URL: http://coronahelm.nl/
Submission: On May 23 via api from BE

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 2 HTTP transactions.
The main IP is 5.157.87.204, located in Amersfoort, Netherlands and belongs to ASTRALUS, NL. The main domain is coronahelm.nl.
This is the first time this domain was scanned on urlscan.io!

Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5.157.87.204 48635 (ASTRALUS)
1 2 5.157.86.209 48635 (ASTRALUS)
2 2
Domain
Subdomains
Transfer
2 yourhosting.nl
712 B
1 coronahelm.nl
494 B
2 2
Domain Requested by
2 www.yourhosting.nl 1 redirects coronahelm.nl
1 coronahelm.nl
2 2

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
yourhosting.nl
Sectigo RSA Extended Validation Secure Server CA
2020-01-22 -
2021-08-12
2 years

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

2 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
351 B
494 B
Document
General
Full URL
http://coronahelm.nl/
Protocol
HTTP/1.1
Server
5.157.87.204 Amersfoort, Netherlands, ASN48635 (ASTRALUS, NL),
Reverse DNS
redirect.yourhosting.nl
Software
nginx/1.16.1 / PHP/7.1.30
Resource Hash
2187ef4dfcdb6ddf25696470dd259a17731923d06943ffc71529948f652c1e14

Request headers

Host
coronahelm.nl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.16.1
Date
Sat, 23 May 2020 06:18:01 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.1.30
Content-Encoding
gzip
Cookie set /
www.yourhosting.nl/parkeerpagina
Redirect Chain
  • https://www.yourhosting.nl/parkeerpagina.html
  • https://www.yourhosting.nl/parkeerpagina/
0
0
Document
General
Full URL
https://www.yourhosting.nl/parkeerpagina/
Requested by
Host: coronahelm.nl
URL: http://coronahelm.nl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
5.157.86.209 Amersfoort, Netherlands, ASN48635 (ASTRALUS, NL),
Reverse DNS
prod3.yourhosting.nl
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
www.yourhosting.nl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
http://coronahelm.nl/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
django_language=nl-nl; lead=Z_coronahelm_nl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://coronahelm.nl/

Response headers

Server
nginx
Date
Sat, 23 May 2020 06:18:02 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Language, Cookie
Content-Language
nl-nl
Expires
Sat, 23 May 2020 06:18:02 GMT
Cache-Control
no-cache, no-store, must-revalidate, max-age=0
Set-Cookie
lead=Z_coronahelm_nl; Domain=.yourhosting.nl; expires=Tue, 21-May-2030 06:18:02 GMT; httponly; Max-Age=315360000; Path=/; secure gtm-userid=; Domain=.yourhosting.nl; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
Strict-Transport-Security
max-age=31536000
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Sat, 23 May 2020 06:18:02 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Vary
Accept-Language, Cookie
Location
/parkeerpagina/
Content-Language
nl-nl
Set-Cookie
django_language=nl-nl; expires=Sun, 23-May-2021 06:18:02 GMT; Max-Age=31536000; Path=/ lead=Z_coronahelm_nl; Domain=.yourhosting.nl; expires=Tue, 21-May-2030 06:18:02 GMT; httponly; Max-Age=315360000; Path=/; secure gtm-userid=; Domain=.yourhosting.nl; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
Strict-Transport-Security
max-age=31536000
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 1
  • https://www.yourhosting.nl/parkeerpagina.html
  • https://www.yourhosting.nl/parkeerpagina/

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

3 Cookies

Domain/Path Name / Value
.yourhosting.nl/ Name: btw
Value: ex
.yourhosting.nl/ Name: lead
Value: Z_coronahelm_nl
www.yourhosting.nl/ Name: django_language
Value: nl-nl

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

coronahelm.nl
www.yourhosting.nl


5.157.86.209
5.157.87.204

2187ef4dfcdb6ddf25696470dd259a17731923d06943ffc71529948f652c1e14