urlscan.io logo urlscan.io
SecurityTrails logo

0.greenskymotions.com Open in urlscan Pro
185.177.94.152  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.jomac-ksa.com/.well-known/anti/torsion/
Effective URL: https://0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed17
Submission: On December 21 via api from SE — Scanned from SE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 10 HTTP transactions. The main IP is 185.177.94.152, located in Amsterdam, Netherlands and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is 0.greenskymotions.com.
TLS certificate: Issued by R3 on December 18th 2022. Valid for: 3 months.
This is the only time 0.greenskymotions.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 212.76.85.96 41176 (SAHARANET...)
2 5 91.211.91.114 206638 (HOSTFORY)
1 91.211.91.104 206638 (HOSTFORY)
2 185.177.94.152 39572 (ADVANCEDH...)
1 185.177.92.179 ()
10 6
2    212.76.85.96 (Yanbu, Saudi Arabia)

ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA)
PTR: sl19.sahara.net.sa
www.jomac-ksa.com
5    91.211.91.114 (Ukraine)

ASN206638 (HOSTFORY, UA)
cdn.weatherplllatform.com
go.weatherplllatform.com
1    91.211.91.104 (Ukraine)

ASN206638 (HOSTFORY, UA)
away.cdnbestplatform.com
2    185.177.94.152 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-152.ah-server.com
greenskymotions.com
0.greenskymotions.com
1    185.177.92.179 (None, )

ASN- ()
di4.biz
Domain Requested by
3 go.weatherplllatform.com 2 redirects cdn.weatherplllatform.com
go.weatherplllatform.com
2 cdn.weatherplllatform.com www.jomac-ksa.com
2 www.jomac-ksa.com 1 redirects
1 di4.biz www.jomac-ksa.com
1 0.greenskymotions.com www.jomac-ksa.com
1 greenskymotions.com away.cdnbestplatform.com
1 away.cdnbestplatform.com go.weatherplllatform.com
10 7

This site contains no links.

Subject Issuer Validity Valid
jomac-ksa.com
cPanel, Inc. Certification Authority		 2022-10-01 -
2022-12-30		 3 months crt.sh
cdn.weatherplllatform.com
R3		 2022-11-13 -
2023-02-11		 3 months crt.sh
go.weatherplllatform.com
R3		 2022-09-25 -
2022-12-24		 3 months crt.sh
away.cdnbestplatform.com
R3		 2022-10-27 -
2023-01-25		 3 months crt.sh
greenskymotions.com
R3		 2022-12-18 -
2023-03-18		 3 months crt.sh
di4.biz
R3		 2022-11-27 -
2023-02-25		 3 months crt.sh

This page contains 1 frames:

Frame: https://di4.biz/?auf=gjstmzlfha5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxge3dgojrgy2a&p=b&sub1=&sub2=dfastspeed17&sub3=&sub4=&cpc=0&cpm=0
Frame ID: AD42C04814E257F8242FAF76B131CFF9
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

## Please tap the Allow button to continue ##

Page URL History Show full URLs

  1. http://www.jomac-ksa.com/.well-known/anti/torsion/ HTTP 301
    https://www.jomac-ksa.com/.well-known/anti/torsion/ Page URL
  2. https://go.weatherplllatform.com/fly.php?t=ZGZsa3lqaHNnZGY= HTTP 302
    https://go.weatherplllatform.com/track.php?tid=54889&lid=9554-66-457679-29 HTTP 302
    https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11 Page URL
  3. https://greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed17 Page URL
  4. https://0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed17 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

109 kB
Transfer

126 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.jomac-ksa.com/.well-known/anti/torsion/ HTTP 301
    https://www.jomac-ksa.com/.well-known/anti/torsion/ Page URL
  2. https://go.weatherplllatform.com/fly.php?t=ZGZsa3lqaHNnZGY= HTTP 302
    https://go.weatherplllatform.com/track.php?tid=54889&lid=9554-66-457679-29 HTTP 302
    https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11 Page URL
  3. https://greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed17 Page URL
  4. https://0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed17 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.jomac-ksa.com/.well-known/anti/torsion/ HTTP 301
  • https://www.jomac-ksa.com/.well-known/anti/torsion/
Request Chain 5
  • https://go.weatherplllatform.com/fly.php?t=ZGZsa3lqaHNnZGY= HTTP 302
  • https://go.weatherplllatform.com/track.php?tid=54889&lid=9554-66-457679-29 HTTP 302
  • https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.jomac-ksa.com/.well-known/anti/torsion/
Redirect Chain
  • http://www.jomac-ksa.com/.well-known/anti/torsion/
  • https://www.jomac-ksa.com/.well-known/anti/torsion/
897 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.jomac-ksa.com/.well-known/anti/torsion/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
212.76.85.96 Yanbu, Saudi Arabia, ASN41176 (SAHARANET-AS Sahara Net Main NOC AS, SA),
Reverse DNS
sl19.sahara.net.sa
Software
Apache /
Resource Hash
47c26583ed4752d1629f66750f49472cfa5dec16e9dee950f3d87df4c3aa1605

