urlscan.io logo urlscan.io
SecurityTrails logo

greenskymotions.net Open in urlscan Pro
185.177.94.152  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://rayhanhosen.com/
Effective URL: https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=tripple1
Submission: On November 22 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 7 HTTP transactions. The main IP is 185.177.94.152, located in Amsterdam, Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is greenskymotions.net. The Cisco Umbrella rank of the primary domain is 706471.
TLS certificate: Issued by R3 on November 21st 2022. Valid for: 3 months.
This is the only time greenskymotions.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.21.6.30 13335 (CLOUDFLAR...)
1 172.67.154.156 13335 (CLOUDFLAR...)
2 89.22.228.250 399587 (UT)
1 2 193.169.195.64 50321 (BYTES-AS)
1 185.177.94.152 39572 (ADVANCEDH...)
7 5
1    104.21.6.30 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)
rayhanhosen.com
1    172.67.154.156 (United States)

ASN13335 (CLOUDFLARENET, US)
rayhanhosen.com
2    89.22.228.250 (Netherlands)

ASN399587 (UT, US)
PTR: host-89-22-228-250.hosted-by-vdsina.ru
record.findtrustclicks.com
2    193.169.195.64 (Latvia)

ASN50321 (BYTES-AS, UA)
PTR: 193.169.195.64
walk.cdnbestplatform.com
1    185.177.94.152 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-152.ah-server.com
greenskymotions.net
Apex Domain
Subdomains		 Transfer
2 cdnbestplatform.com
walk.cdnbestplatform.com — Cisco Umbrella Rank: 162081 Failed
933 B
2 findtrustclicks.com
record.findtrustclicks.com
4 KB
2 rayhanhosen.com
rayhanhosen.com
3 KB
1 greenskymotions.net
greenskymotions.net — Cisco Umbrella Rank: 706471 Failed
18 KB
7 4
Domain Requested by
2 walk.cdnbestplatform.com record.findtrustclicks.com
2 record.findtrustclicks.com rayhanhosen.com
record.findtrustclicks.com
2 rayhanhosen.com 1 redirects
1 greenskymotions.net walk.cdnbestplatform.com
7 4

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-10-31 -
2023-10-31		 a year crt.sh
record.findtrustclicks.com
R3		 2022-11-15 -
2023-02-13		 3 months crt.sh
walk.cdnbestplatform.com
R3		 2022-11-06 -
2023-02-04		 3 months crt.sh
greenskymotions.com
R3		 2022-11-21 -
2023-02-19		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=tripple1
Frame ID: 96040675D37314BF448D52003817F4F8
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Checking your browser

Page URL History Show full URLs

  1. http://rayhanhosen.com/ HTTP 301
    https://rayhanhosen.com/ Page URL
  2. https://walk.cdnbestplatform.com/away/gogo.php?sid=13436&pid=796967&lid=798546 HTTP 302
    https://walk.cdnbestplatform.com/away/gogo.php?sid=856769&pid=3485&lid=956456&bollow=1 Page URL
  3. https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=tripple1 Page URL

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

25 kB
Transfer

54 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://rayhanhosen.com/ HTTP 301
    https://rayhanhosen.com/ Page URL
  2. https://walk.cdnbestplatform.com/away/gogo.php?sid=13436&pid=796967&lid=798546 HTTP 302
    https://walk.cdnbestplatform.com/away/gogo.php?sid=856769&pid=3485&lid=956456&bollow=1 Page URL
  3. https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=tripple1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://rayhanhosen.com/ HTTP 301
  • https://rayhanhosen.com/
Request Chain 4
  • https://walk.cdnbestplatform.com/away/gogo.php?sid=13436&pid=796967&lid=798546 HTTP 302
  • https://walk.cdnbestplatform.com/away/gogo.php?sid=856769&pid=3485&lid=956456&bollow=1

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
rayhanhosen.com/
Redirect Chain
  • http://rayhanhosen.com/
  • https://rayhanhosen.com/
28 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rayhanhosen.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.154.156 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
80ee2a69b456d42e148ed8b8d1acc82ea3e20dc7e64c840b9f1db29973aca606

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
76e5037ec91d3778-MEL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 22 Nov 2022 22:13:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jQbJQTHEHsII0Dkq9L%2BM%2BII4KqvHWVOIhHjBuXPgTm%2F7Yw8vh6vkPR74tg7ZsQQq9LzwQza%2BEOvaD%2Fp2ajJhVFz7lv6Gy1cp%2BGWKLVXqXkmkSYrJMhTNG%2FW1tPaRSuBzc5M%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
x-turbo-charged-by
LiteSpeed

