nut.sh - urlscan.io

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 6 HTTP transactions. The main IP is 54.156.18.164, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is nut.sh.
TLS certificate: Issued by Amazon on March 13th 2022. Valid for: a year.

This is the only time nut.sh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	54.156.18.164 54.156.18.164	14618 (AMAZON-AES) (AMAZON-AES)
1	44.199.44.112 44.199.44.112	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.89.38 143.204.89.38	16509 (AMAZON-02) (AMAZON-02)
2	54.205.190.234 54.205.190.234	14618 (AMAZON-AES) (AMAZON-AES)
1	52.216.36.201 52.216.36.201	16509 (AMAZON-02) (AMAZON-02)
6	5

1 54.156.18.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-18-164.compute-1.amazonaws.com

nut.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.199.44.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-199-44-112.compute-1.amazonaws.com

loader.nutshell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.38 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-38.fra50.r.cloudfront.net

static.nlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.205.190.234 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-190-234.compute-1.amazonaws.com

app.nutshell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.36.201 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

nutshell-public-files.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	nutshell.com loader.nutshell.com app.nutshell.com — Cisco Umbrella Rank: 523510	2 KB
1	amazonaws.com nutshell-public-files.s3.amazonaws.com	10 KB
1	nlcdn.com static.nlcdn.com	92 KB
1	nut.sh nut.sh	566 B
6	4

	Domain	Requested by
2	app.nutshell.com	static.nlcdn.com
1	nutshell-public-files.s3.amazonaws.com
1	static.nlcdn.com	loader.nutshell.com
1	loader.nutshell.com	nut.sh
1	nut.sh
6	5

This site contains no links.

Subject Issuer	Validity	Valid
nut.sh Amazon	`2022-03-13` - `2023-04-11`	a year	crt.sh
*.nutshell.com Amazon	`2021-11-06` - `2022-12-04`	a year	crt.sh
static.nlcdn.com Amazon	`2021-07-24` - `2022-08-22`	a year	crt.sh
*.s3.amazonaws.com Amazon	`2021-12-15` - `2022-12-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://nut.sh/ell/forms/345270/1zrv4t
Frame ID: B8789477624CEE8AEA7F5285C4018F21
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft Business Drive