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 21 Dec 2022 16:12:39 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Connection
Keep-Alive
Content-Length
259
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 21 Dec 2022 16:12:39 GMT
Keep-Alive
timeout=5, max=100
Location
https://www.jomac-ksa.com/.well-known/anti/torsion/
Server
Apache
events.js
cdn.weatherplllatform.com/ 		2 KB
818 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.weatherplllatform.com/events.js?v=1.246
Requested by
Host: www.jomac-ksa.com
URL: https://www.jomac-ksa.com/.well-known/anti/torsion/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.211.91.114 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx /
Resource Hash
f0af99595f5240b6c86b70a17902c4bf72bd4f356303dd8b732ade94ecb38d69
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://www.jomac-ksa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 21 Dec 2022 16:12:41 GMT
strict-transport-security
max-age=15768000;
content-encoding
gzip
last-modified
Mon, 26 Sep 2022 14:49:44 GMT
server
nginx
etag
W/"6331bc08-920"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
result.js
cdn.weatherplllatform.com/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.weatherplllatform.com/result.js?v=000
Requested by
Host: www.jomac-ksa.com
URL: https://www.jomac-ksa.com/.well-known/anti/torsion/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.211.91.114 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx /
Resource Hash
97ace9f2b3e1ab15b911363a273a2b807d10089c39603e1327616d36535ed8fb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://www.jomac-ksa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 21 Dec 2022 16:12:41 GMT
strict-transport-security
max-age=15768000;
content-encoding
gzip
last-modified
Tue, 18 Oct 2022 12:23:23 GMT
server
nginx
etag
W/"634e9abb-d0c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
expires
Thu, 31 Dec 2037 23:55:55 GMT
follow.js
go.weatherplllatform.com/fly/ 		172 B
300 B 		Script
General
Check archive.org
Download Go to
Full URL
https://go.weatherplllatform.com/fly/follow.js?v=3.7.3
Requested by
Host: cdn.weatherplllatform.com
URL: https://cdn.weatherplllatform.com/result.js?v=000
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.211.91.114 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx / PHP/7.3.33
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://www.jomac-ksa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 21 Dec 2022 16:12:42 GMT
strict-transport-security
max-age=15768000;
server
nginx
x-powered-by
PHP/7.3.33
content-length
172
content-type
text/html; charset=UTF-8
fly.php
go.weatherplllatform.com/ 		0
0
go.php
away.cdnbestplatform.com/
Redirect Chain
  • https://go.weatherplllatform.com/fly.php?t=ZGZsa3lqaHNnZGY=
  • https://go.weatherplllatform.com/track.php?tid=54889&lid=9554-66-457679-29
  • https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11
828 B
553 B 		Document
General
Check archive.org
Download Go to
Full URL
https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11
Requested by
Host: go.weatherplllatform.com
URL: https://go.weatherplllatform.com/fly/follow.js?v=3.7.3
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.211.91.104 , Ukraine, ASN206638 (HOSTFORY, UA),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000;

Request headers

Referer
https://www.jomac-ksa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

content-encoding
gzip
content-length
410
content-type
text/html; charset=UTF-8
date
Wed, 21 Dec 2022 16:12:43 GMT
server
nginx
strict-transport-security
max-age=15768000;
vary
Accept-Encoding

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 21 Dec 2022 16:12:43 GMT
location
https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11
server
nginx
strict-transport-security
max-age=15768000;
x-powered-by
PHP/7.3.33
mu4genjugq5dcmjrhe3a
greenskymotions.com/go/ 		0
0
mu4genjugq5dcmjrhe3a
greenskymotions.com/go/ 		52 KB
52 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed17
Requested by
Host: away.cdnbestplatform.com
URL: https://away.cdnbestplatform.com/go.php?id=11134985467-34-56736-11
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.152 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-152.ah-server.com
Software
nginx /
Resource Hash
be7d4031d64bb895a738d867d36304137c2ee03d584d2a8a64d03c46995e1f76
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://away.cdnbestplatform.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 21 Dec 2022 16:12:43 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/gif
Primary Request index.php
0.greenskymotions.com/ 		52 KB
52 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0.greenskymotions.com/index.php?p=mu4genjugq5dcmjrhe3a&sub2=dfastspeed17
Requested by
Host: www.jomac-ksa.com
URL: https://www.jomac-ksa.com/.well-known/anti/torsion/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.94.152 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
ip-185-177-94-152.ah-server.com
Software
nginx /
Resource Hash
d0abde5ec9b61db80e8df95c74edfc9e91844a929aa3695bc6ee4e21c7487f23
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://greenskymotions.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 21 Dec 2022 16:12:44 GMT
server
nginx
strict-transport-security
max-age=31536000
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/gif
/
di4.biz/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://di4.biz/?auf=gjstmzlfha5dcnrqgixtcmjrhe3c6nbpmy2tezlemi2dklzrgixtcnrxge3dgojrgy2a&p=b&sub1=&sub2=dfastspeed17&sub3=&sub4=&cpc=0&cpm=0
Requested by
Host: www.jomac-ksa.com
URL: https://www.jomac-ksa.com/.well-known/anti/torsion/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.177.92.179 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://0.greenskymotions.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

access-control-allow-origin
*
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 21 Dec 2022 16:12:45 GMT
server
nginx
strict-transport-security
max-age=31536000

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
go.weatherplllatform.com
URL
https://go.weatherplllatform.com/fly.php?t=ZGZsa3lqaHNnZGY=
Domain
greenskymotions.com
URL
https://greenskymotions.com/go/mu4genjugq5dcmjrhe3a?sub2=dfastspeed17

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| languages undefined| text string| relevanteLang string| lang function| urlB64ToUint8Array function| j4ee function| L0zz boolean| j string| title string| holder function| before_redirect_block

2 Cookies

Domain/Path Name / Value
.greenskymotions.com/ Name: uuid
Value: fe2d9fb7-11f2-4a89-889c-9a70ae60ace8
.0.greenskymotions.com/ Name: uuid
Value: fe2d9fb7-11f2-4a89-889c-9a70ae60ace8