alexanderchristie.pages.dev Open in urlscan Pro
172.66.47.23 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
Submission Tags: @phish_report
Submission: On July 17 via api (July 17th 2024, 8:48:52 pm UTC) from FI — Scanned from FI

Summary HTTP 20 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 4 domains to perform 20 HTTP transactions. The main IP is 172.66.47.23, located in United States and belongs to CLOUDFLARENET, US. The main domain is alexanderchristie.pages.dev.
TLS certificate: Issued by WE1 on July 13th 2024. Valid for: 3 months.

This is the only time alexanderchristie.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	172.66.47.23 172.66.47.23	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	199.232.192.193 199.232.192.193	54113 (FASTLY) (FASTLY)
2	65.21.74.205 65.21.74.205	24940 (HETZNER-AS) (HETZNER-AS)
7	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
3	65.108.226.197 65.108.226.197	24940 (HETZNER-AS) (HETZNER-AS)
1	172.217.16.193 172.217.16.193	15169 (GOOGLE) (GOOGLE)
20	7

6 172.66.47.23 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

alexanderchristie.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.192.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.21.74.205 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.205.74.21.65.clients.your-server.de

s9.gifyu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.108.226.197 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.197.226.108.65.clients.your-server.de

s12.gifyu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 382	114 KB
6	pages.dev 1 redirects alexanderchristie.pages.dev	36 KB
5	gifyu.com s9.gifyu.com — Cisco Umbrella Rank: 106687 s12.gifyu.com — Cisco Umbrella Rank: 136464	665 KB
2	imgur.com i.imgur.com — Cisco Umbrella Rank: 7108	718 KB
20	4

	Domain	Requested by
8	cdn.ampproject.org	alexanderchristie.pages.dev cdn.ampproject.org
6	alexanderchristie.pages.dev	1 redirects alexanderchristie.pages.dev
3	s12.gifyu.com	alexanderchristie.pages.dev
2	s9.gifyu.com	alexanderchristie.pages.dev
2	i.imgur.com	alexanderchristie.pages.dev
20	5

This site contains links to these domains. Also see Links.

Domain
t.ly
www.google.co.id
salestoyotajkt.com

Subject Issuer	Validity	Valid
alexanderchristie.pages.dev WE1	`2024-07-13` - `2024-10-11`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
s9.gifyu.com R11	`2024-07-14` - `2024-10-12`	3 months	crt.sh
misc-sni.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
s12.gifyu.com R11	`2024-07-17` - `2024-10-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
Frame ID: 9422A24612FFF1BD070BBD791B1ECEEC
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MISTERHOKI » Daftar & Login Agen Situs Judi Slot Online Terpercaya 2024

Page URL History Show full URLs

https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI Page URL
https://alexanderchristie.pages.dev/cdn-cgi/phish-bypass?atok=ZgJcahXLQ3sTh7keZeuAO4vd5XWVZkkOzFj7XGkknto-172124... HTTP 301
https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI Page URL

Page Statistics

20
Requests

100 %
HTTPS

17 %
IPv6

4
Domains

5
Subdomains

7
IPs

3
Countries

1533 kB
Transfer

2859 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://t.ly/iniapaya
Title: Daftar

Search URL Search Domain Scan URL

URL: https://www.google.co.id/search?q=MISTERHOKI
Title: MISTERHOKI

Search URL Search Domain Scan URL

URL: https://salestoyotajkt.com/goto/bkgacor/
Title: Slot Gacor

Search URL Search Domain Scan URL

URL: https://salestoyotajkt.com/goto/bkthailand/
Title: Slot Thailand

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI Page URL
https://alexanderchristie.pages.dev/cdn-cgi/phish-bypass?atok=ZgJcahXLQ3sTh7keZeuAO4vd5XWVZkkOzFj7XGkknto-1721249321-0.0.1.1-%2Foverride%2F-%2F%3Fusdt%3DTOTO%2520KOI HTTP 301
https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 / Show response
alexanderchristie.pages.dev/override/-/ 4 KB
2 KB 117ms
51ms Document
text/html 172.66.47.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.23 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca6d055634eaa59c428c11fa265cabe5aa7f36872ac5fbcf02e68d15b48052b5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

