asmemk.buyu365svip.com Open in urlscan Pro
172.67.147.12 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://2024.ski/
Effective URL:
https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888
Submission: On April 28 via api (April 28th 2024, 7:43:18 pm UTC) from US — Scanned from SG

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 172.67.147.12, located in United States and belongs to CLOUDFLARENET, US. The main domain is asmemk.buyu365svip.com.
TLS certificate: Issued by E1 on March 23rd 2024. Valid for: 3 months.

This is the only time asmemk.buyu365svip.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	119.28.112.32 119.28.112.32	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
6	172.67.147.12 172.67.147.12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2

2 119.28.112.32 (Singapore, Singapore)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

2024.ski	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.147.12 (United States)

ASN13335 (CLOUDFLARENET, US)

asmemk.buyu365svip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	buyu365svip.com asmemk.buyu365svip.com	172 KB
2	2024.ski 2024.ski	1 KB
8	2

	Domain	Requested by
6	asmemk.buyu365svip.com	asmemk.buyu365svip.com
2	2024.ski
8	2

This site contains no links.

Subject Issuer	Validity	Valid
2024.pet R3	`2024-04-28` - `2024-07-27`	3 months	crt.sh
buyu365svip.com E1	`2024-03-23` - `2024-06-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888
Frame ID: 3237FD98ED1B9759301F843FD960E6A4
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home

Page URL History Show full URLs

https://2024.ski/ Page URL
https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Page URL

