telegramfiles.com Open in urlscan Pro
148.251.75.38  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Show response telegramfiles.com/1903080/	5 KB 6 KB	4448ms 4409ms	Document text/html	148.251.75.38 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Server 148.251.75.38 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.38.75.251.148.clients.your-server.de Software nginx/1.16.1 (Ubuntu) / Resource Hash 08c6e4326ec4c82886daefa14ea403335f35d71735a5c9671b97aff68f6098cb Request headers Host telegramfiles.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx/1.16.1 (Ubuntu) Date Sun, 23 Feb 2020 15:24:59 GMT Content-Type text/html; charset=utf-8 Content-Length 5570 Connection keep-alive
GET H2	200	js Show response www.googletagmanager.com/gtag/	74 KB 28 KB	16ms 15ms	Script application/javascript	2a00:1450:4001:800::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-150899596-1 Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 12076398bab379e22bf8999dc693ea82014ddf09364f414bed3c4b90265c8e8c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers date Sun, 23 Feb 2020 15:24:59 GMT content-encoding br status 200 strict-transport-security max-age=31536000; includeSubDomains alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 28493 x-xss-protection 0 last-modified Sun, 23 Feb 2020 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin http://www.googletagmanager.com cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 23 Feb 2020 15:24:59 GMT
GET H/1.1	200 OK	fluidplayer.min.css cdn.fluidplayer.com/v2/current/	34 KB 5 KB	163ms 41ms	Stylesheet text/css	205.185.216.42 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://cdn.fluidplayer.com/v2/current/fluidplayer.min.css Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash b89485f60b9d7cf92ab0ac946c1728454a609e4466026626035e2102b4811193 Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Sun, 23 Feb 2020 15:24:59 GMT Content-Encoding gzip Last-Modified Thu, 19 Dec 2019 09:46:44 GMT ETag "1576748804" X-HW 1582471499.dop005.wa1.t,1582471499.cds003.wa1.shn,1582471499.dop005.wa1.t,1582471499.cds004.wa1.c Content-Type text/css Cache-Control max-age=55512 Connection Keep-Alive Accept-Ranges bytes Content-Length 4618
GET H/1.1	200 OK	fluidplayer.min.js Show response cdn.fluidplayer.com/v2/current/	122 KB 28 KB	165ms 42ms	Script application/javascript	205.185.216.42 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://cdn.fluidplayer.com/v2/current/fluidplayer.min.js Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash 815d92b63a87d1d39dd176e331fc09851953a693ad85593810fabd68645caccd Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Sun, 23 Feb 2020 15:24:59 GMT Content-Encoding gzip Last-Modified Thu, 19 Dec 2019 09:46:44 GMT ETag "1576748804" X-HW 1582471499.dop001.wa1.t,1582471499.cds011.wa1.shn,1582471499.dop001.wa1.t,1582471499.cds004.wa1.c Content-Type application/javascript Cache-Control max-age=55512 Connection Keep-Alive Accept-Ranges bytes Content-Length 28089
GET H2	200	font-awesome.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/	30 KB 7 KB	14ms 13ms	Stylesheet text/css	2606:4700::6811:4104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd Security Headers Name Value Strict-Transport-Security max-age=15780000; includeSubDomains Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers date Sun, 23 Feb 2020 15:24:59 GMT content-encoding br cf-cache-status HIT age 1411110 cf-ray 569a35b8acac0ea7-FRA status 200 strict-transport-security max-age=15780000; includeSubDomains alt-svc h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400 last-modified Thu, 17 May 2018 09:19:12 GMT server cloudflare etag W/"5afd4910-7918" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css access-control-allow-origin * expires Fri, 12 Feb 2021 15:24:59 GMT cache-control public, max-age=30672000 timing-allow-origin * served-in-seconds 0.001
GET H/1.1	200 OK	asg_embed.js Show response cdn.o333o.com/	39 KB 13 KB	96ms 82ms	Script application/javascript	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL http://cdn.o333o.com/asg_embed.js Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Server 205.185.216.10 Phoenix, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software nginx / Resource Hash 437179ef6497641e0404fc5d5677e010767d076097dd267e1f599eb546ba5d26 Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 23 Feb 2020 15:24:59 GMT Content-Encoding gzip Last-Modified Thu, 13 Feb 2020 15:37:11 GMT Server nginx ETag "5e456d27-322f" X-HW 1582471499.dop001.wa1.t,1582471499.cds005.wa1.c Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=315360000, public Connection Keep-Alive Accept-Ranges bytes Content-Length 12847
GET H/1.1	200 OK	bnr.php Show response uprimp.com/	370 B 718 B	121ms 107ms	Script application/javascript	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr.php?section=mobile&pub=841753&format=300x50&ga=g Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash c9e1312fb7f3cbe6a8165a0953ba8b8849c8ac2e7a9951e26551f7cfe19cdd55 Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Sun, 23 Feb 2020 15:24:59 GMT Content-Encoding gzip Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Server nginx Transfer-Encoding chunked Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close X-Robots-Tag noindex, nofollow, noarchive, nosnippet Expires Sun, 23 Feb 2020 15:24:59 GMT
GET H/1.1	200 OK	bnr.php Show response uprimp.com/	371 B 719 B	131ms 117ms	Script application/javascript	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr.php?section=main1&pub=841753&format=300x250&ga=g Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash 9ed55ad63da5d4fc322b4798ec12ddacea4c0544aa2ca06118609071dc31694c Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Sun, 23 Feb 2020 15:24:59 GMT Content-Encoding gzip Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Server nginx Transfer-Encoding chunked Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close X-Robots-Tag noindex, nofollow, noarchive, nosnippet Expires Sun, 23 Feb 2020 15:24:59 GMT
GET H/1.1	200 OK	bnr.php Show response uprimp.com/	371 B 720 B	122ms 107ms	Script application/javascript	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr.php?section=main2&pub=841753&format=300x250&ga=g Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash 2ebf8bed4b88d8e2b51acd053c6b14e199a3d2c68225edfd57dba80ea1217203 Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Sun, 23 Feb 2020 15:24:59 GMT Content-Encoding gzip Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Server nginx Transfer-Encoding chunked Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close X-Robots-Tag noindex, nofollow, noarchive, nosnippet Expires Sun, 23 Feb 2020 15:24:59 GMT
GET H/1.1	200 OK	bnr.php Show response uprimp.com/	371 B 719 B	116ms 102ms	Script application/javascript	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr.php?section=main3&pub=841753&format=300x250&ga=g Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash 83e08443e9b4b4f6fea9e67896e09f6a6395c6c87fb0833443809500b028b043 Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Sun, 23 Feb 2020 15:24:59 GMT Content-Encoding gzip Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Server nginx Transfer-Encoding chunked Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close X-Robots-Tag noindex, nofollow, noarchive, nosnippet Expires Sun, 23 Feb 2020 15:24:59 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	44 KB 18 KB	6ms 5ms	Script text/javascript	2a00:1450:4001:800::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-150899596-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Thu, 06 Feb 2020 00:21:02 GMT server Golfe2 age 5789 date Sun, 23 Feb 2020 13:48:30 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 18174 expires Sun, 23 Feb 2020 15:48:30 GMT
GET H2	200	collect www.google-analytics.com/r/	35 B 101 B	13ms 13ms	Image image/gif	2a00:1450:4001:800::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1760024615&t=pageview&_s=1&dl=http%3A%2F%2Ftelegramfiles.com%2F1903080%2FExpressVPN%2520(%40ApksApps)%2520V7.9.2.apk.html&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=690226351&gjid=1262773268&cid=1693503599.1582471500&tid=UA-150899596-1&_gid=405987749.1582471500&_r=1&gtm=2ou2c0&z=1193913450 Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers pragma no-cache date Sun, 23 Feb 2020 15:24:59 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 access-control-allow-origin * content-type image/gif status 200 cache-control no-cache, no-store, must-revalidate alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	css fonts.googleapis.com/	5 KB 791 B	20ms 18ms	Stylesheet text/css	2a00:1450:4001:81d::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash bfa21901e87e44f386b8208764bc596acaaaa085e560bf989d40982eb0e5a7c8 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff status 200 alt-svc quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 23 Feb 2020 15:24:59 GMT server ESF date Sun, 23 Feb 2020 15:24:59 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 23 Feb 2020 15:24:59 GMT