cf-ray: 8a4d18260c150a3b-ARN
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 17 Jul 2024 20:48:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4llhKEIhlQbQtTA1dpKMDCqBHblAlv0liTcMmvTeMuDTNfkL%2FsWc3rw%2B6NRUFUgF6fbi3GLTDXAlcKT203F1ZrF5N0g1rLyJbpnrq8pOnAUSqKzk0HFSRWF7cDr0dm6nPvdstp4QcPKAp0tWYUA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
alexanderchristie.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 135ms
134ms Stylesheet
text/css 172.66.47.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://alexanderchristie.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.23 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 17:10:21 GMT
server: cloudflare
etag: W/"6691637d-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8a4d18267ce00a3b-ARN
expires: Wed, 17 Jul 2024 22:48:41 GMT

GET
H3 200 icon-exclamation.png
alexanderchristie.pages.dev/cdn-cgi/images/ 452 B
635 B 49ms
49ms Image
image/png 172.66.47.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://alexanderchristie.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.23 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://alexanderchristie.pages.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:42 GMT
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 17:10:21 GMT
server: cloudflare
etag: "6691637d-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8a4d18279e6d0a3b-ARN
content-length: 452
expires: Wed, 17 Jul 2024 22:48:42 GMT

GET
H3 200 favicon.ico
alexanderchristie.pages.dev/ 61 KB
14 KB 186ms
185ms Other
text/html 172.66.47.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://alexanderchristie.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.23 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67b2caa3e56fe561efed0b0a8960f6c98f7b211dd151e5bbe4279fc55f714508

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:42 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VgHbnPxWN21JyUOKubxxh80yZ6cT06l7DawRfTIYQNxj3JfK5W%2F60OCyji2YkNpw6TcMEiEF%2FxzYghY8ZIBxTmPPU2n02jHgZi%2FzuwLprJbFXLdFLMIzjOnUI23L7ZHiXQ84f5ch%2FuhWxlC90oE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a4d18288fa90a3b-ARN
link: <https://i.imgur.com/kMy7p9h.png>; rel="preload"; as=image, <https://s9.gifyu.com/images/SVXdp.jpg>; rel="preload"; as=image
alt-svc: h3=":443"; ma=86400

GET
H2 200 kMy7p9h.png
i.imgur.com/ 716 KB
718 KB 175ms
56ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/kMy7p9h.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

268acdb61785bedd7ffc8ef1af2c725d9bccf92fac35ef9299f3cd5f305e7c70

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://alexanderchristie.pages.dev/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:42 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 3745456
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 732916
x-served-by: cache-iad-kjyo7100057-IAD, cache-fra-eddf8230082-FRA
last-modified: Wed, 06 Mar 2024 06:51:20 GMT
server: cat factory 1.0
x-timer: S1721249323.634630,VS0,VE1
etag: "705c9095b81f62054a9119eaab4d5d5d"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: rRrxCckDfLGjQxoAWUMBSjz84FuQLx263t9Zx_VEtt8UENU_KETbfA==
x-cache-hits: 436, 0

GET
H2 200 SVXdp.jpg
s9.gifyu.com/images/ 117 KB
117 KB 117ms
35ms Image
image/jpeg 65.21.74.205
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s9.gifyu.com/images/SVXdp.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.21.74.205 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.205.74.21.65.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a75ae9927ff6a2213b32e56e92ae5ec2362faad21f4b05258c75b27e85b3d16e

Request headers

Referer: https://alexanderchristie.pages.dev/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:42 GMT
last-modified: Mon, 08 Apr 2024 12:53:56 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "6613e8e4-1d292"
content-length: 119442
content-type: image/jpeg

GET
H3

200

Primary Request / Show response
alexanderchristie.pages.dev/override/-/
Redirect Chain

https://alexanderchristie.pages.dev/cdn-cgi/phish-bypass?atok=ZgJcahXLQ3sTh7keZeuAO4vd5XWVZkkOzFj7XGkknto-1721249321-0.0.1.1-%2Foverride%2F-%2F%3Fusdt%3DTOTO%2520KOI
https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

