adr.sh - urlscan.io

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 18.66.122.7, located in United States and belongs to AMAZON-02, US. The main domain is adr.sh. The Cisco Umbrella rank of the primary domain is 493527.
TLS certificate: Issued by R3 on October 11th 2022. Valid for: 3 months.

This is the only time adr.sh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.66.122.16 18.66.122.16	16509 (AMAZON-02) (AMAZON-02)
2	18.66.122.7 18.66.122.7	16509 (AMAZON-02) (AMAZON-02)
1	23.21.85.150 23.21.85.150	14618 (AMAZON-AES) (AMAZON-AES)
1	52.217.85.38 52.217.85.38	16509 (AMAZON-02) (AMAZON-02)
4	3

1 18.66.122.16 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-16.fra60.r.cloudfront.net

adr.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.122.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-7.fra60.r.cloudfront.net

adr.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.21.85.150 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-85-150.compute-1.amazonaws.com

api3.appdataroom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.85.38 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	adr.sh 1 redirects adr.sh — Cisco Umbrella Rank: 493527	3 KB
1	amazonaws.com s3.amazonaws.com	21 KB
1	appdataroom.com api3.appdataroom.com — Cisco Umbrella Rank: 567649	335 B
4	3

	Domain	Requested by
3	adr.sh	1 redirects adr.sh
1	s3.amazonaws.com	adr.sh
1	api3.appdataroom.com	adr.sh
4	3

This site contains no links.

Subject Issuer	Validity	Valid
adr.sh R3	`2022-10-11` - `2023-01-09`	3 months	crt.sh
*.appdataroom.com R3	`2022-12-06` - `2023-03-06`	3 months	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://adr.sh/error.html
Frame ID: ABCEF20E848FDA343638E689AE13F9EF
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Follow-up

Page URL History Show full URLs

http://adr.sh/ HTTP 301
https://adr.sh/ Page URL
https://adr.sh/error.html Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

24 kB
Transfer

23 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://adr.sh/ HTTP 301
https://adr.sh/ Page URL
https://adr.sh/error.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://adr.sh/ HTTP 301
https://adr.sh/

4 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response adr.sh/ Redirect Chain http://adr.sh/ https://adr.sh/	1 KB 1 KB	50ms 24ms	Document text/html	18.66.122.7 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adr.sh/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.7 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-7.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `deaec865572d23118b92e74da471a3f606b92ec5238f1fdd748ed09dd5d2d54e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 36801 content-length 1160 content-type text/html date Wed, 14 Dec 2022 14:38:59 GMT etag "1cefa9ed345c3af5d820b29c998137a0" last-modified Thu, 10 Sep 2020 18:54:17 GMT server AmazonS3 via 1.1 2a6277094357eb47f8dbeacb06ed96c2.cloudfront.net (CloudFront) x-amz-cf-id jOMmSo6rIpK-8seZvSZiE7zAOOyxaqRDeu1_h19RdeR4k0LDKz71YA== x-amz-cf-pop FRA60-P2 x-cache Hit from cloudfront Redirect headers Connection keep-alive Content-Length 167 Content-Type text/html Date Wed, 14 Dec 2022 14:38:59 GMT Location https://adr.sh/ Server CloudFront Via 1.1 109c7a7f1cf897851e09b16d3030a948.cloudfront.net (CloudFront) X-Amz-Cf-Id cTQFQZ0LBA9ZZbQprBPSdV-WgV54vwm2oSPAh8q-ngRxDv_2QGA1Ag== X-Amz-Cf-Pop FRA60-P2 X-Cache Redirect from cloudfront
GET H2	200	redirect api3.appdataroom.com/	22 B 335 B	355ms 107ms	XHR application/json	23.21.85.150 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api3.appdataroom.com/redirect?hash=& Requested by Host: adr.sh URL: https://adr.sh/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.21.85.150 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-23-21-85-150.compute-1.amazonaws.com Software nginx/1.22.0 / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://adr.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 14 Dec 2022 14:39:00 GMT server nginx/1.22.0 allow HEAD, GET, POST, PUT, DELETE, OPTIONS access-control-allow-methods HEAD, GET, POST, PUT, DELETE, OPTIONS content-type application/json access-control-allow-origin * cache-control must-revalidate, no-cache, no-store, private access-control-allow-headers X-Requested-With, Cache-Control, Authorization, Content-Type
GET H2	200	Primary Request error.html Show response adr.sh/	893 B 1 KB	411ms 411ms	Document text/html	18.66.122.7 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adr.sh/error.html Requested by Host: adr.sh URL: https://adr.sh/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.122.7 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-7.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash `62de39f25ad4c7a0079d10407f60c3dd923e8926415a21aa43ab58ebb279ccf1` Request headers Referer https://adr.sh/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes content-length 893 content-type text/html date Wed, 14 Dec 2022 14:39:01 GMT etag "82023256e23d2178d6ae09cd8a45c5a4" last-modified Sun, 16 Dec 2018 04:19:10 GMT server AmazonS3 via 1.1 2a6277094357eb47f8dbeacb06ed96c2.cloudfront.net (CloudFront) x-amz-cf-id SwVFey7hQL3gdexl6pyzhXyJaH10QwNrznMf3pAFI1f4ShR6vXnd6A== x-amz-cf-pop FRA60-P2 x-cache RefreshHit from cloudfront
GET H/1.1	200 OK	modus-circle-symbol-red.png s3.amazonaws.com/lambda.appdataroom.com/temp/	21 KB 21 KB	436ms 232ms	Image image/png	52.217.85.38 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://s3.amazonaws.com/lambda.appdataroom.com/temp/modus-circle-symbol-red.png Requested by Host: adr.sh URL: https://adr.sh/error.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.217.85.38 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1.amazonaws.com Software AmazonS3 / Resource Hash `945ee7d5e7860d77d132db593af333c3a8191a38b48ad65d4485bc4f28573cd9` Request headers accept-language de-DE,de;q=0.9 Referer https://adr.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Wed, 14 Dec 2022 14:39:01 GMT x-amz-version-id pd9oEx8ajWo1Kx9aBzfwXxXy57ijrh4w Last-Modified Mon, 18 Jun 2018 15:28:45 GMT Server AmazonS3 x-amz-request-id NED02MHT4WBFWE0D ETag "72822172835cbed517ba50ff43f654ae" Content-Type image/png Accept-Ranges bytes Content-Length 21029 x-amz-id-2 fCEsTswGKqaFU4DgwMHksx/knnPd33xxKoLK/SR0wOuqhTWnKh9jnzzLtV3IxDcZFzeyyFIuhPI=

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adr.sh
api3.appdataroom.com
s3.amazonaws.com
18.66.122.16
18.66.122.7
23.21.85.150
52.217.85.38
62de39f25ad4c7a0079d10407f60c3dd923e8926415a21aa43ab58ebb279ccf1
945ee7d5e7860d77d132db593af333c3a8191a38b48ad65d4485bc4f28573cd9
deaec865572d23118b92e74da471a3f606b92ec5238f1fdd748ed09dd5d2d54e

adr.sh Open in urlscan Pro 18.66.122.7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

24 kBTransfer

23 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Indicators

adr.sh Open in urlscan Pro
18.66.122.7 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

24 kB
Transfer

23 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions