urlscan.io logo urlscan.io
SecurityTrails logo

proshow067.xtgem.com Open in urlscan Pro
54.36.158.42  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://l.facebook.com/l.php?u=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8H...
Effective URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Submission: On May 11 via manual from SE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 5 countries across 6 domains to perform 11 HTTP transactions. The main IP is 54.36.158.42, located in France and belongs to OVH, FR. The main domain is proshow067.xtgem.com.
This is the only time proshow067.xtgem.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2a03:2880:f11c:8184:face:b00c:0:14c9 (Ireland)

ASN32934 (FACEBOOK, US)
l.facebook.com
1    54.36.158.42 (France)

ASN16276 (OVH, FR)
PTR: lb.xtgem.com
proshow067.xtgem.com
1    151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
i.imgur.com
5    178.33.123.218 (France)

ASN16276 (OVH, FR)
PTR: d2.xtgem.com
3.thumbs.xtstatic.com
enif.images.xtstatic.com
cif.images.xtstatic.com
xtgem.com
2    91.228.74.183 (United Kingdom)

ASN27281 (QUANTCAST, US)
edge.quantserve.com
2    2600:9000:2156:a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
2    91.228.74.197 (United Kingdom)

ASN27281 (QUANTCAST, US)
pixel.quantserve.com
Domain Requested by
2 pixel.quantserve.com 1 redirects proshow067.xtgem.com
2 rules.quantcount.com 1 redirects proshow067.xtgem.com
2 xtgem.com proshow067.xtgem.com
2 edge.quantserve.com 1 redirects proshow067.xtgem.com
1 cif.images.xtstatic.com proshow067.xtgem.com
1 enif.images.xtstatic.com proshow067.xtgem.com
1 3.thumbs.xtstatic.com proshow067.xtgem.com
1 i.imgur.com proshow067.xtgem.com
1 proshow067.xtgem.com l.facebook.com
1 l.facebook.com
11 10

This site contains links to these domains. Also see Links.

Domain
covideoodayne.blogspot.com
xtgem.com
Subject Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-04-15 -
2020-07-14		 3 months crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA		 2020-01-15 -
2022-03-16		 2 years crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA		 2019-10-04 -
2020-10-07		 a year crt.sh
*.xtgem.com
Let's Encrypt Authority X3		 2020-05-03 -
2020-08-01		 3 months crt.sh

This page contains 4 frames:

Primary Page: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Frame ID: 44FF0CD318898BC8572166693C1FEB32
Requests: 8 HTTP requests in this frame

Frame: http://enif.images.xtstatic.com/tp.gif
Frame ID: F68F760D50EFF5DFF1ADF034E32A5D05
Requests: 1 HTTP requests in this frame

Frame: http://cif.images.xtstatic.com/tp.gif
Frame ID: C25E6A19E2EA541F59F00A386CE6532D
Requests: 1 HTTP requests in this frame

Frame: https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9wcm9zaG93MDY3Lnh0Z2VtLmNvbVwvaW5kZXg/ZmJjbGlkPUl3QVIzRjAtSmo5WjE2clFZdWpOMEU5bjNmeVlxbHBkMXI4My1SOEhVS0U2MTJCRkZPUXBSSW5iMUQ3UlkiLCJsb2dnZWRfaW4iOmZhbHNlLCJkb21haW4iOiJwcm9zaG93MDY3Lnh0Z2VtLmNvbSIsInBvc2l0aW9uIjp7ImFic29sdXRlIjoiZml4ZWQifX0=
Frame ID: BD28754FD83B1BD6B13C30169C149FEB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://l.facebook.com/l.php?u=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN... Page URL
  2. http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i

Page Statistics

11
Requests

55 %
HTTPS

29 %
IPv6

6
Domains

10
Subdomains

7
IPs

5
Countries

377 kB
Transfer

398 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://l.facebook.com/l.php?u=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY&h=AT1sfNcr9KlzQGheC1e28rbjJ6lXb9FzZMoLO5borNhWethoDbT8Il_amjjaWGdxONgOPfOdQKMWgrMgM4Ta1TJWHgc1WMXPypUIQz6GZCtlqQ_D0CU22b9wtNftvwKVQKfnYWKwnKxAtw Page URL
  2. http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • http://edge.quantserve.com/quant.js HTTP 301
  • https://edge.quantserve.com/quant.js
Request Chain 8
  • http://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js HTTP 301
  • https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
Request Chain 9
  • http://pixel.quantserve.com/pixel;r=1858618227;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY;ref=https%3A%2F%2Fl.facebook.com%2F;fpan=1;fpa=P0-1090173133-1589204397278;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589204397278;tzo=-120;ogl=title.%5BKH%C3%94NG%20CHE%5D%20Full%20Video%205p19s%20Doggy%20em%20g%C3%A1i%202k1%20m%C3%B4ng%20c%E1%BB%B1c%20n%E1%BA%A3y!%20N%C6%B0%E1%BB%9Bc%20L%E1%BB%93n%20l%C3%AAnh%20l%C3%A1ng%20~%2Cimage.https%3A%2F%2Fscontent%252Efsgn2-1%252Efna%252Efbcdn%252Enet%2Fv%2Ft1%252E0-9%2F96141783_253568379177133_6877754 HTTP 301
  • https://pixel.quantserve.com/pixel;r=1858618227;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY;ref=https%3A%2F%2Fl.facebook.com%2F;fpan=1;fpa=P0-1090173133-1589204397278;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589204397278;tzo=-120;ogl=title.%5BKH%C3%94NG%20CHE%5D%20Full%20Video%205p19s%20Doggy%20em%20g%C3%A1i%202k1%20m%C3%B4ng%20c%E1%BB%B1c%20n%E1%BA%A3y!%20N%C6%B0%E1%BB%9Bc%20L%E1%BB%93n%20l%C3%AAnh%20l%C3%A1ng%20~%2Cimage.https%3A%2F%2Fscontent%252Efsgn2-1%252Efna%252Efbcdn%252Enet%2Fv%2Ft1%252E0-9%2F96141783_253568379177133_6877754

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
l.php
l.facebook.com/ 		274 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://l.facebook.com/l.php?u=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY&h=AT1sfNcr9KlzQGheC1e28rbjJ6lXb9FzZMoLO5borNhWethoDbT8Il_amjjaWGdxONgOPfOdQKMWgrMgM4Ta1TJWHgc1WMXPypUIQz6GZCtlqQ_D0CU22b9wtNftvwKVQKfnYWKwnKxAtw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8184:face:b00c:0:14c9 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
46e623010cc22041a4ce94e967553cf09e22f297bec3bc5a131d5d78e6e07a1b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

:method
GET
:authority
l.facebook.com
:scheme
https
:path
/l.php?u=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY&h=AT1sfNcr9KlzQGheC1e28rbjJ6lXb9FzZMoLO5borNhWethoDbT8Il_amjjaWGdxONgOPfOdQKMWgrMgM4Ta1TJWHgc1WMXPypUIQz6GZCtlqQ_D0CU22b9wtNftvwKVQKfnYWKwnKxAtw
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
x-robots-tag
noindex, nofollow
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
refresh
1;URL=http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
x-frame-options
DENY
content-encoding
br
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
vary
Accept-Encoding
referrer-policy
origin
x-content-type-options
nosniff
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-type
text/html; charset="utf-8"
x-fb-debug
IdfoI2UmpnWHk0iVacsyQAYGcBqp36KZEcgc7hUNuw17z5iGWCg+3GF96q590ZEDC2JqSUlChrDviPDSGK306w==
date
Mon, 11 May 2020 13:39:55 GMT
Primary Request Cookie set /
proshow067.xtgem.com/ 		16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Requested by
Host: l.facebook.com
URL: https://l.facebook.com/l.php?u=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY&h=AT1sfNcr9KlzQGheC1e28rbjJ6lXb9FzZMoLO5borNhWethoDbT8Il_amjjaWGdxONgOPfOdQKMWgrMgM4Ta1TJWHgc1WMXPypUIQz6GZCtlqQ_D0CU22b9wtNftvwKVQKfnYWKwnKxAtw
Protocol
HTTP/1.1
Server
54.36.158.42 , France, ASN16276 (OVH, FR),
Reverse DNS
lb.xtgem.com
Software
/
Resource Hash
0aa0f9ceb7d5bd7920577f1718d0d97a0087a1c20ff6ce074b25f1e49f02e8a2

Request headers

Host
proshow067.xtgem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://l.facebook.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://l.facebook.com/

Response headers

Date
Mon, 11 May 2020 13:39:55 GMT
Vary
Host,Accept-Encoding
Set-Cookie
_xta_uid=1d12adccd5683116a33618d410f31c37; expires=Wed, 11-May-2022 13:39:56 GMT; Max-Age=63072000; path=/; domain=.xtgem.com; httponly _xta_vid=05dfba029629f03c26dedd3ac4694cfd-1589204396; expires=Mon, 11-May-2020 14:09:56 GMT; Max-Age=1800; path=/; domain=.xtgem.com; httponly
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Pragma
no-cache
Expires
Wed, 17 Sep 1975 21:32:10 GMT
Content-Encoding
gzip
Content-Length
4217
Content-Type
text/html;charset=UTF-8
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
Connection
close
oxW6uQL.png
i.imgur.com/ 		359 KB
360 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/oxW6uQL.png
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
3b182bec405eba49ce98536fd6308443ea7a85315a99adf7110f6a2739764a1c

Request headers

Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 May 2020 13:39:56 GMT
age
1556455
x-cache
HIT, HIT
status
200
content-length
367794
x-served-by
cache-bwi5134-BWI, cache-hhn4056-HHN
last-modified
Thu, 23 Apr 2020 13:18:58 GMT
server
cat factory 1.0
x-timer
S1589204397.957127,VS0,VE5
etag
"6cf9b840bfcd5d0b26e8b456f55a3bd4"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 1
0.jpg
3.thumbs.xtstatic.com/100/50/-/377a8f66d716dcf77e2db5d0fac2cb82/i1.ytimg.com/vi/aJN5BxmclEo/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://3.thumbs.xtstatic.com/100/50/-/377a8f66d716dcf77e2db5d0fac2cb82/i1.ytimg.com/vi/aJN5BxmclEo/0.jpg
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
HTTP/1.1
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash
976e0080754f29db1e74108f974d4347b76c2d3c917cb24f8f9163f3b6e314e8

Request headers

Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 11 May 2020 13:39:56 GMT
X-Ngz
1
Last-Modified
Sat, 26 Oct 2019 06:41:13 GMT
Age
0
ETag
"443-0"
Sent-XS
0.000
X-Cache
MISS
Content-Type
image/jpeg
Expires
Wed, 13 May 2020 13:39:56 GMT
Cache-Control
max-age=172800, pre-check=172800
Connection
close
Accept-Ranges
bytes
Content-Length
1091
X-Cache-Hits
0
quant.js
edge.quantserve.com/
Redirect Chain
  • http://edge.quantserve.com/quant.js
  • https://edge.quantserve.com/quant.js
21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.quantserve.com/quant.js
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.183 , United Kingdom, ASN27281 (QUANTCAST, US),
Reverse DNS
Software
QS /
Resource Hash
b68b4d1e6d63eabb8a4f663f7755454028aa22d9a0edc88d5b77c58e932d7fa0
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 11 May 2020 13:39:57 GMT
Content-Encoding
gzip
Last-Modified
Mon, 11-May-2020 13:39:57 GMT
Server
QS
Etag
M0-004a9efe
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=604800
Strict-Transport-Security
max-age=86400
Content-Length
8025
Expires
Mon, 18 May 2020 13:39:57 GMT

Redirect headers

Location
https://edge.quantserve.com/quant.js
Date
Mon, 11 May 2020 13:39:56 GMT
Cache-Control
private, no-transform, max-age=86400
Server
QS
Connection
keep-alive
Content-Length
0
Expires
Tue, 12 May 2020 13:39:56 GMT
tp.gif
enif.images.xtstatic.com/ Frame F68F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://enif.images.xtstatic.com/tp.gif
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
HTTP/1.1
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash

Request headers

Host
enif.images.xtstatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY

Response headers

Date
Mon, 11 May 2020 13:39:56 GMT
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
ETag
"2a-59774aa04e000"
Content-Length
42
Cache-Control
max-age=2592000
Expires
Wed, 10 Jun 2020 13:39:56 GMT
Content-Type
image/gif
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
Connection
close
tp.gif
cif.images.xtstatic.com/ Frame C25E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://cif.images.xtstatic.com/tp.gif
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
HTTP/1.1
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash

Request headers

Host
cif.images.xtstatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY

Response headers

Date
Mon, 11 May 2020 13:39:56 GMT
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
ETag
"2a-59774aa04e000"
Content-Length
42
Cache-Control
max-age=2592000
Expires
Wed, 10 Jun 2020 13:39:56 GMT
Content-Type
image/gif
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
Connection
close
Cookie set __xt_authbar
xtgem.com/ Frame BD28 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9wcm9zaG93MDY3Lnh0Z2VtLmNvbVwvaW5kZXg/ZmJjbGlkPUl3QVIzRjAtSmo5WjE2clFZdWpOMEU5bjNmeVlxbHBkMXI4My1SOEhVS0U2MTJCRkZPUXBSSW5iMUQ3UlkiLCJsb2dnZWRfaW4iOmZhbHNlLCJkb21haW4iOiJwcm9zaG93MDY3Lnh0Z2VtLmNvbSIsInBvc2l0aW9uIjp7ImFic29sdXRlIjoiZml4ZWQifX0=
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash

Request headers

Host
xtgem.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
_xta_uid=1d12adccd5683116a33618d410f31c37; _xta_vid=05dfba029629f03c26dedd3ac4694cfd-1589204396
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY

Response headers

Date
Mon, 11 May 2020 13:39:57 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
session=d2~q10r5rglliscgi8st9n9eo0i67; expires=Tue, 12-May-2020 13:39:57 GMT; Max-Age=86400; path=/; domain=.xtgem.com; httponly __template=web; expires=Wed, 10-Jun-2020 13:39:57 GMT; Max-Age=2592000; path=/ __lang=us; expires=Wed, 10-Jun-2020 13:39:57 GMT; Max-Age=2592000; path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
2938
Content-Type
text/html; charset=UTF-8
Age
0
X-Cache
MISS
X-Cache-Hits
0
Accept-Ranges
bytes
close2.png
xtgem.com/images/ 		564 B
904 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://xtgem.com/images/close2.png?v=0.01
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
HTTP/1.1
Server
178.33.123.218 , France, ASN16276 (OVH, FR),
Reverse DNS
d2.xtgem.com
Software
/
Resource Hash
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3

Request headers

Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 11 May 2020 13:39:27 GMT
X-Ngz
1
Last-Modified
Sat, 16 Nov 2019 11:03:28 GMT
Age
29
ETag
"234-59774aa04e000"
X-Cache
HIT
Content-Type
image/png
Expires
Wed, 10 Jun 2020 13:39:27 GMT
Cache-Control
max-age=2592000
Connection
close
Accept-Ranges
bytes
Content-Length
564
X-Cache-Hits
117
rules-p-0cfM8Oh7M9bVQ.js
rules.quantcount.com/
Redirect Chain
  • http://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
  • https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
3 B
357 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 May 2020 05:06:31 GMT
via
1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront)
last-modified
Sat, 04 Mar 2017 19:40:53 GMT
server
AmazonS3
age
30807
etag
"8a80554c91d9fca8acb82f023de02f11"
x-cache
Hit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=86400
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
3
x-amz-cf-id
aLlcgd-gTb8SiP0BQ47d-PaT8fow73VX4EbLw7Wte-JJXipz7YccIw==

Redirect headers

Date
Mon, 11 May 2020 13:39:57 GMT
Via
1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
Server
CloudFront
X-Amz-Cf-Pop
FRA50-C1
X-Cache
Redirect from cloudfront
Content-Type
text/html
Location
https://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js
Connection
keep-alive
Content-Length
183
X-Amz-Cf-Id
Aj4hOehfES8VVVKNvZsFC7w_xEpReFy1BhcslCpSogIi2xet_RGf3w==
pixel;r=1858618227;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY;ref=https%3A%2F%2Fl.facebook.com%2F;fpan=...
pixel.quantserve.com/
Redirect Chain
  • http://pixel.quantserve.com/pixel;r=1858618227;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY;ref=https%3A%...
  • https://pixel.quantserve.com/pixel;r=1858618227;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY;ref=https%3A...
35 B
658 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1858618227;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY;ref=https%3A%2F%2Fl.facebook.com%2F;fpan=1;fpa=P0-1090173133-1589204397278;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589204397278;tzo=-120;ogl=title.%5BKH%C3%94NG%20CHE%5D%20Full%20Video%205p19s%20Doggy%20em%20g%C3%A1i%202k1%20m%C3%B4ng%20c%E1%BB%B1c%20n%E1%BA%A3y!%20N%C6%B0%E1%BB%9Bc%20L%E1%BB%93n%20l%C3%AAnh%20l%C3%A1ng%20~%2Cimage.https%3A%2F%2Fscontent%252Efsgn2-1%252Efna%252Efbcdn%252Enet%2Fv%2Ft1%252E0-9%2F96141783_253568379177133_6877754
Requested by
Host: proshow067.xtgem.com
URL: http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.197 , United Kingdom, ASN27281 (QUANTCAST, US),
Reverse DNS
Software
QS /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
http://proshow067.xtgem.com/?fbclid=IwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 11 May 2020 13:39:57 GMT
Server
QS
Strict-Transport-Security
max-age=86400
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location
https://pixel.quantserve.com/pixel;r=1858618227;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fproshow067.xtgem.com%2F%3Ffbclid%3DIwAR3F0-Jj9Z16rQYujN0E9n3fyYqlpd1r83-R8HUKE612BFFOQpRInb1D7RY;ref=https%3A%2F%2Fl.facebook.com%2F;fpan=1;fpa=P0-1090173133-1589204397278;ns=0;ce=1;qjs=1;qv=f473609d-20200430082408;cm=;gdpr=0;je=0;sr=1600x1200x24;enc=n;dst=1;et=1589204397278;tzo=-120;ogl=title.%5BKH%C3%94NG%20CHE%5D%20Full%20Video%205p19s%20Doggy%20em%20g%C3%A1i%202k1%20m%C3%B4ng%20c%E1%BB%B1c%20n%E1%BA%A3y!%20N%C6%B0%E1%BB%9Bc%20L%E1%BB%93n%20l%C3%AAnh%20l%C3%A1ng%20~%2Cimage.https%3A%2F%2Fscontent%252Efsgn2-1%252Efna%252Efbcdn%252Enet%2Fv%2Ft1%252E0-9%2F96141783_253568379177133_6877754
Date
Mon, 11 May 2020 13:39:57 GMT
Cache-Control
private, no-transform, max-age=86400
Server
QS
Connection
keep-alive
Content-Length
0
Expires
Tue, 12 May 2020 13:39:57 GMT

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| _qevents boolean| cookies number| len function| quantserve function| __qc object| ezt object| _qoptions

4 Cookies

Domain/Path Name / Value
xtgem.com/ Name: __lang
Value: us
.xtgem.com/ Name: __qca
Value: P0-1090173133-1589204397278
xtgem.com/ Name: __template
Value: web
.xtgem.com/ Name: session
Value: d2~q10r5rglliscgi8st9n9eo0i67

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0