GET H/1.1	200 OK	199784 Show response a.o333o.com/api/spots/	391 B 619 B	579ms 531ms	Script text/javascript	49.12.12.32 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://a.o333o.com/api/spots/199784?host=telegramfiles.com&ev=132 Requested by Host: cdn.o333o.com URL: http://cdn.o333o.com/asg_embed.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 49.12.12.32 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.32.12.12.49.clients.your-server.de Software nginx / Resource Hash 82d005587432345ea7e3ddf5a89c2840ad2e74ef7265b03ea42b8a58444bf6cd Request headers Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Sun, 23 Feb 2020 15:25:00 GMT Content-Encoding gzip Server nginx Vary Accept-Encoding Content-Type text/javascript Cache-Control private Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	bnr_xload.php uprimp.com/ Frame 13B8	0 0	121ms 109ms	Document text/html	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr_xload.php?section=mobile&pub=841753&format=300x50&ga=g&xt=158247149952764&xtt=1171420 Requested by Host: uprimp.com URL: http://uprimp.com/bnr.php?section=mobile&pub=841753&format=300x50&ga=g Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash Request headers Host uprimp.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Response headers Server nginx Date Sun, 23 Feb 2020 15:24:59 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection close Expires Sun, 23 Feb 2020 15:24:59 GMT Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Cache-Control no-store, no-cache, must-revalidate post-check=0, pre-check=0 Pragma no-cache X-Robots-Tag noindex, nofollow, noarchive, nosnippet Content-Encoding gzip
GET H/1.1	200 OK	Cookie set bnr_xload.php uprimp.com/ Frame 983A	0 0	171ms 159ms	Document text/html	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr_xload.php?section=main1&pub=841753&format=300x250&ga=g&xt=158247149985721&xtt=3973931 Requested by Host: uprimp.com URL: http://uprimp.com/bnr.php?section=main1&pub=841753&format=300x250&ga=g Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash Request headers Host uprimp.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Response headers Server nginx Date Sun, 23 Feb 2020 15:24:59 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection close Expires Sun, 23 Feb 2020 15:24:59 GMT Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Cache-Control no-store, no-cache, must-revalidate post-check=0, pre-check=0 Pragma no-cache X-Robots-Tag noindex, nofollow, noarchive, nosnippet Set-Cookie used_ad2307197=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ total_impressions=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ cpa_673873=300x250_294466152_0; expires=Tue, 24-Mar-2020 15:24:59 GMT; Max-Age=2592000; path=/ Content-Encoding gzip
GET H/1.1	200 OK	Cookie set bnr_xload.php uprimp.com/ Frame E6CC	0 0	159ms 148ms	Document text/html	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr_xload.php?section=main2&pub=841753&format=300x250&ga=g&xt=158247149961592&xtt=6839058 Requested by Host: uprimp.com URL: http://uprimp.com/bnr.php?section=main2&pub=841753&format=300x250&ga=g Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash Request headers Host uprimp.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Response headers Server nginx Date Sun, 23 Feb 2020 15:24:59 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection close Expires Sun, 23 Feb 2020 15:24:59 GMT Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Cache-Control no-store, no-cache, must-revalidate post-check=0, pre-check=0 Pragma no-cache X-Robots-Tag noindex, nofollow, noarchive, nosnippet Set-Cookie used_ad2241891=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ total_impressions=1; expires=Mon, 24-Feb-2020 05:00:00 GMT; Max-Age=48901; path=/ cpa_673873=300x250_364674496_0; expires=Tue, 24-Mar-2020 15:24:59 GMT; Max-Age=2592000; path=/ Content-Encoding gzip
GET H/1.1	200 OK	bnr_xload.php uprimp.com/ Frame 9B63	0 0	167ms 156ms	Document text/html	185.66.200.98 SKHOSTING-EU
General Check archive.org Show headers Download Go to Full URL http://uprimp.com/bnr_xload.php?section=main3&pub=841753&format=300x250&ga=g&xt=158247149985088&xtt=8404685 Requested by Host: uprimp.com URL: http://uprimp.com/bnr.php?section=main3&pub=841753&format=300x250&ga=g Protocol HTTP/1.1 Server 185.66.200.98 , Slovakia, ASN201702 (SKHOSTING-EU, SK), Reverse DNS 185.66.200.98.skhosting.eu Software nginx / Resource Hash Request headers Host uprimp.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Referer http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Response headers Server nginx Date Sun, 23 Feb 2020 15:24:59 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection close Expires Sun, 23 Feb 2020 15:24:59 GMT Last-Modified Sun, 23 Feb 2020 15:24:59 GMT Cache-Control no-store, no-cache, must-revalidate post-check=0, pre-check=0 Pragma no-cache X-Robots-Tag noindex, nofollow, noarchive, nosnippet Content-Encoding gzip
