adr.sh - urlscan.io

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 13.32.27.29, located in United States and belongs to AMAZON-02, US. The main domain is adr.sh.
TLS certificate: Issued by R3 on October 11th 2022. Valid for: 3 months.

This is the only time adr.sh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.32.27.28 13.32.27.28	16509 (AMAZON-02) (AMAZON-02)
2	13.32.27.29 13.32.27.29	16509 (AMAZON-02) (AMAZON-02)
1	52.5.73.143 52.5.73.143	14618 (AMAZON-AES) (AMAZON-AES)
1	52.216.209.104 52.216.209.104	16509 (AMAZON-02) (AMAZON-02)
4	3

1 13.32.27.28 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-28.fra56.r.cloudfront.net

adr.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.27.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-29.fra56.r.cloudfront.net

adr.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.5.73.143 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-73-143.compute-1.amazonaws.com

api3.appdataroom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.209.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	adr.sh 1 redirects adr.sh	3 KB
1	amazonaws.com s3.amazonaws.com	21 KB
1	appdataroom.com api3.appdataroom.com — Cisco Umbrella Rank: 632042	335 B
4	3

	Domain	Requested by
3	adr.sh	1 redirects adr.sh
1	s3.amazonaws.com	adr.sh
1	api3.appdataroom.com	adr.sh
4	3

This site contains no links.

Subject Issuer	Validity	Valid
adr.sh R3	`2022-10-11` - `2023-01-09`	3 months	crt.sh
*.appdataroom.com R3	`2022-12-06` - `2023-03-06`	3 months	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://adr.sh/error.html
Frame ID: AE8D58646B8BE437A4CFEE712B8787CE
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Follow-up

Page URL History Show full URLs

http://adr.sh/ HTTP 301
https://adr.sh/ Page URL
https://adr.sh/error.html Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

24 kB
Transfer

23 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://adr.sh/ HTTP 301
https://adr.sh/ Page URL
https://adr.sh/error.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://adr.sh/ HTTP 301
https://adr.sh/

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response adr.sh/ Redirect Chain http://adr.sh/ https://adr.sh/	1 KB 1 KB	38ms 14ms	Document text/html	13.32.27.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adr.sh/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `deaec865572d23118b92e74da471a3f606b92ec5238f1fdd748ed09dd5d2d54e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 53993 content-length 1160 content-type text/html date Wed, 14 Dec 2022 04:25:39 GMT etag "1cefa9ed345c3af5d820b29c998137a0" last-modified Thu, 10 Sep 2020 18:54:17 GMT server AmazonS3 via 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront) x-amz-cf-id jQ7IK_zlKZHvcqtLLzS3LLWO0xztf3XP4V7IhJc60O48RJADsc1dag== x-amz-cf-pop FRA56-C2 x-cache Hit from cloudfront Redirect headers Connection keep-alive Content-Length 167 Content-Type text/html Date Wed, 14 Dec 2022 19:25:31 GMT Location https://adr.sh/ Server CloudFront Via 1.1 3acba66e95e31977aee0842f44a6f08e.cloudfront.net (CloudFront) X-Amz-Cf-Id CjjeX8znj7dwwmZHKY72-PMKR7FpAG0bI7a3LZdNQqxbzKO3acUC8w== X-Amz-Cf-Pop FRA56-C2 X-Cache Redirect from cloudfront
GET H2	200	redirect api3.appdataroom.com/	22 B 335 B	524ms 114ms	XHR application/json	52.5.73.143 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api3.appdataroom.com/redirect?hash=& Requested by Host: adr.sh URL: https://adr.sh/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.5.73.143 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-5-73-143.compute-1.amazonaws.com Software nginx/1.22.0 / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://adr.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers date Wed, 14 Dec 2022 19:25:31 GMT server nginx/1.22.0 allow HEAD, GET, POST, PUT, DELETE, OPTIONS access-control-allow-methods HEAD, GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin * cache-control must-revalidate, no-cache, no-store, private access-control-allow-headers X-Requested-With, Cache-Control, Authorization, Content-Type
GET H2	200	Primary Request error.html Show response adr.sh/	893 B 1 KB	24ms 24ms	Document text/html	13.32.27.29 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adr.sh/error.html Requested by Host: adr.sh URL: https://adr.sh/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.32.27.29 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-32-27-29.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash `62de39f25ad4c7a0079d10407f60c3dd923e8926415a21aa43ab58ebb279ccf1` Request headers Referer https://adr.sh/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 17191 content-length 893 content-type text/html date Wed, 14 Dec 2022 14:39:01 GMT etag "82023256e23d2178d6ae09cd8a45c5a4" last-modified Sun, 16 Dec 2018 04:19:10 GMT server AmazonS3 via 1.1 d8670b0c6b76371fb58f730881dfe504.cloudfront.net (CloudFront) x-amz-cf-id 27SKIeoWbYewF91hW9GK3ahQ_INfKCQn0B97dkTG8swwWflLjU9Yeg== x-amz-cf-pop FRA56-C2 x-cache Hit from cloudfront
GET H/1.1	200 OK	modus-circle-symbol-red.png s3.amazonaws.com/lambda.appdataroom.com/temp/	21 KB 21 KB	361ms 147ms	Image image/png	52.216.209.104 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/lambda.appdataroom.com/temp/modus-circle-symbol-red.png Requested by Host: adr.sh URL: https://adr.sh/error.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.209.104 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash `945ee7d5e7860d77d132db593af333c3a8191a38b48ad65d4485bc4f28573cd9` Request headers accept-language de-DE,de;q=0.9 Referer https://adr.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36 Response headers Date Wed, 14 Dec 2022 19:25:33 GMT x-amz-version-id pd9oEx8ajWo1Kx9aBzfwXxXy57ijrh4w Last-Modified Mon, 18 Jun 2018 15:28:45 GMT Server AmazonS3 x-amz-request-id RKH41W0CV3FRX92Y ETag "72822172835cbed517ba50ff43f654ae" Content-Type image/png Accept-Ranges bytes Content-Length 21029 x-amz-id-2 Fp6H+8yv/Mfr+7hit4qYAx2lRLugehnAFcNYuqZMUtejDnuAj2jO6LQfALORxxUYjBDgPq8DgPs=

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adr.sh
api3.appdataroom.com
s3.amazonaws.com
13.32.27.28
13.32.27.29
52.216.209.104
52.5.73.143
62de39f25ad4c7a0079d10407f60c3dd923e8926415a21aa43ab58ebb279ccf1
945ee7d5e7860d77d132db593af333c3a8191a38b48ad65d4485bc4f28573cd9
deaec865572d23118b92e74da471a3f606b92ec5238f1fdd748ed09dd5d2d54e

adr.sh Open in urlscan Pro 13.32.27.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

24 kBTransfer

23 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Indicators

adr.sh Open in urlscan Pro
13.32.27.29 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

24 kB
Transfer

23 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions