URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Submission: On February 23 via api from US

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 19 HTTP transactions. The main IP is 148.251.75.38, located in Germany and belongs to HETZNER-AS, DE. The main domain is telegramfiles.com.
This is the only time telegramfiles.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 148.251.75.38 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 205.185.216.42 20446 (HIGHWINDS3)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 205.185.216.10 20446 (HIGHWINDS3)
8 185.66.200.98 201702 (SKHOSTING-EU)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 49.12.12.32 24940 (HETZNER-AS)
19 9
Domain Requested by
8 uprimp.com telegramfiles.com
uprimp.com
2 www.google-analytics.com www.googletagmanager.com
telegramfiles.com
2 cdnjs.cloudflare.com telegramfiles.com
2 cdn.fluidplayer.com telegramfiles.com
1 a.o333o.com cdn.o333o.com
1 fonts.googleapis.com telegramfiles.com
1 cdn.o333o.com telegramfiles.com
1 www.googletagmanager.com telegramfiles.com
1 telegramfiles.com
19 9

This site contains no links.

Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
fluidplayer.com
Let's Encrypt Authority X3
2020-01-16 -
2020-04-15
3 months crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-12-05 -
2020-06-12
6 months crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
a.o333o.com
COMODO RSA Domain Validation Secure Server CA
2018-01-16 -
2021-02-12
3 years crt.sh

This page contains 5 frames:

Primary Page: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Frame ID: 2962AA3AA4668C73EE2E2E43B422AE91
Requests: 15 HTTP requests in this frame

Frame: http://uprimp.com/bnr_xload.php?section=mobile&pub=841753&format=300x50&ga=g&xt=158247149952764&xtt=1171420
Frame ID: 13B841CD4D6BE4ED44D76DEA48211764
Requests: 1 HTTP requests in this frame

Frame: http://uprimp.com/bnr_xload.php?section=main1&pub=841753&format=300x250&ga=g&xt=158247149985721&xtt=3973931
Frame ID: 983A27D2FE0240577ED9041E956F5796
Requests: 1 HTTP requests in this frame

Frame: http://uprimp.com/bnr_xload.php?section=main2&pub=841753&format=300x250&ga=g&xt=158247149961592&xtt=6839058
Frame ID: E6CC8BA56D6D93FFCA90DC2215832E65
Requests: 1 HTTP requests in this frame

Frame: http://uprimp.com/bnr_xload.php?section=main3&pub=841753&format=300x250&ga=g&xt=158247149985088&xtt=8404685
Frame ID: 9B63D11E320D99F5EE09ABB67CBF7150
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Ubuntu/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

19
Requests

47 %
HTTPS

44 %
IPv6

8
Domains

9
Subdomains

9
IPs

3
Countries

184 kB
Transfer

431 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
telegramfiles.com/1903080/
5 KB
6 KB
Document
General
Full URL
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Server
148.251.75.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.38.75.251.148.clients.your-server.de
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash
08c6e4326ec4c82886daefa14ea403335f35d71735a5c9671b97aff68f6098cb

Request headers

Host
telegramfiles.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.16.1 (Ubuntu)
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Type
text/html; charset=utf-8
Content-Length
5570
Connection
keep-alive
js
www.googletagmanager.com/gtag/
74 KB
28 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-150899596-1
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
12076398bab379e22bf8999dc693ea82014ddf09364f414bed3c4b90265c8e8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Sun, 23 Feb 2020 15:24:59 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28493
x-xss-protection
0
last-modified
Sun, 23 Feb 2020 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 23 Feb 2020 15:24:59 GMT
fluidplayer.min.css
cdn.fluidplayer.com/v2/current/
34 KB
5 KB
Stylesheet
General
Full URL
https://cdn.fluidplayer.com/v2/current/fluidplayer.min.css
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
b89485f60b9d7cf92ab0ac946c1728454a609e4466026626035e2102b4811193

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Dec 2019 09:46:44 GMT
ETag
"1576748804"
X-HW
1582471499.dop005.wa1.t,1582471499.cds003.wa1.shn,1582471499.dop005.wa1.t,1582471499.cds004.wa1.c
Content-Type
text/css
Cache-Control
max-age=55512
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
4618
fluidplayer.min.js
cdn.fluidplayer.com/v2/current/
122 KB
28 KB
Script
General
Full URL
https://cdn.fluidplayer.com/v2/current/fluidplayer.min.js
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
815d92b63a87d1d39dd176e331fc09851953a693ad85593810fabd68645caccd

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Encoding
gzip
Last-Modified
Thu, 19 Dec 2019 09:46:44 GMT
ETag
"1576748804"
X-HW
1582471499.dop001.wa1.t,1582471499.cds011.wa1.shn,1582471499.dop001.wa1.t,1582471499.cds004.wa1.c
Content-Type
application/javascript
Cache-Control
max-age=55512
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
28089
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Sun, 23 Feb 2020 15:24:59 GMT
content-encoding
br
cf-cache-status
HIT
age
1411110
cf-ray
569a35b8acac0ea7-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:19:12 GMT
server
cloudflare
etag
W/"5afd4910-7918"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Fri, 12 Feb 2021 15:24:59 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.001
asg_embed.js
cdn.o333o.com/
39 KB
13 KB
Script
General
Full URL
http://cdn.o333o.com/asg_embed.js
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Server
205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
437179ef6497641e0404fc5d5677e010767d076097dd267e1f599eb546ba5d26

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Encoding
gzip
Last-Modified
Thu, 13 Feb 2020 15:37:11 GMT
Server
nginx
ETag
"5e456d27-322f"
X-HW
1582471499.dop001.wa1.t,1582471499.cds005.wa1.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
12847
bnr.php
uprimp.com/
370 B
718 B
Script
General
Full URL
http://uprimp.com/bnr.php?section=mobile&pub=841753&format=300x50&ga=g
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash
c9e1312fb7f3cbe6a8165a0953ba8b8849c8ac2e7a9951e26551f7cfe19cdd55

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Encoding
gzip
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Expires
Sun, 23 Feb 2020 15:24:59 GMT
bnr.php
uprimp.com/
371 B
719 B
Script
General
Full URL
http://uprimp.com/bnr.php?section=main1&pub=841753&format=300x250&ga=g
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash
9ed55ad63da5d4fc322b4798ec12ddacea4c0544aa2ca06118609071dc31694c

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Encoding
gzip
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Expires
Sun, 23 Feb 2020 15:24:59 GMT
bnr.php
uprimp.com/
371 B
720 B
Script
General
Full URL
http://uprimp.com/bnr.php?section=main2&pub=841753&format=300x250&ga=g
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash
2ebf8bed4b88d8e2b51acd053c6b14e199a3d2c68225edfd57dba80ea1217203

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Encoding
gzip
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Expires
Sun, 23 Feb 2020 15:24:59 GMT
bnr.php
uprimp.com/
371 B
719 B
Script
General
Full URL
http://uprimp.com/bnr.php?section=main3&pub=841753&format=300x250&ga=g
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash
83e08443e9b4b4f6fea9e67896e09f6a6395c6c87fb0833443809500b028b043

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Encoding
gzip
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
close
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Expires
Sun, 23 Feb 2020 15:24:59 GMT
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-150899596-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
5789
date
Sun, 23 Feb 2020 13:48:30 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Sun, 23 Feb 2020 15:48:30 GMT
collect
www.google-analytics.com/r/
35 B
101 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1760024615&t=pageview&_s=1&dl=http%3A%2F%2Ftelegramfiles.com%2F1903080%2FExpressVPN%2520(%40ApksApps)%2520V7.9.2.apk.html&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=690226351&gjid=1262773268&cid=1693503599.1582471500&tid=UA-150899596-1&_gid=405987749.1582471500&_r=1&gtm=2ou2c0&z=1193913450
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Sun, 23 Feb 2020 15:24:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/
5 KB
791 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bfa21901e87e44f386b8208764bc596acaaaa085e560bf989d40982eb0e5a7c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 23 Feb 2020 15:24:59 GMT
server
ESF
date
Sun, 23 Feb 2020 15:24:59 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 23 Feb 2020 15:24:59 GMT
199784
a.o333o.com/api/spots/
391 B
619 B
Script
General
Full URL
https://a.o333o.com/api/spots/199784?host=telegramfiles.com&ev=132
Requested by
Host: cdn.o333o.com
URL: http://cdn.o333o.com/asg_embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
49.12.12.32 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.32.12.12.49.clients.your-server.de
Software
nginx /
Resource Hash
82d005587432345ea7e3ddf5a89c2840ad2e74ef7265b03ea42b8a58444bf6cd

Request headers

Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Sun, 23 Feb 2020 15:25:00 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
private
Transfer-Encoding
chunked
Connection
keep-alive
bnr_xload.php
uprimp.com/ Frame 13B8
0
0
Document
General
Full URL
http://uprimp.com/bnr_xload.php?section=mobile&pub=841753&format=300x50&ga=g&xt=158247149952764&xtt=1171420
Requested by
Host: uprimp.com
URL: http://uprimp.com/bnr.php?section=mobile&pub=841753&format=300x50&ga=g
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Host
uprimp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html