GET H2	200	fontawesome-webfont.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/	75 KB 76 KB	14ms 14ms	Font application/octet-stream	2606:4700::6811:4104 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: telegramfiles.com URL: http://telegramfiles.com/1903080/ExpressVPN%20(@ApksApps)%20V7.9.2.apk.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe Security Headers Name Value Strict-Transport-Security max-age=15780000; includeSubDomains Request headers Referer https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css Origin http://telegramfiles.com Sec-Fetch-Dest font User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 23 Feb 2020 15:24:59 GMT cf-cache-status HIT age 2133674 cf-ray 569a35ba294997ea-FRA status 200 strict-transport-security max-age=15780000; includeSubDomains alt-svc h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400 content-length 77160 last-modified Thu, 17 May 2018 09:19:53 GMT server cloudflare etag "5afd4939-12d68" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/octet-stream access-control-allow-origin * expires Fri, 12 Feb 2021 15:24:59 GMT cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * served-in-seconds 0.001

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| fluidPlayerScriptLocation object| fluidPlayerClass function| fluidPlayer object| NaConf object| __AsgCookies object| asgPopScript object| __asgStorageDriver object| __NA string| popns object| __ASG number| qs

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			namel.net/	1970-01-19 07:35:20	Name: used_ad2241891 Value: 1
			uprimp.com/	1970-01-19 07:35:20	Name: used_ad2307197 Value: 1
			.telegramfiles.com/	1970-01-19 07:35:57	Name: _gid Value: GA1.2.405987749.1582471500
			uprimp.com/	1970-01-19 07:35:20	Name: total_impressions Value: 1
			uprimp.com/	1970-01-19 08:17:43	Name: cpa_673873 Value: 300x250_294466152_0
			namel.net/	1970-01-19 07:35:20	Name: used_ad2307197 Value: 1
			uprimp.com/	1969-12-31 23:59:59	Name: MarketGidStorage Value: %7B%220%22%3A%7B%22svspr%22%3A%22http%3A%2F%2Fuprimp.com%2Fbnr_xload.php%3Fsection%3Dmain3%26pub%3D841753%26format%3D300x250%26ga%3Dg%26xt%3D158247149985088%26xtt%3D8404685%22%2C%22svsds%22%3A1%2C%22TejndEEDj%22%3A%22R36jh7cwN%22%7D%2C%22C397703%22%3A%7B%22page%22%3A1%2C%22time%22%3A1582471501496%7D%7D
			uprimp.com/	1970-01-19 07:35:20	Name: used_ad2241891 Value: 1
			telegramfiles.com/	1969-12-31 23:59:59	Name: asgsl Value: 199784%3Dkeep_looping%3Afalse%2Cnoloop%3Atrue%2Cshows_limit%3A1
			.telegramfiles.com/	1970-01-19 07:34:31	Name: _gat_gtag_UA_150899596_1 Value: 1
			namel.net/148bcf03fc/bb6bac9292	1970-01-19 07:35:20	Name: total_impressions Value: 1
			.telegramfiles.com/	1970-01-20 01:05:43	Name: _ga Value: GA1.2.1693503599.1582471500

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.o333o.com
cdn.fluidplayer.com
cdn.o333o.com
cdnjs.cloudflare.com
fonts.googleapis.com
telegramfiles.com
uprimp.com
www.google-analytics.com
www.googletagmanager.com
148.251.75.38
185.66.200.98
205.185.216.10
205.185.216.42
2606:4700::6811:4104
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:81d::200a
49.12.12.32
08c6e4326ec4c82886daefa14ea403335f35d71735a5c9671b97aff68f6098cb
12076398bab379e22bf8999dc693ea82014ddf09364f414bed3c4b90265c8e8c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2ebf8bed4b88d8e2b51acd053c6b14e199a3d2c68225edfd57dba80ea1217203
437179ef6497641e0404fc5d5677e010767d076097dd267e1f599eb546ba5d26
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
815d92b63a87d1d39dd176e331fc09851953a693ad85593810fabd68645caccd
82d005587432345ea7e3ddf5a89c2840ad2e74ef7265b03ea42b8a58444bf6cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e08443e9b4b4f6fea9e67896e09f6a6395c6c87fb0833443809500b028b043
9ed55ad63da5d4fc322b4798ec12ddacea4c0544aa2ca06118609071dc31694c
b89485f60b9d7cf92ab0ac946c1728454a609e4466026626035e2102b4811193
bfa21901e87e44f386b8208764bc596acaaaa085e560bf989d40982eb0e5a7c8
c9e1312fb7f3cbe6a8165a0953ba8b8849c8ac2e7a9951e26551f7cfe19cdd55
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d