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

105 kB
Transfer

309 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 1zrv4t Show response nut.sh/ell/forms/345270/	714 B 566 B	528ms 165ms	Document text/html	54.156.18.164 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://nut.sh/ell/forms/345270/1zrv4t Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.156.18.164 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-156-18-164.compute-1.amazonaws.com Software nginx / Resource Hash `90569915899e86f57673dca917653de2cfe7e8a346801c017db25197da427215` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Tue, 21 Jun 2022 16:23:20 GMT referrer-policy origin-when-cross-origin server nginx x-nutshell-app-version 4352 x-ua-compatible IE=Edge
GET H2	200	nutsheller.js Show response loader.nutshell.com/	2 KB 1 KB	477ms 137ms	Script application/javascript	44.199.44.112 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://loader.nutshell.com/nutsheller.js Requested by Host: nut.sh URL: https://nut.sh/ell/forms/345270/1zrv4t Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 44.199.44.112 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-44-199-44-112.compute-1.amazonaws.com Software nginx / Resource Hash `609e5b5ba38900411a0b69b34410315c75ffe3ca8afa65d2c6496feae37280c8` Request headers accept-language en-GB,en;q=0.9 Referer https://nut.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers access-control-allow-origin * date Tue, 21 Jun 2022 16:23:21 GMT content-encoding gzip last-modified Fri, 17 Jun 2022 18:42:36 GMT server nginx etag W/"62accb1c-6f4" content-type application/javascript
GET H2	200	peanut.js Show response static.nlcdn.com/st-4352/	295 KB 92 KB	483ms 61ms	Script application/javascript	143.204.89.38 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static.nlcdn.com/st-4352/peanut.js Requested by Host: loader.nutshell.com URL: https://loader.nutshell.com/nutsheller.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.89.38 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-89-38.fra50.r.cloudfront.net Software AmazonS3 / Resource Hash `644ac726a21f91486f377ec2b89153253d20e24732495d451f363d8bb9042557` Request headers accept-language en-GB,en;q=0.9 Referer https://nut.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-amz-server-side-encryption AES256 date Fri, 17 Jun 2022 18:46:35 GMT content-encoding gzip last-modified Fri, 17 Jun 2022 18:44:05 GMT server AmazonS3 age 337007 etag W/"6a3ae517bb714814793b7abc4f562087" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript via 1.1 5721f7035c3fc934bd3f96dbb04ba1e4.cloudfront.net (CloudFront) cache-control max-age=604800,public x-amz-cf-pop FRA50-C1 x-amz-cf-id M3ba5Aw3IekvGuWkszsYLDMDmSso4dZyWFHXFYeWw1Xlen5mymrI_w==
GET H2	200	1zrv4t Show response app.nutshell.com/webForms/config/345270/	2 KB 1 KB	196ms 195ms	Fetch application/json	54.205.190.234 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.nutshell.com/webForms/config/345270/1zrv4t?viewSource=fullPage Requested by Host: static.nlcdn.com URL: https://static.nlcdn.com/st-4352/peanut.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.205.190.234 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-205-190-234.compute-1.amazonaws.com Software nginx / Resource Hash `7b0fc3d1f1e0af13d52b0c0173d174073edb098df0f805997e13e9214c7e5f28` Request headers Referer https://nut.sh/ accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Peanut-Action-Requester-Url https://nut.sh/ell/forms/345270/1zrv4t Response headers date Tue, 21 Jun 2022 16:23:22 GMT content-encoding gzip referrer-policy origin-when-cross-origin server nginx content-type application/json access-control-allow-origin * x-nutshell-app-version 4352 access-control-allow-headers Peanut-Action-Requester-Url x-ua-compatible IE=Edge
OPTIONS H2	204	1zrv4t app.nutshell.com/webForms/config/345270/	0 0	436ms 151ms	Preflight	54.205.190.234 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.nutshell.com/webForms/config/345270/1zrv4t?viewSource=fullPage Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.205.190.234 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-205-190-234.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Accept / Access-Control-Request-Headers peanut-action-requester-url Access-Control-Request-Method GET Origin https://nut.sh Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers access-control-allow-headers Peanut-Action-Requester-Url access-control-allow-origin * date Tue, 21 Jun 2022 16:23:22 GMT referrer-policy origin-when-cross-origin server nginx x-nutshell-app-version 4352 x-ua-compatible IE=Edge
GET H/1.1	200 OK	faad1fc73b050a8db8b9995d014a04843d3e67cb nutshell-public-files.s3.amazonaws.com/345270/	9 KB 10 KB	626ms 190ms	Image image/png	52.216.36.201 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://nutshell-public-files.s3.amazonaws.com/345270/faad1fc73b050a8db8b9995d014a04843d3e67cb Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.36.201 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash `ffdd8cc699f5138bd909281c91888cc2dd749d07feaf36e7adacee34531d20fc` Request headers accept-language en-GB,en;q=0.9 Referer https://nut.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36 Response headers x-amz-server-side-encryption AES256 Date Tue, 21 Jun 2022 16:23:24 GMT Last-Modified Tue, 14 Jun 2022 11:38:56 GMT Server AmazonS3 x-amz-request-id 1S180K4J709R9327 ETag "eb5d6b54b92c0d21ee15ec6b50730d47" Content-Type image/png x-amz-meta-filename 7bd360f2d42942c2acae7b725b5fa6f5%281%29.png Accept-Ranges bytes Content-Length 9673 x-amz-id-2 JdceYDDVSpeCML9PD4Tu4EkrTMoE9T9I4rXb/E0aDBC4LZNPFeFxL/0yTEjBhD/Vp8Y2oPIMahg=

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.nutshell.com
loader.nutshell.com
nut.sh
nutshell-public-files.s3.amazonaws.com
static.nlcdn.com
143.204.89.38
44.199.44.112
52.216.36.201
54.156.18.164
54.205.190.234
609e5b5ba38900411a0b69b34410315c75ffe3ca8afa65d2c6496feae37280c8
644ac726a21f91486f377ec2b89153253d20e24732495d451f363d8bb9042557
7b0fc3d1f1e0af13d52b0c0173d174073edb098df0f805997e13e9214c7e5f28
90569915899e86f57673dca917653de2cfe7e8a346801c017db25197da427215
ffdd8cc699f5138bd909281c91888cc2dd749d07feaf36e7adacee34531d20fc

nut.sh Open in urlscan Pro 54.156.18.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

5 IPs

1 Countries

105 kBTransfer

309 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

0 Cookies

Indicators

nut.sh Open in urlscan Pro
54.156.18.164 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

105 kB
Transfer

309 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions