deadzebra11.xtgem.com Open in urlscan Pro
54.36.158.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-...
Effective URL:
http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-...
Submission: On September 12 via manual (September 12th 2021, 4:49:50 am UTC) from US — Scanned from DE

Summary HTTP 14 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 14 HTTP transactions. The main IP is 54.36.158.42, located in France and belongs to OVH, FR. The main domain is deadzebra11.xtgem.com.

This is the only time deadzebra11.xtgem.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	54.36.158.42 54.36.158.42	16276 (OVH) (OVH)
1	2606:4700:20:... 2606:4700:20::681a:81a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.152.168.27 104.152.168.27	63068 (CROCWEB) (CROCWEB)
1	50.116.57.204 50.116.57.204	63949 (LINODE-AP...) (LINODE-AP Linode)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
6	178.33.123.218 178.33.123.218	16276 (OVH) (OVH)
1	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:9000:223... 2600:9000:223f:dc00:6:44e3:f8c0:93a1	() ()
14	9

1 54.36.158.42 (France)

ASN16276 (OVH, FR)
PTR: lb.xtgem.com

deadzebra11.xtgem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:81a (United States)

ASN13335 (CLOUDFLARENET, US)

www.freedomnewspaper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.152.168.27 (Canada)

ASN63068 (CROCWEB, CA)
PTR: server27.hostwhitelabel.com

www.ministryoffreedoms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.116.57.204 (Cedar Knolls, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li449-204.members.linode.com

highincomesource.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

preview.redd.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.33.123.218 (France)

ASN16276 (OVH, FR)
PTR: d2.xtgem.com

xtgem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
enif.images.xtstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cif.images.xtstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:51e4:db4b:4436:b305 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223f:dc00:6:44e3:f8c0:93a1 (None, ) 1 redirects

ASN- ()

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	xtgem.com deadzebra11.xtgem.com xtgem.com	24 KB
2	quantcount.com 1 redirects rules.quantcount.com	857 B
2	xtstatic.com enif.images.xtstatic.com cif.images.xtstatic.com	736 B
1	quantserve.com edge.quantserve.com pixel.quantserve.com Failed	9 KB
1	redd.it preview.redd.it	174 KB
1	highincomesource.com highincomesource.com	26 KB
1	ministryoffreedoms.com www.ministryoffreedoms.com	336 KB
1	freedomnewspaper.com www.freedomnewspaper.com	35 KB
14	8

	Domain	Requested by
4	xtgem.com	deadzebra11.xtgem.com
2	rules.quantcount.com	1 redirects deadzebra11.xtgem.com
1	cif.images.xtstatic.com	deadzebra11.xtgem.com
1	enif.images.xtstatic.com	deadzebra11.xtgem.com
1	edge.quantserve.com	deadzebra11.xtgem.com
1	preview.redd.it	deadzebra11.xtgem.com
1	highincomesource.com	deadzebra11.xtgem.com
1	www.ministryoffreedoms.com	deadzebra11.xtgem.com
1	www.freedomnewspaper.com	deadzebra11.xtgem.com
1	deadzebra11.xtgem.com
0	pixel.quantserve.com Failed	deadzebra11.xtgem.com
14	11

This site contains links to these domains. Also see Links.

Domain
oysterkarate9.edublogs.org
xtgem.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-12-14` - `2021-12-13`	a year	crt.sh
ministryoffreedoms.com R3	`2021-07-17` - `2021-10-15`	3 months	crt.sh
highincomesource.com R3	`2021-07-28` - `2021-10-26`	3 months	crt.sh
*.redd.it DigiCert TLS RSA SHA256 2020 CA1	`2021-05-23` - `2021-11-18`	6 months	crt.sh
*.xtgem.com R3	`2021-08-27` - `2021-11-25`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-08-18` - `2021-10-07`	2 months	crt.sh

This page contains 4 frames:

Primary Page: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1
Frame ID: 5D12EBF64623C1790FEDFFB4A16144A1
Requests: 11 HTTP requests in this frame

Frame: http://enif.images.xtstatic.com/tp.gif
Frame ID: D6DE52F773B5CD636C725A040CD7FAAA
Requests: 1 HTTP requests in this frame

Frame: http://cif.images.xtstatic.com/tp.gif
Frame ID: 924D62D3E47CEDF8A788F91CD56999A3
Requests: 1 HTTP requests in this frame

Frame: https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9kZWFkemVicmExMS54dGdlbS5jb21cL19feHRfYmxvZ1wvX194dGJsb2dfZW50cnk/X194dGJsb2dfZW50cnk9MjMwOTg4NDAmX194dGJsb2dfYmxvY2tfaWQ9MSIsImxvZ2dlZF9pbiI6ZmFsc2UsImRvbWFpbiI6ImRlYWR6ZWJyYTExLnh0Z2VtLmNvbSIsInBvc2l0aW9uIjp7ImFic29sdXRlIjoiZml4ZWQifX0=
Frame ID: 9401E7AAD3B222579D8841E2CB94BE40
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Indicators on Ministry of Freedom Review - Dwell You Should Know - Blog

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Page Statistics

14
Requests

43 %
HTTPS

38 %
IPv6

8
Domains

11
Subdomains

9
IPs

3
Countries

605 kB
Transfer

644 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://oysterkarate9.edublogs.org/2021/09/12/auto-draft-3/
Title: Did you see this?

Search URL Search Domain Scan URL

URL: http://xtgem.com/auth/login?token=bHhWRFR4ZkJTeGs1dVlFb3JPTS9yTlE0&redir=VjFKR1pIVlhNVlpVTUU1SVYxUlVSbGQzWkhCV1ZEVkVTVzB3VFV0UVdGTlJSbUZIVFcxVmMwbExhVmxRU21GelRXSlBPSFZ0V0VwMVVFSlJWMDFzUlZONE5FOVpkbkl3VVc4MEwxQlRSa1pRYkRCSFVsRnNLMUpSVUhCRWVIWTBTbmxPVkZONVZDdEZlSFp2Ulhac1drUjVNRlpFYjBwM1FuaEhWa0ZJTkhaRmR6UmxSVkpyUkV4VmMycExNWEpzU2tzMWRYUk1WV3BOTWxWNFRVeGhWRXRYVDNWTk1tMUVSbFJEY2toVldVRkllbVZqY1cxUmFuSXhNVzF5VVcxVlNsYzFNRTFNWVVGUFlrSlRkV0ZwVVhKTVZVSndNekZrY0VaSFMzQnZaRUpSVVVaTlFVWlFjMWRJVlRSYWQzWmxXVWRzVmxFeVFsVlliWEk0VUhkVVFWZEpla1ZDU1ZoWVZXOUhTVkZ0Y2k5Q2IwSjJWa2xzTlVOUWVsVkVibkl6V1ZGT2IxTklWSGRVVVZSTlZuZzRhMFJSTTI5SGVuTkhTRlUxVTBwVFdYQkpZVEYxVFhwM2EzQXpTMnh6WW1GdGN6SkhNbHBJZGpCT01uYzJkRE5ZUkVaNk1VUlNNMlUxVFRGdE1rZ3dkMDVVWVdWUVRERkhjbE5oVHpsTllsRmxVbFozWkUxTFQzcHdSMEpWUVhsR2RsQlhPRkZhWTJSUVZtMTJkSE52VGxSRlIzTjVjbmh5YjBKdlZHZFBiREF5Vm0xR04wcDVRazFEZG5wTFFteFlPRkZJVUcxRWJVbzFSWHBVTDBOSVRuQlJTWHAzUVhaNmFGaDJUamRhU0c5TVRHRkhka2RqVVd0UFZWZzVUVEU1WW5SV2MyZEllRXRZUmsxMllVWXdVR05HWVZGQ1RXTkhaa2hOUTI1ek1GVmlTbFJoVjFWVVVYbDFNVlZtVFdOaFpYQmpkMGwwTTJWelRsVmxVRkl5T1V4U1MyMXdVM2RLTlZWdWVreFhSMFpHUkRONlNWZHNOSFJXZDNwYVZsQktMMFJRVkZSUFNXMXBVMnc0Y0ZWMmFGcEtTWFl6VWxGR00xRnNhRzFYZVZBclEzazBRbEJ2VG1SVWIzSXJSRzVRZUZKVWFIbElTbTFDUVVkRlduSkdQVDA9
Title: 0

Search URL Search Domain Scan URL

URL: http://xtgem.com/auth/login?token=bHhSQlVuSFZVSGM1dE9Fb3JPTS9yTlE0&redir=VjFKR1pIVlhNVlpVTUU1SVYxUlVSbGQzWkhCV1ZEVkVTVzB3VFV0UVdGTlJSbUZIVFcxVldreFVOVmhRU21GelRXSlBPSFZ0V0VwMVVFSlJWMDFzUlZONE5FOVpkbkl3VVc4MEwxQlRSa1pRYkRCSFVsRnNLMUpSVUhCRWVIWTBTbmxPVkZONVZDdEZlSFp2Ulhac1drUjVNRlpFYjBwM1FuaEhWa0ZJTkhaRmR6UmxSVkpyUkV4VmMycExNWEpzU2tzMWRYUk1WV3BOTWxWNFRVeGhWRXRYVDNWTk1tMUVSbFJEY2toVldVRkllbVZqY1cxUmFuSXhNVzF5VVcxVlNsYzFNRTFNWVVGUFlrSlRkV0ZwVVhKTVZVSndNekZrY0VaSFMzQnZaRUpSVVVaTlFVWlFjMWRJVlRSYWQzWmxXVWRzVmxFeVFsVlliWEk0VUhkVVFWZEpla1ZDU1ZoWVZXOUhTVkZ0Y2k5Q2IwSjJWa2xzTlVOUWVsVkVibkl6V1ZGT2IxTklWSGRVVVZSTlZuZzRhMFJSTTI5SGVuTkhTRlUxVTBwVFdYQkpZVEYxVFhwM2EzQXpTMnh6WW1GdGN6SkhNbHBJZGpCT01uYzJkRE5ZUkVaNk1VUlNNMlUxVFRGdE1rZ3dkMDVVWVdWUVRERkhjbE5oVHpsTllsRmxVbFozWkUxTFQzcHdSMEpWUVhsR2RsQlhPRkZhWTJSUVZtMTJkSE52VGxSRlIzTjVjbmh5YjBKdlZHZFBiREF5Vm0xR04wcDVRazFEZG5wTFFteFlPRkZJVUcxRWJVbzFSWHBVTDBOSVRuQlJTWHAzUVhaNmFGaDJUamRhU0c5TVRHRkhka2RqVVd0UFZWZzVUVEU1WW5SV2MyZEllRXRZUmsxMllVWXdVR05HWVZGQ1RXTkhaa2hOUTI1ek1GVmlTbFJoVjFWVVVYbDFNVlZtVFdOaFpYQmpkMGwwTTJWelRsVmxVRkl5T1V4U1MyMXdVM2RLTlZWdWVreFhSMFpHUkRONlNWZHNOSFJXZDNwYVZsQktMMFJRVkZSUFNXMXBVMnc0Y0ZWMmFGcEtTWFl6VWxGR00xRnNhRzFYZVZBclEzazBRbEJ2VG1SVWIzSXJSRzVRZUZKVWFIbElTbTFDUVVkRlduSkdQVDA9
Title: Star

Search URL Search Domain Scan URL

URL: http://xtgem.com/click?p=forums_catalog_web&u=__urlaHR0cDovL3h0Z2VtLmNvbS9mb3J1bXM/YWQ9MQ==&s=deadzebra11.xtgem.com&t=KhsdHxwaHQIABQsZBgcDAQgLCQoFCAp0eA==&_is_adult=No&_ad_pos=Bottom&_ad_format=Plain&_ad_url=ZGVhZHplYnJhMTEueHRnZW0uY29tL19feHRfYmxvZy9fX3h0YmxvZ19lbnRyeT9fX3h0YmxvZ19lbnRyeT0yMzA5ODg0MCZfX3h0YmxvZ19ibG9ja19pZD0x&_ad_networks=&_ad_type=Banner

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

http://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js HTTP 301
https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set 23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know Show response deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/	24 KB 7 KB	6375ms 1357ms	Document text/html	54.36.158.42 OVH
General Check archive.org Show headers Download Go to Full URL http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Server 54.36.158.42 , France, ASN16276 (OVH, FR), Reverse DNS lb.xtgem.com Software / Resource Hash `c10e6e05795df6880fc8e575d9c889e7a8968ca000909fda0b4f7c3322fcab5d` Request headers Host deadzebra11.xtgem.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Sun, 12 Sep 2021 04:49:38 GMT Vary Host,Accept-Encoding Set-Cookie _xta_uid=a8f9a03626239afe1673242143073f9e; expires=Tue, 12-Sep-2023 04:49:39 GMT; Max-Age=63072000; path=/; domain=.xtgem.com; httponly _xta_vid=dec277df3c85cb5c1243cd6177876360-1631422179; expires=Sun, 12-Sep-2021 05:19:39 GMT; Max-Age=1800; path=/; domain=.xtgem.com; httponly Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Pragma no-cache Expires Wed, 17 Sep 1975 21:32:10 GMT Content-Encoding gzip Content-Length 6956 Content-Type text/html; charset=UTF-8 Age 0 X-Cache MISS X-Cache-Hits 0 Accept-Ranges bytes Connection close
GET H2	200	Minister-of-Health-Dr-Ahmadou-Lamin-Samateh-768x528.jpg www.freedomnewspaper.com/wp-content/uploads/2020/07/	34 KB 35 KB	5668ms 613ms	Image image/jpeg	2606:4700:20::681a:81a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.freedomnewspaper.com/wp-content/uploads/2020/07/Minister-of-Health-Dr-Ahmadou-Lamin-Samateh-768x528.jpg Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:81a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `82d33b7004f849eb1a066e44d8ac521e19daeb1a2e5c66695911ec715e852c8d` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 12 Sep 2021 04:49:45 GMT cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-proxy-cache-info DT:1 host-header 8441280b0c35cbc1147f8ba998a563a7 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 content-length 34602 last-modified Thu, 09 Jul 2020 01:07:54 GMT server cloudflare etag "5f066dea-872a" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1icfYgiX053cYhnGUFMCrzpmtTqfiPYVl5cNlVUAbdIVANBj%2FXSlp0goyCPuNKY6wdo0bxXsniP5%2FFZcGIa9IcqRRR7YmNJgCYDLPP6%2B1bbpWXMAJ5bNiXuDU206YWPm703CsRW9KC%2BMMWuNlUN%2BC2O1FdhSn8%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=31536000 accept-ranges bytes cf-ray 68d682d11f755c9e-FRA expires Mon, 12 Sep 2022 04:49:45 GMT
GET H2	200	Ministry-Of-Freedom-Review.png www.ministryoffreedoms.com/wp-content/uploads/2020/09/	335 KB 336 KB	5598ms 104ms	Image image/png	104.152.168.27 CROCWEB
General Check archive.org Show headers Download Go to Show image Full URL https://www.ministryoffreedoms.com/wp-content/uploads/2020/09/Ministry-Of-Freedom-Review.png Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.152.168.27 , Canada, ASN63068 (CROCWEB, CA), Reverse DNS server27.hostwhitelabel.com Software LiteSpeed / Resource Hash `1dc2b76ad66455d200b1408fe99f5b3a4437c48b8f444a76b24e63a5ee5ec490` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 12 Sep 2021 04:49:45 GMT last-modified Sun, 06 Sep 2020 14:42:08 GMT server LiteSpeed vary User-Agent content-type image/png cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 content-length 343285 expires Sun, 19 Sep 2021 04:49:45 GMT
GET H2	200	jono-armstrong-review.jpg highincomesource.com/wp-content/uploads/2021/05/	26 KB 26 KB	5287ms 90ms	Image image/jpeg	50.116.57.204 LINODE-AP Linode
General Check archive.org Show headers Download Go to Show image Full URL https://highincomesource.com/wp-content/uploads/2021/05/jono-armstrong-review.jpg Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 50.116.57.204 Cedar Knolls, United States, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS li449-204.members.linode.com Software nginx / Resource Hash `4cfc7536e1078332a3cb6b32c55623326af1d70bfd6ddc2c85f29ee27f55ad0e` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 12 Sep 2021 04:49:45 GMT last-modified Sat, 08 May 2021 08:38:33 GMT server nginx etag "60964e09-67dd" content-type image/jpeg cache-control max-age=2592000 accept-ranges bytes content-length 26589 expires Tue, 12 Oct 2021 04:49:45 GMT
GET H2	200	82n1sd91ajj61.jpg preview.redd.it/	173 KB 174 KB	5120ms 95ms	Image image/webp	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://preview.redd.it/82n1sd91ajj61.jpg?width=1280&format=pjpg&auto=webp&s=cd43980c72b26bab56bf4adeb6a7cdb082559699 Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash `3dec61cd5071388a085da7a109f35eb5e26e2c281bbaad9cd63db2aa7eaa7c2f` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 12 Sep 2021 04:49:45 GMT via 1.1 varnish, 1.1 varnish server snooserv etag "aMdWDE65rNEAjkpnE5aPdF6PpfacxBgeN23w5xwqCUQ" vary Accept,Origin fastly-io-info ifsz=213702 idim=1280x853 ifmt=jpeg ofsz=177490 odim=1280x853 ofmt=webp fastly-stats io=1 accept-ranges bytes content-type image/webp content-length 177490 expires Thu, 31 Dec 2037 23:59:59 GMT
GET H/1.1	200 OK	xtgem-forums.jpg xtgem.com/images/forum/	8 KB 9 KB	5044ms 31ms	Image image/jpeg	178.33.123.218 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://xtgem.com/images/forum/xtgem-forums.jpg Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Server 178.33.123.218 , France, ASN16276 (OVH, FR), Reverse DNS d2.xtgem.com Software / Resource Hash `12af88849dcd3b09838185efbbaa7eae7231159ace07004afc5793d80378c34f` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 12 Sep 2021 04:47:59 GMT X-Ngz 1 Last-Modified Sat, 16 Nov 2019 11:03:28 GMT Age 105 ETag "20c8-59774aa04e000" X-Cache HIT Content-Type image/jpeg Expires Tue, 12 Oct 2021 04:47:59 GMT Cache-Control max-age=2592000 Connection close Accept-Ranges bytes Content-Length 8392 X-Cache-Hits 67
GET H/1.1	200 OK	quant.js Show response edge.quantserve.com/	24 KB 9 KB	5057ms 13ms	Script application/javascript	2620:116:800d:21:51e4:db4b:4436:b305 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://edge.quantserve.com/quant.js Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Server 2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 12 Sep 2021 04:49:45 GMT Content-Encoding gzip Etag "lp772EpWKwf8Kq7YKMhbuw==" Vary Accept-Encoding Content-Type application/javascript Cache-Control private, max-age=604800 Transfer-Encoding chunked Cross-Origin-Resource-Policy cross-origin Connection keep-alive Accept-Ranges bytes Expires Sun, 19 Sep 2021 04:49:45 GMT
GET H/1.1	200 OK	tp.gif Show response enif.images.xtstatic.com/ Frame D6DE	42 B 368 B	5075ms 58ms	Document image/gif	178.33.123.218 OVH
General Check archive.org Show headers Download Go to Full URL http://enif.images.xtstatic.com/tp.gif Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Server 178.33.123.218 , France, ASN16276 (OVH, FR), Reverse DNS d2.xtgem.com Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Host enif.images.xtstatic.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://deadzebra11.xtgem.com/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ Response headers Date Sun, 12 Sep 2021 04:49:45 GMT Last-Modified Sat, 16 Nov 2019 11:03:28 GMT ETag "2a-59774aa04e000" Content-Length 42 Cache-Control max-age=2592000 Expires Tue, 12 Oct 2021 04:49:45 GMT Content-Type image/gif Age 0 X-Cache MISS X-Cache-Hits 0 Accept-Ranges bytes Connection close
GET H/1.1	200 OK	tp.gif Show response cif.images.xtstatic.com/ Frame 924D	42 B 368 B	5072ms 56ms	Document image/gif	178.33.123.218 OVH
General Check archive.org Show headers Download Go to Full URL http://cif.images.xtstatic.com/tp.gif Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Server 178.33.123.218 , France, ASN16276 (OVH, FR), Reverse DNS d2.xtgem.com Software / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Host cif.images.xtstatic.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://deadzebra11.xtgem.com/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ Response headers Date Sun, 12 Sep 2021 04:49:45 GMT Last-Modified Sat, 16 Nov 2019 11:03:28 GMT ETag "2a-59774aa04e000" Content-Length 42 Cache-Control max-age=2592000 Expires Tue, 12 Oct 2021 04:49:45 GMT Content-Type image/gif Age 0 X-Cache MISS X-Cache-Hits 0 Accept-Ranges bytes Connection close
GET H/1.1	200 OK	Cookie set __xt_authbar Show response xtgem.com/ Frame 9401	14 KB 4 KB	5380ms 343ms	Document text/html	178.33.123.218 OVH
General Check archive.org Show headers Download Go to Full URL https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9kZWFkemVicmExMS54dGdlbS5jb21cL19feHRfYmxvZ1wvX194dGJsb2dfZW50cnk/X194dGJsb2dfZW50cnk9MjMwOTg4NDAmX194dGJsb2dfYmxvY2tfaWQ9MSIsImxvZ2dlZF9pbiI6ZmFsc2UsImRvbWFpbiI6ImRlYWR6ZWJyYTExLnh0Z2VtLmNvbSIsInBvc2l0aW9uIjp7ImFic29sdXRlIjoiZml4ZWQifX0= Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 178.33.123.218 , France, ASN16276 (OVH, FR), Reverse DNS d2.xtgem.com Software / Resource Hash `b1c251b26439c3180a1086637cf27bebcd793ed5355177bbf96e4a7546dd40d5` Request headers Host xtgem.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest iframe Referer http://deadzebra11.xtgem.com/ Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ Response headers Date Sun, 12 Sep 2021 04:49:45 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie session=w3~iiapfdvrtcek99rrrtuignt867; expires=Mon, 13-Sep-2021 04:49:45 GMT; Max-Age=86400; path=/; domain=.xtgem.com; httponly __template=web; expires=Tue, 12-Oct-2021 04:49:45 GMT; Max-Age=2592000; path=/ __lang=DE; expires=Tue, 12-Oct-2021 04:49:45 GMT; Max-Age=2592000; path=/ Vary Accept-Encoding Content-Encoding gzip Content-Length 2932 Content-Type text/html; charset=UTF-8 Age 0 X-Cache MISS X-Cache-Hits 0 Accept-Ranges bytes
GET H/1.1	200 OK	xtgem-icons.woff xtgem.com/fonts/	5 KB 4 KB	5051ms 59ms	Font application/font-woff	178.33.123.218 OVH
General Check archive.org Show headers Download Go to Full URL http://xtgem.com/fonts/xtgem-icons.woff Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Server 178.33.123.218 , France, ASN16276 (OVH, FR), Reverse DNS d2.xtgem.com Software / Resource Hash `665d6e99d2f45ec11e045322517b1f31a40452bee7462e78bb4550398f6e1086` Request headers Referer http://deadzebra11.xtgem.com/ Origin http://deadzebra11.xtgem.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 12 Sep 2021 04:49:45 GMT Content-Encoding gzip Last-Modified Sat, 16 Nov 2019 11:03:28 GMT Age 0 ETag "1530-59774aa04e000-gzip" Vary Accept-Encoding X-Cache MISS Content-Type application/font-woff Access-Control-Allow-Origin * Connection close Accept-Ranges bytes Content-Length 3769 X-Cache-Hits 0
GET H/1.1	200 OK	close2.png xtgem.com/images/	564 B 901 B	5000ms 30ms	Image image/png	178.33.123.218 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://xtgem.com/images/close2.png?v=0.01 Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol HTTP/1.1 Server 178.33.123.218 , France, ASN16276 (OVH, FR), Reverse DNS d2.xtgem.com Software / Resource Hash `bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 12 Sep 2021 04:49:43 GMT X-Ngz 1 Last-Modified Sat, 16 Nov 2019 11:03:28 GMT Age 1 ETag "234-59774aa04e000" X-Cache HIT Content-Type image/png Expires Tue, 12 Oct 2021 04:49:43 GMT Cache-Control max-age=2592000 Connection close Accept-Ranges bytes Content-Length 564 X-Cache-Hits 5
GET H2	200	rules-p-0cfM8Oh7M9bVQ.js Show response rules.quantcount.com/ Redirect Chain http://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js	3 B 430 B	69ms 7ms	Script application/javascript	2600:9000:223f:dc00:6:44e3:f8c0:93a1
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js Requested by Host: deadzebra11.xtgem.com URL: http://deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry/23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know?__xtblog_block_id=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223f:dc00:6:44e3:f8c0:93a1 -, , ASN (), Reverse DNS Software AmazonS3 / Resource Hash `ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356` Request headers Accept-Language de-DE,de;q=0.9 Referer http://deadzebra11.xtgem.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 12 Sep 2021 04:05:47 GMT via 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront) age 22930 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 3 last-modified Sat, 04 Mar 2017 19:40:53 GMT server AmazonS3 etag "8a80554c91d9fca8acb82f023de02f11" access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=86400 x-amz-cf-pop FRA56-P5 accept-ranges bytes x-amz-cf-id _FSmH2YL1SMIYpPaV9EPYJmemYCGYx47_NZEvvobP-N9J3f6WXPAuQ== Redirect headers Date Sun, 12 Sep 2021 04:49:50 GMT Via 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront) Server CloudFront X-Amz-Cf-Pop FRA56-P5 X-Cache Redirect from cloudfront Content-Type text/html Location https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js Connection keep-alive Content-Length 183 X-Amz-Cf-Id eWBiTeR3sCpRLixHDBzWb6O8KRDrCruWlZxWLcFlIYKtDAnoyNoDHw==
GET		pixel;r=2118501847;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fdeadzebra11.xtgem.com%2F__xt_blog%2F__xtblog_entry%2F__xtblog_entry%2F23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-k... pixel.quantserve.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel.quantserve.com
URL: http://pixel.quantserve.com/pixel;r=2118501847;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fdeadzebra11.xtgem.com%2F__xt_blog%2F__xtblog_entry%2F__xtblog_entry%2F23098840-indicators-on-ministry-of-freedom-review-dwell-you-should-know%3F__xtblog_block_id%3D1%23xt_blog;uht=2;fpan=1;fpa=P0-694794809-1631422190253;pbcn=u;pbc=;ns=0;ce=1;qjs=1;qv=eccc2c00-20210811224039;cm=;gdpr=0;ref=;d=xtgem.com;je=0;sr=1600x1200x24;dst=0;et=1631422190252;tzo=0;ogl=

