shelp1.org - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 172.67.158.73, located in United States and belongs to CLOUDFLARENET, US. The main domain is shelp1.org.
TLS certificate: Issued by GTS CA 1P5 on April 12th 2024. Valid for: 3 months.

This is the only time shelp1.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	172.67.158.73 172.67.158.73	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	45.11.57.132 45.11.57.132	6698 (VIRTUALSY...) (VIRTUALSYSTEMS)
5	2

4 172.67.158.73 (United States)

ASN13335 (CLOUDFLARENET, US)

shelp1.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.11.57.132 (Kyiv, Ukraine)

ASN6698 (VIRTUALSYSTEMS, UA)
PTR: dedicated.vsys.host

s3699.passefund.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	shelp1.org shelp1.org	142 KB
1	passefund.info s3699.passefund.info
5	2

	Domain	Requested by
4	shelp1.org	shelp1.org
1	s3699.passefund.info	shelp1.org
5	2

This site contains no links.

Subject Issuer	Validity	Valid
shelp1.org GTS CA 1P5	`2024-04-12` - `2024-07-11`	3 months	crt.sh
s3699.passefund.info R3	`2024-04-14` - `2024-07-13`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://shelp1.org/
Frame ID: D4BB35F1B605571C1ABCA0BAA0D22D18
Requests: 3 HTTP requests in this frame

Frame: https://s3699.passefund.info:8443/guest
Frame ID: 3AB2D6495E943D869EB351643347F635
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Support

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

142 kB
Transfer

144 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
shelp1.org/ 3 KB
1 KB 99ms
63ms Document
text/html 172.67.158.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shelp1.org/

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

172.67.158.73 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c390b48ab1cf406118eb1d148127825f0b444e9b9900013b9943b2ddc500d5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 87c00821bcb5bb86-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 29 Apr 2024 14:37:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mz24wDe37HepWF2MpldYW597HtEjUxK6gUs1A9NzPf5OfskTbekkGKHwAYqYUxs8pRchYXUovmN97kpYSR6RAPn21KQZNtw6O0N48ateYEZAFBMIAssaIokRrTjn"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=7776000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 data.php Show response
shelp1.org/ Frame 3AB2 85 B
514 B 41ms
41ms Document
text/html 172.67.158.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shelp1.org/data.php?id=3

Requested by

Host: shelp1.org
URL: https://shelp1.org/

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

172.67.158.73 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fa3165d33a0ebb3b11faab6a5501b0fab5baccfd9fb1d50e9d3af45c6acc077

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://shelp1.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 87c008224d66bb86-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 29 Apr 2024 14:37:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBJD%2BjHDoNgcZhKWISAIHRVpW9r7eaOJuPO4U%2BaqDb7FXwP%2BLuXdKMaT4rLGAuzRLSG4e07NKS5pAq3olrR3h1BdMVEaXRPxUdV80Jqn3H%2FV1ZWWsMLC39e0Yxha"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=7776000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 bg.jpg
shelp1.org/ 139 KB
140 KB 21ms
20ms Image
image/jpeg 172.67.158.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shelp1.org/bg.jpg

Requested by

Host: shelp1.org
URL: https://shelp1.org/

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

172.67.158.73 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b9339876c1a3666f1c61d7a29fdcee0a55c819f6b57c5cd09872a811c4aa861

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://shelp1.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 14:37:44 GMT
strict-transport-security: max-age=7776000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 41435
alt-svc: h3=":443"; ma=86400
content-length: 142782
last-modified: Sat, 13 Apr 2024 01:39:54 GMT
server: cloudflare
etag: "6619e26a-22dbe"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JodIpgqG1qqUuelvCDxZeVQU8roOXiwDdoRMN1UmUehRtpPJ9H3mEfplpt5P2ypsx1tpaihOLvkeFpHS275xNaQpQBKTeg0UNy6nj0%2FCAKO8KBhtMT%2BZAB3xNYN7"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 87c008224d62bb86-FRA
expires: Wed, 29 May 2024 03:07:09 GMT

GET
H2 200 guest
s3699.passefund.info/ Frame 3AB2 0
0 173ms
49ms Document
text/html 45.11.57.132
VIRTUALSYSTEMS

General

Check archive.org

Show headers Download Go to

Full URL: https://s3699.passefund.info:8443/guest
Requested by: Host: shelp1.org
URL: https://shelp1.org/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.11.57.132 Kyiv, Ukraine, ASN6698 (VIRTUALSYSTEMS, UA),
Reverse DNS: dedicated.vsys.host
Software: ScreenConnect/23.9.10.8817-797452006 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://shelp1.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: private
content-encoding: gzip
content-length: 8003
content-type: text/html; charset=utf-8
date: Mon, 29 Apr 2024 14:37:44 GMT
p3p: CP="NON CUR OUR STP STA PRE"
server: ScreenConnect/23.9.10.8817-797452006 Microsoft-HTTPAPI/2.0

GET
H3 404 favicon.ico
shelp1.org/ 548 B
581 B 53ms
52ms Other
text/html 172.67.158.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shelp1.org/favicon.ico

Protocol

H3

Security

QUIC, , AES_128_GCM

Server

172.67.158.73 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://shelp1.org/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 14:37:44 GMT
strict-transport-security: max-age=7776000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1LJdB%2BN4FF0k%2FIABNKYLi0ny9Ith9oO7NQ4S6EE25QNuCbSgAi%2FM8X%2BmknOOb%2Ff3RvjoFhnw%2BBhY5e9QtLsMzZLsauo85PEcTVLLVq4rDk3DNjzpj0i9QDEODuTO"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 87c00822ce1ebb86-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://shelp1.org/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=7776000; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s3699.passefund.info
shelp1.org
172.67.158.73
45.11.57.132
6c390b48ab1cf406118eb1d148127825f0b444e9b9900013b9943b2ddc500d5e
8fa3165d33a0ebb3b11faab6a5501b0fab5baccfd9fb1d50e9d3af45c6acc077
9b9339876c1a3666f1c61d7a29fdcee0a55c819f6b57c5cd09872a811c4aa861
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

shelp1.org Open in urlscan Pro 172.67.158.73 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

142 kBTransfer

144 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

shelp1.org Open in urlscan Pro
172.67.158.73 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

142 kB
Transfer

144 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions