tglpromote.freemanor.xyz Open in urlscan Pro
2606:4700:3037::ac43:c286 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://tglpromote.freemanor.xyz/
Submission: On April 12 via api (April 12th 2024, 2:39:00 pm UTC) from US — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3037::ac43:c286, located in United States and belongs to CLOUDFLARENET, US. The main domain is tglpromote.freemanor.xyz.
TLS certificate: Issued by GTS CA 1P5 on March 12th 2024. Valid for: 3 months.

This is the only time tglpromote.freemanor.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2606:4700:303... 2606:4700:3037::ac43:c286	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
1	2a02:26f0:480... 2a02:26f0:480:33::212:40ca	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	18.173.205.111 18.173.205.111	16509 (AMAZON-02) (AMAZON-02)
1	18.66.112.116 18.66.112.116	16509 (AMAZON-02) (AMAZON-02)
11	5

6 2606:4700:3037::ac43:c286 (United States)

ASN13335 (CLOUDFLARENET, US)

tglpromote.freemanor.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:33::212:40ca (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

websdk.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.173.205.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-111.fra56.r.cloudfront.net

wa.onelink.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-116.fra56.r.cloudfront.net

wa.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	freemanor.xyz tglpromote.freemanor.xyz	47 KB
2	onelink.me wa.onelink.me — Cisco Umbrella Rank: 11320	887 B
2	appsflyer.com websdk.appsflyer.com — Cisco Umbrella Rank: 4712 wa.appsflyer.com — Cisco Umbrella Rank: 7497	10 KB
1	telegram.org telegram.org — Cisco Umbrella Rank: 11491	15 KB
11	4

	Domain	Requested by
6	tglpromote.freemanor.xyz	tglpromote.freemanor.xyz
2	wa.onelink.me	websdk.appsflyer.com
1	wa.appsflyer.com	websdk.appsflyer.com
1	websdk.appsflyer.com	tglpromote.freemanor.xyz
1	telegram.org	tglpromote.freemanor.xyz
11	5

This site contains no links.

Subject Issuer	Validity	Valid
freemanor.xyz GTS CA 1P5	`2024-03-12` - `2024-06-10`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2023-08-11` - `2024-09-11`	a year	crt.sh
*.appsflyer.com DigiCert TLS RSA SHA256 2020 CA1	`2023-07-27` - `2024-07-27`	a year	crt.sh
*.onelink.me Amazon RSA 2048 M02	`2023-06-05` - `2024-07-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://tglpromote.freemanor.xyz/
Frame ID: 8A2EA6B8248C9629294755381C44F313
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Promotion

Page Statistics

11
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

73 kB
Transfer

808 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
tglpromote.freemanor.xyz/ 4 KB
2 KB 428ms
372ms Document
text/html 2606:4700:3037::ac43:c286
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tglpromote.freemanor.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:c286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12d14698538248cdbb74fca117f7f9c176bb91aa66da9c409c657bf910a38981

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8733f67fddd703d8-FRA
content-encoding: br
content-type: text/html
date: Fri, 12 Apr 2024 14:38:56 GMT
last-modified: Fri, 12 Apr 2024 12:19:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FSmaWeXft%2BsNffjTAxM8otFBD7e3JWs%2BrrGHe%2F4w%2BTsOGE1Acui3IP5iJy8M7B6zQzvkqB8RRvTVirvvwh71TBG5i5%2FxlJRSFThS5BAC1kLbz6tVGflyk0AGFhQcSokLh6yBDnY6L2Ycpi8XuTWoCPcWMNF5z1c%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 index-bfc05f07.css
tglpromote.freemanor.xyz/static/css/ 163 KB
22 KB 364ms
363ms Stylesheet
text/css 2606:4700:3037::ac43:c286
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tglpromote.freemanor.xyz/static/css/index-bfc05f07.css
Requested by: Host: tglpromote.freemanor.xyz
URL: https://tglpromote.freemanor.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:c286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be29f005561eb43c7eb8f2434d1574d494c4f7b92c3da4aee705ab229c8dfc54

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:38:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=167171
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 12 Apr 2024 12:19:10 GMT
server: cloudflare
etag: W/"661926be-28d03"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fc3RfHKW1rFaDd%2BRr5%2FiDh6W5u08hW6TMiwoXOkApDg%2BAL7pAxiXcTjecuHnAwB7gd171PqqVxRWbb16ovq4EwjdxmB7V%2B%2FjulDoMRl1QN4Lve5kJsxXUhF9R13FgUXitObEsBXEoWql6Lg7LOJ9wl%2FEVcHPf2k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2678400
cf-ray: 8733f682383303d8-FRA
expires: Sat, 13 Apr 2024 00:40:30 GMT

GET
H3 200 logo.png
tglpromote.freemanor.xyz/ 16 KB
16 KB 1034ms
1033ms Image
image/png 2606:4700:3037::ac43:c286
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tglpromote.freemanor.xyz/logo.png
Requested by: Host: tglpromote.freemanor.xyz
URL: https://tglpromote.freemanor.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:c286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4027c10bc289b8c72081e9ebbf8766b96a94a482f22c956a845d9c22f7064eaf

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:38:57 GMT
cf-cache-status: HIT
last-modified: Tue, 16 Jan 2024 07:13:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "65a62c96-3e50"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pI5F8PXu%2FgIy0AE4sTvaR%2FuWbthUWr2LYZB0665eoc%2F%2BfGNhYO1KKmAi8r1FCdxSKq8s4s7YxUPUADaxgLOwcU%2F3NgYufIJFlGjMqZnMV59mys5Y2M0HLjFbnWnneFoR34oADoPfifMOEbx%2FP4lsUZiAPKvoPV4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
accept-ranges: bytes
cf-ray: 8733f682383403d8-FRA
alt-svc: h3=":443"; ma=86400
content-length: 15952
expires: Sun, 12 May 2024 12:40:30 GMT

GET
H3 200 rocket-loader.min.js Show response
tglpromote.freemanor.xyz/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 21ms
20ms Script
application/javascript 2606:4700:3037::ac43:c286
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tglpromote.freemanor.xyz/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: tglpromote.freemanor.xyz
URL: https://tglpromote.freemanor.xyz/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::ac43:c286 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:38:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Apr 2024 17:26:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6610342c-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZcqtEUdYjqxfsj%2FFDCYFaAsmSGGEj3QLbWPK2A9ea90PS4%2BPgImgOQWx7XWLF19k5gpQ8r%2Bppqa%2FjMNTYNy1AZM66bPG33L47lPXpOCN14REXy4iYyqhcpp6jak5Wd%2FeEReyDFuBwvVlhFKK54ChDIEOAvKPy6k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 8733f682484803d8-FRA
expires: Sun, 14 Apr 2024 14:38:56 GMT

GET
H3 200 index-43a40793.js
tglpromote.freemanor.xyz/static/js/ 512 KB
0 4055ms
4054ms Script
application/javascript 2606:4700:3037::ac43:c286
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tglpromote.freemanor.xyz/static/js/index-43a40793.js
Requested by: Host: tglpromote.freemanor.xyz
URL: https://tglpromote.freemanor.xyz/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:c286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Origin: https://tglpromote.freemanor.xyz
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:39:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=1408414
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 12 Apr 2024 12:19:10 GMT
server: cloudflare
etag: W/"661926be-157d9e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w1TsZgKovx%2FG8e8gJ4cBNCOsQMkKFpwjmRxrXVAJnSxWK1loBjz3QYzxz1MBoCIWCs6DVjxYdiEm8WJj96033eTPIXFwaaXfJBt6l972Bru98C%2F4uWKJ2YDFSO9FH8lb8IgY6Yz%2F6esfMAUjAPYR%2Fh2s6Jkla1g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2678400
cf-ray: 8733f684aab703d8-FRA
expires: Sat, 13 Apr 2024 00:40:31 GMT

GET
H2 200 telegram-web-app.js Show response
telegram.org/js/ 65 KB
15 KB 107ms
38ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-web-app.js

Requested by

Host: tglpromote.freemanor.xyz
URL: https://tglpromote.freemanor.xyz/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

234d24549fda75d451ed54a9ebf45d3dfb38679b2d383512cf02832cf0ab9226

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:38:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 14 Mar 2024 11:35:11 GMT
server: nginx/1.18.0
etag: W/"65f2e0ef-1043a"
content-type: application/javascript
cache-control: max-age=345600
expires: Tue, 16 Apr 2024 14:38:56 GMT

GET
H/1.1 200
OK / Show response
websdk.appsflyer.com/ 34 KB
10 KB 106ms
20ms Script
application/javascript 2a02:26f0:480:33::212:40ca
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://websdk.appsflyer.com/?st=pba&
Requested by: Host: tglpromote.freemanor.xyz
URL: https://tglpromote.freemanor.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:33::212:40ca Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7ccf80229bbe586853232059978b67c1dbe6ccd7f6b4b8585b34bbcf2d9f195f

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 14:38:57 GMT
Content-Encoding: gzip
x-amz-request-id: 839DENZM50FN86DC
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 9575
x-amz-id-2: 0az6QBX9tmEbDClbmFp6jzFikwxiezc8T+uqWW0xYroJiBR3b8ZMLVbTxkEzc0JSFdfG3AHNfgA=
Last-Modified: Wed, 14 Jun 2023 06:58:46 GMT
Server: AmazonS3
ETag: "d4e7f1ffd74e53e33a46a668c2e9d67c"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=1304
Accept-Ranges: bytes
X-DataStream-Cache-Status: 1
Expires: Fri, 12 Apr 2024 15:00:41 GMT