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
deadzebra11.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry	1969-12-31 23:59:59	Name: Value: test
.xtgem.com/__xt_blog/__xtblog_entry/__xtblog_entry	1969-12-31 23:59:59	Name: _dlt Value: 1
.xtgem.com/	1970-01-20 14:41:34	Name: _xta_uid Value: a8f9a03626239afe1673242143073f9e
.xtgem.com/	1970-01-19 21:10:23	Name: _xta_vid Value: dec277df3c85cb5c1243cd6177876360-1631422179

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cif.images.xtstatic.com
deadzebra11.xtgem.com
edge.quantserve.com
enif.images.xtstatic.com
highincomesource.com
pixel.quantserve.com
preview.redd.it
rules.quantcount.com
www.freedomnewspaper.com
www.ministryoffreedoms.com
xtgem.com
pixel.quantserve.com
104.152.168.27
151.101.193.140
178.33.123.218
2600:9000:223f:dc00:6:44e3:f8c0:93a1
2606:4700:20::681a:81a
2620:116:800d:21:51e4:db4b:4436:b305
50.116.57.204
54.36.158.42
12af88849dcd3b09838185efbbaa7eae7231159ace07004afc5793d80378c34f
1dc2b76ad66455d200b1408fe99f5b3a4437c48b8f444a76b24e63a5ee5ec490
3dec61cd5071388a085da7a109f35eb5e26e2c281bbaad9cd63db2aa7eaa7c2f
4cfc7536e1078332a3cb6b32c55623326af1d70bfd6ddc2c85f29ee27f55ad0e
665d6e99d2f45ec11e045322517b1f31a40452bee7462e78bb4550398f6e1086
82d33b7004f849eb1a066e44d8ac521e19daeb1a2e5c66695911ec715e852c8d
95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810
b1c251b26439c3180a1086637cf27bebcd793ed5355177bbf96e4a7546dd40d5
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3
c10e6e05795df6880fc8e575d9c889e7a8968ca000909fda0b4f7c3322fcab5d
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

deadzebra11.xtgem.com Open in urlscan Pro 54.36.158.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

43 %HTTPS

38 %IPv6

8 Domains

11 Subdomains

9 IPs

3 Countries

605 kBTransfer

644 kBSize

4 Cookies

4 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

4 Cookies

Indicators

deadzebra11.xtgem.com Open in urlscan Pro
54.36.158.42 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

43 %
HTTPS

38 %
IPv6

8
Domains

11
Subdomains

9
IPs

3
Countries

605 kB
Transfer

644 kB
Size

4
Cookies

14 HTTP transactions
0 data transactions