Response headers

Server
nginx
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Expires
Sun, 23 Feb 2020 15:24:59 GMT
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Content-Encoding
gzip
Cookie set bnr_xload.php
uprimp.com/ Frame 983A
0
0
Document
General
Full URL
http://uprimp.com/bnr_xload.php?section=main1&pub=841753&format=300x250&ga=g&xt=158247149985721&xtt=3973931
Requested by
Host: uprimp.com
URL: http://uprimp.com/bnr.php?section=main1&pub=841753&format=300x250&ga=g
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Host
uprimp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html

Response headers

Server
nginx
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Expires
Sun, 23 Feb 2020 15:24:59 GMT
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Set-Cookie
used_ad2307197=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ total_impressions=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ cpa_673873=300x250_294466152_0; expires=Tue, 24-Mar-2020 15:24:59 GMT; Max-Age=2592000; path=/
Content-Encoding
gzip
Cookie set bnr_xload.php
uprimp.com/ Frame E6CC
0
0
Document
General
Full URL
http://uprimp.com/bnr_xload.php?section=main2&pub=841753&format=300x250&ga=g&xt=158247149961592&xtt=6839058
Requested by
Host: uprimp.com
URL: http://uprimp.com/bnr.php?section=main2&pub=841753&format=300x250&ga=g
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Host
uprimp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html

Response headers

Server
nginx
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Expires
Sun, 23 Feb 2020 15:24:59 GMT
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Set-Cookie
used_ad2241891=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ total_impressions=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ cpa_673873=300x250_364674496_0; expires=Tue, 24-Mar-2020 15:24:59 GMT; Max-Age=2592000; path=/
Content-Encoding
gzip
bnr_xload.php
uprimp.com/ Frame 9B63
0
0
Document
General
Full URL
http://uprimp.com/bnr_xload.php?section=main3&pub=841753&format=300x250&ga=g&xt=158247149985088&xtt=8404685
Requested by
Host: uprimp.com
URL: http://uprimp.com/bnr.php?section=main3&pub=841753&format=300x250&ga=g
Protocol
HTTP/1.1
Server
185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.98.skhosting.eu
Software
nginx /
Resource Hash

Request headers

Host
uprimp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html

Response headers

Server
nginx
Date
Sun, 23 Feb 2020 15:24:59 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Expires
Sun, 23 Feb 2020 15:24:59 GMT
Last-Modified
Sun, 23 Feb 2020 15:24:59 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
X-Robots-Tag
noindex, nofollow, noarchive, nosnippet
Content-Encoding
gzip
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/
75 KB
76 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: telegramfiles.com
URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin
http://telegramfiles.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 23 Feb 2020 15:24:59 GMT
cf-cache-status
HIT
age
2133674
cf-ray
569a35ba294997ea-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
77160
last-modified
Thu, 17 May 2018 09:19:53 GMT
server
cloudflare
etag
"5afd4939-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
expires
Fri, 12 Feb 2021 15:24:59 GMT
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
served-in-seconds
0.001

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| fluidPlayerScriptLocation object| fluidPlayerClass function| fluidPlayer object| NaConf object| __AsgCookies object| asgPopScript object| __asgStorageDriver object| __NA string| popns object| __ASG number| qs

12 Cookies

Domain/Path Name / Value
namel.net/ Name: used_ad2241891
Value: 1
uprimp.com/ Name: used_ad2307197
Value: 1
.telegramfiles.com/ Name: _gid
Value: GA1.2.405987749.1582471500
uprimp.com/ Name: total_impressions
Value: 1
uprimp.com/ Name: cpa_673873
Value: 300x250_294466152_0
namel.net/ Name: used_ad2307197
Value: 1
uprimp.com/ Name: MarketGidStorage
Value: %7B%220%22%3A%7B%22svspr%22%3A%22http%3A%2F%2Fuprimp.com%2Fbnr_xload.php%3Fsection%3Dmain3%26pub%3D841753%26format%3D300x250%26ga%3Dg%26xt%3D158247149985088%26xtt%3D8404685%22%2C%22svsds%22%3A1%2C%22TejndEEDj%22%3A%22R36jh7cwN%22%7D%2C%22C397703%22%3A%7B%22page%22%3A1%2C%22time%22%3A1582471501496%7D%7D
uprimp.com/ Name: used_ad2241891
Value: 1
telegramfiles.com/ Name: asgsl
Value: 199784%3Dkeep_looping%3Afalse%2Cnoloop%3Atrue%2Cshows_limit%3A1
.telegramfiles.com/ Name: _gat_gtag_UA_150899596_1
Value: 1
namel.net/148bcf03fc/bb6bac9292 Name: total_impressions
Value: 1
.telegramfiles.com/ Name: _ga
Value: GA1.2.1693503599.1582471500