GET
H3 200 favicon.ico
tglpromote.freemanor.xyz/ 2 KB
2 KB 200ms
199ms Other
image/x-icon 2606:4700:3037::ac43:c286
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tglpromote.freemanor.xyz/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::ac43:c286 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb758109fe1c1890de9982bde5e67976126a02375c0186dd3817c1e2c511938b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:38:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Tue, 16 Jan 2024 07:13:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65a62c96-937"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m35Xu%2FkTAoOEbv4hyz9K74STvYDDeTRxsDoJNtYGnp%2FlJp7AtfEi8fx71FB3zDgQPe7M4MMF9I4BsTfVDhQbf9Xs2mDoIdCITNOYn80JBKdX7yDi8go02AEVwJXJ8HuoaWpYO2wIpzm%2F8PrXVI961MFbNgGi9q4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cf-ray: 8733f688bec303d8-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 onelink Show response
wa.onelink.me/v1/ 13 B
370 B 104ms
44ms XHR
application/json 18.173.205.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.onelink.me/v1/onelink
Requested by: Host: websdk.appsflyer.com
URL: https://websdk.appsflyer.com/?st=pba&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.205.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-205-111.fra56.r.cloudfront.net
Software: /
Resource Hash: 38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:38:57 GMT
via: 1.1 e240913a5e90e18bd637baa6899f2280.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P12
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://tglpromote.freemanor.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 13
x-amz-cf-id: 3TEnFNdEgtVLXE5xLHEw2je920b1J_d1EZ8cx9JhOMAmGM6a9KDYXQ==

POST
H2 200 events Show response
wa.appsflyer.com/ 77 B
539 B 106ms
46ms XHR
application/json 18.66.112.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.appsflyer.com/events?site-id=5ea4256d-6c85-4f1a-bc9a-f24d2081d116
Requested by: Host: websdk.appsflyer.com
URL: https://websdk.appsflyer.com/?st=pba&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-116.fra56.r.cloudfront.net
Software: /
Resource Hash: 65710eedd3d32a0a59213362846aad1715802a492e8a0a22affc7bcfead5a468

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type: text/plain

Response headers

date: Fri, 12 Apr 2024 14:38:57 GMT
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://tglpromote.freemanor.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 77
x-amz-cf-id: DfQdlEvXVfHh7zRRmBVctkd3N0JRCIWgEyaA3L0Xm4n2w0vCm5Ms-Q==

GET
H2 200 onelink Show response
wa.onelink.me/v1/ 51 B
517 B 44ms
44ms XHR
application/json 18.173.205.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://wa.onelink.me/v1/onelink?af_id=3d30ee5f-f43f-4b95-93b3-748c3361b543-p
Requested by: Host: websdk.appsflyer.com
URL: https://websdk.appsflyer.com/?st=pba&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.205.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-205-111.fra56.r.cloudfront.net
Software: /
Resource Hash: 412b8410e47c14a886fbee7f9e8c5db271c679a519b67f19de80fe431318b8da

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://tglpromote.freemanor.xyz/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 12 Apr 2024 14:38:57 GMT
via: 1.1 e240913a5e90e18bd637baa6899f2280.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P12
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://tglpromote.freemanor.xyz
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 51
x-amz-cf-id: ZUmqR3zdIKONu7U4bktmZI3ptxgyrdNSXIZofThKo0THZRmZc5P1pA==

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.appsflyer.com/	1970-01-21 05:17:40	Name: af_id Value: 3d30ee5f-f43f-4b95-93b3-748c3361b543-p
.freemanor.xyz/	1970-01-21 05:24:52	Name: afUserId Value: 3d30ee5f-f43f-4b95-93b3-748c3361b543-p
.onelink.me/	1970-01-21 05:24:52	Name: af_id Value: 3d30ee5f-f43f-4b95-93b3-748c3361b543-p
.freemanor.xyz/	1970-01-20 19:58:57	Name: AF_SYNC Value: 1712932737757

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://tglpromote.freemanor.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tglpromote.freemanor.xyz/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

telegram.org
tglpromote.freemanor.xyz
wa.appsflyer.com
wa.onelink.me
websdk.appsflyer.com
18.173.205.111
18.66.112.116
2001:67c:4e8:f004::9
2606:4700:3037::ac43:c286
2a02:26f0:480:33::212:40ca
12d14698538248cdbb74fca117f7f9c176bb91aa66da9c409c657bf910a38981
234d24549fda75d451ed54a9ebf45d3dfb38679b2d383512cf02832cf0ab9226
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
4027c10bc289b8c72081e9ebbf8766b96a94a482f22c956a845d9c22f7064eaf
412b8410e47c14a886fbee7f9e8c5db271c679a519b67f19de80fe431318b8da
65710eedd3d32a0a59213362846aad1715802a492e8a0a22affc7bcfead5a468
7ccf80229bbe586853232059978b67c1dbe6ccd7f6b4b8585b34bbcf2d9f195f
be29f005561eb43c7eb8f2434d1574d494c4f7b92c3da4aee705ab229c8dfc54
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
eb758109fe1c1890de9982bde5e67976126a02375c0186dd3817c1e2c511938b

tglpromote.freemanor.xyz Open in urlscan Pro 2606:4700:3037::ac43:c286 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

73 kBTransfer

808 kBSize

4 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

4 Cookies

2 Console Messages

Indicators

tglpromote.freemanor.xyz Open in urlscan Pro
2606:4700:3037::ac43:c286 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

73 kB
Transfer

808 kB
Size

4
Cookies

11 HTTP transactions
0 data transactions