61 KB
14 KB

113ms
113ms

Document
text/html

172.66.47.23
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.23 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67b2caa3e56fe561efed0b0a8960f6c98f7b211dd151e5bbe4279fc55f714508

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8a4d18405cd70a3b-ARN
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 17 Jul 2024 20:48:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7D%2Bq2ri38fIqnnH5ttjiY17aMcsoo%2Fp6M0%2Fx5Ui4mpyS1ueIWWidKzp%2BSWGJBJUlZyZ%2FaW%2BZWvW738Vl%2BP0dAZKYNmykba2id4iJb6NgoSDeLQumms0I56fixUjtiU9IFJdj9Z%2BD4wS6KYLR0%2Bo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

cache-control: private, no-cache
cf-ray: 8a4d183ffc3c0a3b-ARN
content-length: 167
content-type: text/html
date: Wed, 17 Jul 2024 20:48:46 GMT
location: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 kMy7p9h.png
i.imgur.com/ 716 KB
0 1ms
1ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/kMy7p9h.png

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

268acdb61785bedd7ffc8ef1af2c725d9bccf92fac35ef9299f3cd5f305e7c70

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://alexanderchristie.pages.dev/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:42 GMT
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 3745456
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront, HIT, HIT
content-length: 732916
x-served-by: cache-iad-kjyo7100057-IAD, cache-fra-eddf8230082-FRA
last-modified: Wed, 06 Mar 2024 06:51:20 GMT
server: cat factory 1.0
x-timer: S1721249323.634630,VS0,VE1
etag: "705c9095b81f62054a9119eaab4d5d5d"
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: rRrxCckDfLGjQxoAWUMBSjz84FuQLx263t9Zx_VEtt8UENU_KETbfA==
x-cache-hits: 436, 0

GET
H2 200 SVXdp.jpg
s9.gifyu.com/images/ 117 KB
0 12ms
11ms Image
image/jpeg 65.21.74.205
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s9.gifyu.com/images/SVXdp.jpg
Requested by: Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.21.74.205 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.205.74.21.65.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a75ae9927ff6a2213b32e56e92ae5ec2362faad21f4b05258c75b27e85b3d16e

Request headers

Referer: https://alexanderchristie.pages.dev/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:42 GMT
last-modified: Mon, 08 Apr 2024 12:53:56 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "6613e8e4-1d292"
content-length: 119442
content-type: image/jpeg

GET
H2 200 v0.mjs Show response
cdn.ampproject.org/ 223 KB
62 KB 348ms
149ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.mjs

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82a83d371708d9df49f213ebc3e87992f59f2011870ac8323b6ec67764da1abf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 17 Jul 2024 20:48:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63636
x-xss-protection: 0
server: sffe
etag: "8ad91926f1c8071b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jul 2024 20:48:46 GMT

GET
H2 200 amp-carousel-0.1.mjs Show response
cdn.ampproject.org/v0/ 33 KB
10 KB 271ms
73ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-carousel-0.1.mjs

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28fc5aafc2a6512b40a3f5ad395c890ccf6281dddc934d3843ffc6beda937dfb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 17 Jul 2024 20:48:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10080
x-xss-protection: 0
server: sffe
etag: "c3301e318faf75a3"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jul 2024 20:48:46 GMT

GET
H2 200 amp-install-serviceworker-0.1.mjs Show response
cdn.ampproject.org/v0/ 6 KB
3 KB 266ms
68ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-install-serviceworker-0.1.mjs

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d71cf7542f04b81900dcedceb0adeb4d4117db4c8735c7ea47701575012b84a3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 17 Jul 2024 20:48:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2376
x-xss-protection: 0
server: sffe
etag: "4c0ad8b78f8e7277"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jul 2024 20:48:46 GMT

GET
H2 200 amp-youtube-0.1.mjs Show response
cdn.ampproject.org/v0/ 31 KB
10 KB 404ms
206ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-youtube-0.1.mjs

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b048995239389eace0a45abda4e1dc55459b8ab924ddc8410d2f7d64f860613

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 17 Jul 2024 20:48:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10309
x-xss-protection: 0
server: sffe
etag: "8fbc1789b30c08f3"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jul 2024 20:48:46 GMT