Detected technologies

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

173 kB
Transfer

181 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://2024.ski/ Page URL
https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response 2024.ski/	1 KB 765 B	252ms 3ms	Document text/html	119.28.112.32 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://2024.ski/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 119.28.112.32 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Apache / Resource Hash `558451905cf3f06cd26902e3dfa4071953f831da951eecdff4e4db201f9e58de` Request headers Accept-Language zh-SG,zh;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes content-encoding gzip content-length 628 content-type text/html date Sun, 28 Apr 2024 19:43:10 GMT etag "410-6169d2e9e6ece-gzip" last-modified Sun, 21 Apr 2024 15:43:28 GMT server Apache vary Accept-Encoding
GET H2	404	favicon.ico 2024.ski/	255 B 305 B	4ms 3ms	Other text/html	119.28.112.32 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://2024.ski/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 119.28.112.32 Singapore, Singapore, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software Apache / Resource Hash `270cb0438b63db0c3fd30748a02dd3406ba7b733f4be7c7a8247b9ebe96f28a1` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://2024.ski/ Accept-Language zh-SG,zh;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 28 Apr 2024 19:43:10 GMT server Apache content-length 255 content-type text/html; charset=iso-8859-1
GET H3	200	Primary Request download.html Show response asmemk.buyu365svip.com/10383pxmdhi/app/	1 KB 948 B	182ms 93ms	Document text/html	172.67.147.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.147.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `69008936383676b9ac95245ce3cfe7e3f730b9575697ec4460380983588c1a5c` Request headers Accept-Language zh-SG,zh;q=0.9;q=0.9 Referer https://2024.ski/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87b98a2efa819cc2-SIN content-encoding br content-type text/html; charset=utf-8 date Sun, 28 Apr 2024 19:43:11 GMT last-modified Sun, 12 Nov 2023 11:10:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=puAR669Lwt2z0AtxpdpUsNGd2y9qr8GeY44gLHL8jc5HLQjotXQ1frGuE2ws97%2BE4mJ9DqNii1UDu%2F59vyuJCenykZn70JbUliX2tSCU3cwQgzLSvV7nKeoIKMvw80yiXHOC8NbauWZU"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	clipboard.min.js Show response asmemk.buyu365svip.com/10383pxmdhi/app/js/	11 KB 4 KB	95ms 95ms	Script application/javascript	172.67.147.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://asmemk.buyu365svip.com/10383pxmdhi/app/js/clipboard.min.js Requested by Host: asmemk.buyu365svip.com URL: https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.147.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c168d3a04c45a631be76437054619a4a3b30107960cb9730be96012fef5762b0` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Accept-Language zh-SG,zh;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 28 Apr 2024 19:43:11 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 12 Nov 2023 11:10:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6550b296-2a08" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q1ld4ql1bp4h0X%2FusHbGP32DewYpspZdrJv5TCjGt1sbIdp7SCGtxt%2FjhhLP%2FOFhaYUdh2bmTNczNUuGT2Xy%2FMsHBFX9hq1pSjsE87DcvRz52SQ3xxD0t8wsx%2FI7gBMBoHTpCXA2rRip"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control max-age=14400 cf-ray 87b98a2f9b139cc2-SIN alt-svc h3=":443"; ma=86400
GET H3	200	main.min.js Show response asmemk.buyu365svip.com/10383pxmdhi/app/js/	3 KB 2 KB	94ms 93ms	Script application/javascript	172.67.147.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://asmemk.buyu365svip.com/10383pxmdhi/app/js/main.min.js Requested by Host: asmemk.buyu365svip.com URL: https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.147.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0d190a23d1bd509f96c329b8ac2bfd32305eed2c9645e59bc3744fa8e24c8b9e` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Accept-Language zh-SG,zh;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 28 Apr 2024 19:43:11 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 12 Nov 2023 11:10:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6550b296-cd6" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTr68sGGuw1vywhDQvKvbjQpCB3jCfTs41tsdPgM89P5GkEdAKIrK9bYtzomaKdUAGOonPm%2FOFbcLT5nbXEZtNtyXwgBMLUtvMZQAQqxEPYFRXRJP1rS3wMRsLFFcHON3OCv%2BQK6QgX6"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control max-age=14400 cf-ray 87b98a2f9b159cc2-SIN alt-svc h3=":443"; ma=86400
GET H3	200	share-min.jpg asmemk.buyu365svip.com/10383pxmdhi/app/img/	153 KB 154 KB	98ms 98ms	Image image/jpeg	172.67.147.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://asmemk.buyu365svip.com/10383pxmdhi/app/img/share-min.jpg Requested by Host: asmemk.buyu365svip.com URL: https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.147.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7ce12f69fcb04b41fb222d7f59622af215d3e42b59fc03a3695fd038c8859ed0` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Accept-Language zh-SG,zh;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 28 Apr 2024 19:43:11 GMT cf-cache-status REVALIDATED last-modified Sun, 12 Nov 2023 11:10:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "6550b296-2656c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=odPYuQSdmvbDW%2FOepQmZmsN5ypSrXLkpZES77i1WiJGfNbKZ86%2FrZUZa%2Ft1sUbjawWDIwjpqVAp%2FOIIpI3eWhm5ttG037bmVh4ISJKr04Paj0U9x33VcFbt2c6F4SZ05OydjRoLxHQAY"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 accept-ranges bytes cf-ray 87b98a303b739cc2-SIN alt-svc h3=":443"; ma=86400 content-length 157036
POST H3	404	update_load_count Show response asmemk.buyu365svip.com/system/	555 B 542 B	50ms 50ms	XHR text/html	172.67.147.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://asmemk.buyu365svip.com/system/update_load_count Requested by Host: asmemk.buyu365svip.com URL: https://asmemk.buyu365svip.com/10383pxmdhi/app/js/main.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.147.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `922a7a005a299daab272ef3b0c7106716572ece666c54c187ce6836b32474973` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-platform "Win32" Referer https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Accept-Language zh-SG,zh;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type application/json Response headers date Sun, 28 Apr 2024 19:43:11 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FdHng1U6ilcC2qlmWzJZNNrFznUrPDrcqOfYtpkQZSrygwMprXIlwpCTTCw5NfSO%2FqAXnAJC%2BHSwKf19avy88tbEczhNTHN7L7wauDjM8V2Mzpjqq3dk%2F83dBE%2B0wB0jpI0olwTZ0XtX"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 cf-ray 87b98a30ebd99cc2-SIN alt-svc h3=":443"; ma=86400
GET H3	200	favicon.ico asmemk.buyu365svip.com/10383pxmdhi/app/img/	11 KB 11 KB	94ms 94ms	Other image/x-icon	172.67.147.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://asmemk.buyu365svip.com/10383pxmdhi/app/img/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.147.12 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f5bedb9e49742432d9bb56a08a09d09a7b50b5cf8c068588d6349e511d3a9f05` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://asmemk.buyu365svip.com/10383pxmdhi/app/download.html?proxy_id=1118888 Accept-Language zh-SG,zh;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 28 Apr 2024 19:43:11 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 12 Nov 2023 11:10:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6550b296-2bde" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8QNQlsWULEAAy%2BDp%2BbmF5jn7p7u0g3QRbUDycLF06n8mUfi8SP0L9%2FnviGysciHKGa65xtp81sX2IPzNJQ5lYUM5WksZgr1P%2BapdacNedAcBTL%2FLhpebyrQtGhfeJyFWZDYm1yQGZz%2Bq"}],"group":"cf-nel","max_age":604800} content-type image/x-icon cache-control max-age=14400 cf-ray 87b98a30fbe09cc2-SIN alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://2024.ski/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://asmemk.buyu365svip.com/system/update_load_count Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2024.ski
asmemk.buyu365svip.com
119.28.112.32
172.67.147.12
0d190a23d1bd509f96c329b8ac2bfd32305eed2c9645e59bc3744fa8e24c8b9e
270cb0438b63db0c3fd30748a02dd3406ba7b733f4be7c7a8247b9ebe96f28a1
558451905cf3f06cd26902e3dfa4071953f831da951eecdff4e4db201f9e58de
69008936383676b9ac95245ce3cfe7e3f730b9575697ec4460380983588c1a5c
7ce12f69fcb04b41fb222d7f59622af215d3e42b59fc03a3695fd038c8859ed0
922a7a005a299daab272ef3b0c7106716572ece666c54c187ce6836b32474973
c168d3a04c45a631be76437054619a4a3b30107960cb9730be96012fef5762b0
f5bedb9e49742432d9bb56a08a09d09a7b50b5cf8c068588d6349e511d3a9f05

asmemk.buyu365svip.com Open in urlscan Pro 172.67.147.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

173 kBTransfer

181 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

asmemk.buyu365svip.com Open in urlscan Pro
172.67.147.12 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

173 kB
Transfer

181 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions