAWq7Cxu92_3n6xUd5Ptq_meEcPcteiess-Baxo/?cid=4qZFYop4Oj6p Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.119.16.58 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash ccd2d6575f2e90c9d0fdd1cdfe6a83a4c3da72f392793c1c3fdc698e9ed63822 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ch Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version access-control-allow-credentials true access-control-allow-origin * content-encoding gzip content-type text/html date Fri, 12 Apr 2024 04:51:34 GMT vary Accept-Encoding
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H3	200	AFU1kAAPatM Show response feed.rtbadshubmy.com/v1/native/	799 B 888 B	1192ms 1093ms	Fetch application/json	104.21.76.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://feed.rtbadshubmy.com/v1/native/AFU1kAAPatM?subid=74532&uid=9399fbe3-d6d7-4c23-9786-5f0e6d8586de&kw=download%20install&ud_tpcid=qpCTfhOHdcEpP1iuEy5gIKpO0rPEmEFJ Requested by Host: cottaclub.azurewebsites.net URL: https://cottaclub.azurewebsites.net/0WpwaAWq7Cxu92_3n6xUd5Ptq_meEcPcteiess-Baxo/?cid=4qZFYop4Oj6p Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.76.3 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 69a500d0ad997c0ee9bb3c204c708ee54167d84f0026b1d1540dc8d9d7e97cab Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://cottaclub.azurewebsites.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 12 Apr 2024 04:51:36 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P0xyeV4h6rlDRTWjxpyaaLHYEeJA2OVnTngY57rsnOhwy9mTYxQrHCpCvRL70yJ72WhmxRkFXAX5BaJubG2aqFIr2J02OsA6OGYHWZBlh4afLkEmdw3WIX3rs6lOSiyePg7M9WLRVA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * cache-control no-cache cf-ray 87309a204f892c35-FRA alt-svc h3=":443"; ma=86400
GET H2	200	conf.json Show response cottaclub.azurewebsites.net/hood/Y290dGFjbHViLmF6dXJld2Vic2l0ZXMubmV0/	49 B 184 B	130ms 130ms	Fetch application/json	20.119.16.58 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://cottaclub.azurewebsites.net/hood/Y290dGFjbHViLmF6dXJld2Vic2l0ZXMubmV0/conf.json Requested by Host: cottaclub.azurewebsites.net URL: https://cottaclub.azurewebsites.net/0WpwaAWq7Cxu92_3n6xUd5Ptq_meEcPcteiess-Baxo/?cid=4qZFYop4Oj6p Protocol H2 Security TLS 1.3, , AES_256_GCM Server 20.119.16.58 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 2744ab7641b98bc4210e6475618dc4ba66ed9fa08a3bf67ba01c77f9ed805de2 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform-version "10.0.0" Referer https://cottaclub.azurewebsites.net/0WpwaAWq7Cxu92_3n6xUd5Ptq_meEcPcteiess-Baxo/?cid=4qZFYop4Oj6p sec-ch-ua-full-version-list "Google Chrome";v="123.0.6312.122", "Not:A-Brand";v="8.0.0.0", "Chromium";v="123.0.6312.122" sec-ch-ua-platform "Win32" Response headers date Fri, 12 Apr 2024 04:51:35 GMT last-modified Wed, 20 Mar 2024 17:36:10 GMT accept-ranges bytes etag "65fb1e8a-31" content-length 49 content-type application/json
GET DATA	200 OK	truncated /	9 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 260b073c6af7b2e361f1ba7f05d23007587adbdd79de704fc1999c9d64cd737e Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET H3	200	ht.js Show response sdk.ocmhood.com/sdk/	33 KB 13 KB	177ms 49ms	Script application/javascript	172.67.72.9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2eDgxNDY4MjE0NkgL Requested by Host: cottaclub.azurewebsites.net URL: https://cottaclub.azurewebsites.net/0WpwaAWq7Cxu92_3n6xUd5Ptq_meEcPcteiess-Baxo/?cid=4qZFYop4Oj6p Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.72.9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 81195ecef1ef260cddab7b3ab6123888768242882b856b5fab360f25850a9fa1 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://cottaclub.azurewebsites.net/ Origin https://cottaclub.azurewebsites.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 12 Apr 2024 04:51:35 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3228 alt-svc h3=":443"; ma=86400 service-worker-allowed / last-modified Tue, 09 Apr 2024 11:24:49 GMT server cloudflare etag W/"66152581-30ac" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vgBw8zq4M1efdberSEtyPkgy45Re1uPdwUGIEfKmNa6sjRLK%2FTxF0LXSYAKzJDdt%2BgaFM0TrQqavq6vgVpt7vTx9koive7FVfBBq2SVizZvGST738qLojSiu5C5YzYBLSA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 87309a215c292c71-FRA
GET H3	200	NjY4ZwSkNAFfmDQ2eDgxNDY4MjE0NkgL.js Show response cdn.ocmtag.com/tag/	423 B 806 B	102ms 48ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.ocmtag.com/tag/NjY4ZwSkNAFfmDQ2eDgxNDY4MjE0NkgL.js Requested by Host: sdk.ocmhood.com URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2eDgxNDY4MjE0NkgL Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 25ad08cac126e96dbc1cc6dd3058b56a788558c3577ccc70cb2d3f69a476c58b Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://cottaclub.azurewebsites.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 12 Apr 2024 04:51:35 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1041 alt-svc h3=":443"; ma=86400 service-worker-allowed / last-modified Wed, 20 Mar 2024 17:33:01 GMT server cloudflare etag W/"65fb1dcd-1a7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UE7WzAN8Jb7%2BHtaIlI5v%2BBx%2BDbMFobV6Llv26XFY60US65rL7H58BajSPrbHJ0XXz3teiGvDeIhgFALwvUzkVpFbMWV7tAjZ4OvwF8Pxq6YL8U361dd6ef4%2BO%2Bc8NChXAQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript access-control-allow-origin * cache-control max-age=14400 cf-ray 87309a2239161e1c-FRA
POST H3	201	activity t.ocmhood.com/v2/	0 433 B	154ms 65ms	Ping application/octet-stream	172.67.72.9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.ocmhood.com/v2/activity Requested by Host: sdk.ocmhood.com URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2eDgxNDY4MjE0NkgL Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.72.9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-platform "Win32" Referer https://cottaclub.azurewebsites.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 12 Apr 2024 04:51:35 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5XgPj5mlQHTTraS8nff2jAOOYcocNx4YTp6RNWcDVD1Vg4V%2FraAEvGfBH9vEHpm%2BaXzTQ4lq5c5s71q6Gwd1XwVehPn%2BrIUD9BkcNsJHwaryxgO3HDxKw3bVsT%2BkRgk%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control no-cache cf-ray 87309a231d263a91-FRA alt-svc h3=":443"; ma=86400
GET H3	204	imp t.rtbadshubmy.com/	0 0	69ms 59ms	Fetch	104.21.76.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://t.rtbadshubmy.com/imp?l2=P8YEk9HObONFxS7AuK7FbAIOc0TVGP0ppIbEIcMiEOT5KZItzCOns7n0HKk264tpRm_3paO_3TSBlaUkFOvHgwknKmMjPgsv7yTd6Gvade2eKHcKbQ_9v0bcDuRCQjf2riTlzZ9v7yL8kEizpPK08-nBCG9zeoplO8aYfu4kgastDhvIoAT6LooL8bADA0JSmNRMzh3odfynHso1iVesad8TDZlPvk0nd8_-kd0vYjN9C-cNMmSE5GJacFKi-6bj Requested by Host: cottaclub.azurewebsites.net URL: https://cottaclub.azurewebsites.net/0WpwaAWq7Cxu92_3n6xUd5Ptq_meEcPcteiess-Baxo/?cid=4qZFYop4Oj6p Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.76.3 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://cottaclub.azurewebsites.net/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 12 Apr 2024 04:51:36 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SC4gczBphf2aHqABPHc0MGnxaWCsXoVHrTQOagt1z4kr%2BiQTjireGsGiXJ%2BN%2B6uOa2nTEBEUGt7ATcQ9i43TFgtoDwJwmanGthUd68UES6evUvmh0XwfBmcYlyEcGuTVO6zYLQ%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cache-control no-cache cf-ray 87309a273bea2c35-FRA alt-svc h3=":443"; ma=86400

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| qs string| lwp function| snippetGetEngineDomain function| snippetGetAllLocations function| importOmpServiceWorker function| initOmpServiceWorker function| clearSession function| goNextStep function| getLpType function| fetchAd function| getOCP function| popme function| finalRedirect function| goToRedirectonAllow function| goToRedirectSmart2 function| isPushApiSupported function| uuidv4 function| initLpPush function| startOmpWorker function| getLpIdParamIfSet function| getSourcePrefix object| ad number| cpc number| o_eid string| o_ocid string| source_prefix string| fallback_url object| campaign_domains function| before_redirect_block object| sParams string| cc function| Hood function| NjY4ZwSkNAFfmDQ2eDgxNDY4MjE0NkgL

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cottaclub.azurewebsites.net/	1969-12-31 23:59:59	Name: session Value: qpCTfhOHdcEpP1iuEy5gIKpO0rPEmEFJ
			.cottaclub.azurewebsites.net/	1969-12-31 23:59:59	Name: ARRAffinity Value: e12f8e885f16a776bb3cfbff4064c27424a6af3291426b22333f3255c25f2e4b
			.cottaclub.azurewebsites.net/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: e12f8e885f16a776bb3cfbff4064c27424a6af3291426b22333f3255c25f2e4b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.ocmtag.com
cottaclub.azurewebsites.net
feed.rtbadshubmy.com
sdk.ocmhood.com
t.ocmhood.com
t.rtbadshubmy.com
104.21.76.3
172.67.72.9
188.114.97.3
20.119.16.58
25ad08cac126e96dbc1cc6dd3058b56a788558c3577ccc70cb2d3f69a476c58b
260b073c6af7b2e361f1ba7f05d23007587adbdd79de704fc1999c9d64cd737e
2744ab7641b98bc4210e6475618dc4ba66ed9fa08a3bf67ba01c77f9ed805de2
69a500d0ad997c0ee9bb3c204c708ee54167d84f0026b1d1540dc8d9d7e97cab
81195ecef1ef260cddab7b3ab6123888768242882b856b5fab360f25850a9fa1
ccd2d6575f2e90c9d0fdd1cdfe6a83a4c3da72f392793c1c3fdc698e9ed63822
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2