tglpromote.freemanor.xyz
Open in
urlscan Pro
2606:4700:3037::ac43:c286
Public Scan
Submission: On April 12 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on March 12th 2024. Valid for: 3 months.
This is the only time tglpromote.freemanor.xyz was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 2606:4700:303... 2606:4700:3037::ac43:c286 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
1 | 2a02:26f0:480... 2a02:26f0:480:33::212:40ca | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 18.173.205.111 18.173.205.111 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.66.112.116 18.66.112.116 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 5 |
ASN20940 (AKAMAI-ASN1, NL)
websdk.appsflyer.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-111.fra56.r.cloudfront.net
wa.onelink.me |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-116.fra56.r.cloudfront.net
wa.appsflyer.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
freemanor.xyz
tglpromote.freemanor.xyz |
47 KB |
2 |
onelink.me
wa.onelink.me — Cisco Umbrella Rank: 11320 |
887 B |
2 |
appsflyer.com
websdk.appsflyer.com — Cisco Umbrella Rank: 4712 wa.appsflyer.com — Cisco Umbrella Rank: 7497 |
10 KB |
1 |
telegram.org
telegram.org — Cisco Umbrella Rank: 11491 |
15 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
6 | tglpromote.freemanor.xyz |
tglpromote.freemanor.xyz
|
2 | wa.onelink.me |
websdk.appsflyer.com
|
1 | wa.appsflyer.com |
websdk.appsflyer.com
|
1 | websdk.appsflyer.com |
tglpromote.freemanor.xyz
|
1 | telegram.org |
tglpromote.freemanor.xyz
|
11 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
freemanor.xyz GTS CA 1P5 |
2024-03-12 - 2024-06-10 |
3 months | crt.sh |
*.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-08-11 - 2024-09-11 |
a year | crt.sh |
*.appsflyer.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-07-27 - 2024-07-27 |
a year | crt.sh |
*.onelink.me Amazon RSA 2048 M02 |
2023-06-05 - 2024-07-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tglpromote.freemanor.xyz/
Frame ID: 8A2EA6B8248C9629294755381C44F313
Requests: 11 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
tglpromote.freemanor.xyz/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-bfc05f07.css
tglpromote.freemanor.xyz/static/css/ |
163 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
tglpromote.freemanor.xyz/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rocket-loader.min.js
tglpromote.freemanor.xyz/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-43a40793.js
tglpromote.freemanor.xyz/static/js/ |
512 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegram-web-app.js
telegram.org/js/ |
65 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
websdk.appsflyer.com/ |
34 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
tglpromote.freemanor.xyz/ |
2 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onelink
wa.onelink.me/v1/ |
13 B 370 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
events
wa.appsflyer.com/ |
77 B 539 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onelink
wa.onelink.me/v1/ |
51 B 517 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| __cfQR string| AppsFlyerSdkObject function| AF object| Telegram function| TelegramGameProxy_receiveEvent object| TelegramGameProxy boolean| __cfRLUnblockHandlers object| AF_SDK4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.appsflyer.com/ | Name: af_id Value: 3d30ee5f-f43f-4b95-93b3-748c3361b543-p |
|
.freemanor.xyz/ | Name: afUserId Value: 3d30ee5f-f43f-4b95-93b3-748c3361b543-p |
|
.onelink.me/ | Name: af_id Value: 3d30ee5f-f43f-4b95-93b3-748c3361b543-p |
|
.freemanor.xyz/ | Name: AF_SYNC Value: 1712932737757 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
telegram.org
tglpromote.freemanor.xyz
wa.appsflyer.com
wa.onelink.me
websdk.appsflyer.com
18.173.205.111
18.66.112.116
2001:67c:4e8:f004::9
2606:4700:3037::ac43:c286
2a02:26f0:480:33::212:40ca
12d14698538248cdbb74fca117f7f9c176bb91aa66da9c409c657bf910a38981
234d24549fda75d451ed54a9ebf45d3dfb38679b2d383512cf02832cf0ab9226
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
4027c10bc289b8c72081e9ebbf8766b96a94a482f22c956a845d9c22f7064eaf
412b8410e47c14a886fbee7f9e8c5db271c679a519b67f19de80fe431318b8da
65710eedd3d32a0a59213362846aad1715802a492e8a0a22affc7bcfead5a468
7ccf80229bbe586853232059978b67c1dbe6ccd7f6b4b8585b34bbcf2d9f195f
be29f005561eb43c7eb8f2434d1574d494c4f7b92c3da4aee705ab229c8dfc54
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
eb758109fe1c1890de9982bde5e67976126a02375c0186dd3817c1e2c511938b