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
76e5037a1ec65a91-MEL
Connection
keep-alive
Content-Type
text/html
Date
Tue, 22 Nov 2022 22:13:40 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gb%2BN%2FIjXnLsYw1c0QMZtqpVrPmtPV5%2FCwdxa1tqihc3vVpVJ%2FCc6d288pQS%2BQ%2Fp%2FVDTG5RwfoDpXY1W%2ByI6bp1hF8TOd0hi72MigA5r27hsnLsNG8AmWFaRIGEyxHBR5CBc%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
location
https://rayhanhosen.com/
x-turbo-charged-by
LiteSpeed
sort.js
record.findtrustclicks.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://record.findtrustclicks.com/sort.js?v=7.0.1
Requested by
Host: rayhanhosen.com
URL: https://rayhanhosen.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.22.228.250 , Netherlands, ASN399587 (UT, US),
Reverse DNS
host-89-22-228-250.hosted-by-vdsina.ru
Software
nginx /
Resource Hash
543422e28b6b73adb5e90d6456fc574be81314b2a6b39474c5f59d1bc6cd2b50

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rayhanhosen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Tue, 22 Nov 2022 22:13:41 GMT
Content-Encoding
gzip
Last-Modified
Sat, 19 Nov 2022 11:11:36 GMT
Server
nginx
ETag
W/"f99-5edd0e2bf80af"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Keep-Alive
timeout=60
stake.js
record.findtrustclicks.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://record.findtrustclicks.com/stake.js?v=9.7.5
Requested by
Host: record.findtrustclicks.com
URL: https://record.findtrustclicks.com/sort.js?v=7.0.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.22.228.250 , Netherlands, ASN399587 (UT, US),
Reverse DNS
host-89-22-228-250.hosted-by-vdsina.ru
Software
nginx /
Resource Hash
e648c1a4cd8952511d1223199ed815907cbadac3d9e1d4ec2fca7d704194b8b8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://rayhanhosen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Tue, 22 Nov 2022 22:13:41 GMT
Content-Encoding
gzip
Last-Modified
Sat, 19 Nov 2022 11:13:11 GMT
Server
nginx
ETag
W/"119b-5edd0e86bf7c8"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Keep-Alive
timeout=60
gogo.php
walk.cdnbestplatform.com/away/ 		0
0
gogo.php
walk.cdnbestplatform.com/away/
Redirect Chain
  • https://walk.cdnbestplatform.com/away/gogo.php?sid=13436&pid=796967&lid=798546
  • https://walk.cdnbestplatform.com/away/gogo.php?sid=856769&pid=3485&lid=956456&bollow=1
814 B
637 B 		Document
General
Check archive.org
Download Go to
Full URL
https://walk.cdnbestplatform.com/away/gogo.php?sid=856769&pid=3485&lid=956456&bollow=1
Requested by
Host: record.findtrustclicks.com
URL: https://record.findtrustclicks.com/stake.js?v=9.7.5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.169.195.64 , Latvia, ASN50321 (BYTES-AS, UA),
Reverse DNS
193.169.195.64
Software
nginx /
Resource Hash

Request headers

Referer
https://rayhanhosen.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 22 Nov 2022 22:13:43 GMT
Server
nginx
Transfer-Encoding
chunked

Redirect headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 22 Nov 2022 22:13:43 GMT
Location
https://walk.cdnbestplatform.com/away/gogo.php?sid=856769&pid=3485&lid=956456&bollow=1
Server
nginx
Transfer-Encoding
chunked
mu4genjugq5dcmjrhe3a
greenskymotions.net/go/ 		0
0
Primary Request mu4genjugq5dcmjrhe3a
greenskymotions.net/go/ 		18 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=tripple1
Requested by
Host: walk.cdnbestplatform.com
URL: https://walk.cdnbestplatform.com/away/gogo.php?sid=856769&pid=3485&lid=956456&bollow=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.152 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-152.ah-server.com
Software
nginx /
Resource Hash
06b99731336dda4d70c87f324be045214ddb8b1d459144fc535ebf0df1e571e4
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://walk.cdnbestplatform.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 22 Nov 2022 22:13:44 GMT
server
nginx
strict-transport-security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
walk.cdnbestplatform.com
URL
https://walk.cdnbestplatform.com/away/gogo.php?sid=13436&pid=796967&lid=798546
Domain
greenskymotions.net
URL
https://greenskymotions.net/go/mu4genjugq5dcmjrhe3a?sub2=tripple1

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| urlB64ToUint8Array

2 Cookies

Domain/Path Name / Value
rayhanhosen.com/ Name: trainmeassystt
Value: 1
.greenskymotions.net/ Name: uuid
Value: d94296c2-2443-47d8-9d77-134c07c3353e