GET
H2 200 amp-accordion-0.1.mjs Show response
cdn.ampproject.org/v0/ 14 KB
5 KB 408ms
211ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-accordion-0.1.mjs

Requested by

Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

112150e5c6f2d2049e0dc2db39014a5257e988434cdc7120bb11ab403eccdba0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 17 Jul 2024 20:48:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4855
x-xss-protection: 0
server: sffe
etag: "7fa826f23ca3a44b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 17 Jul 2024 20:48:46 GMT

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ee947a39b7746e8364c378f4bf0cd78414a58717712a4db0c7ca23e2003585b

Request headers

Referer
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 Sf9Se.png
s12.gifyu.com/images/ 432 KB
432 KB 141ms
59ms Image
image/png 65.108.226.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s12.gifyu.com/images/Sf9Se.png
Requested by: Host: alexanderchristie.pages.dev
URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.108.226.197 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.197.226.108.65.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: abf0df4780df14126d9862d8c4940c744d09647024cba17480ad18253d2dea48

Request headers

Referer: https://alexanderchristie.pages.dev/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:46 GMT
last-modified: Sat, 18 May 2024 17:07:07 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "6648e03b-6bf67"
content-length: 442215
content-type: image/png

GET
H2 200 amp-auto-lightbox-0.1.mjs Show response
cdn.ampproject.org/rtv/012406131415000/v0/ 7 KB
3 KB 62ms
60ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406131415000/v0/amp-auto-lightbox-0.1.mjs

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.mjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c5cd6ba9787bd2e949e1e59a38c4b78f5df6d46aa5669f4aa37d640cb6eb59ed

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Jul 2024 01:27:49 GMT
age: 156057
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2818
x-xss-protection: 0
server: sffe
etag: "0f1043067b080ec4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 16 Jul 2025 01:27:49 GMT

GET
H2 200 amp-loader-0.1.mjs Show response
cdn.ampproject.org/rtv/012406131415000/v0/ 12 KB
4 KB 64ms
61ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406131415000/v0/amp-loader-0.1.mjs

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.mjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

448251b93a2fb3f80f51081ce205fc240ce07b4673076dde994f7e814df402c4

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 12 Jul 2024 00:35:36 GMT
age: 504790
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3918
x-xss-protection: 0
server: sffe
etag: "d5892724272da8aa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 12 Jul 2025 00:35:36 GMT

GET
H2 200 SVVuK.png
s12.gifyu.com/images/ 115 KB
115 KB 36ms
35ms Other
image/png 65.108.226.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s12.gifyu.com/images/SVVuK.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.108.226.197 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.197.226.108.65.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 93b506fbccdafe0878ad739a67422c7063ffd135bd12d7ef6ce922edc89e0ae8

Request headers

Referer: https://alexanderchristie.pages.dev/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:47 GMT
last-modified: Tue, 02 Apr 2024 11:49:53 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "660bf0e1-1cc00"
content-length: 117760
content-type: image/png

GET
H3 200 amp-lightbox-gallery-0.1.mjs Show response
cdn.ampproject.org/rtv/012406131415000/v0/ 56 KB
17 KB 67ms
66ms Script
text/javascript 172.217.16.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406131415000/v0/amp-lightbox-gallery-0.1.mjs

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f1.1e100.net

Software

sffe /

Resource Hash

0bdd0b0c570ddb33b64cd10996b5a75d022046b21e0fdf3a9eb202aeb10be1ac

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://alexanderchristie.pages.dev/
Origin: https://alexanderchristie.pages.dev
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 16 Jul 2024 12:05:46 GMT
age: 117781
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16934
x-xss-protection: 0
server: sffe
etag: "f84b60a0a66cf590"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 16 Jul 2025 12:05:46 GMT

GET
H2 200 SVVuK.png
s12.gifyu.com/images/ 115 KB
0 0ms
0ms Other
image/png 65.108.226.197
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s12.gifyu.com/images/SVVuK.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.108.226.197 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.197.226.108.65.clients.your-server.de
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 93b506fbccdafe0878ad739a67422c7063ffd135bd12d7ef6ce922edc89e0ae8

Request headers

Referer: https://alexanderchristie.pages.dev/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

date: Wed, 17 Jul 2024 20:48:47 GMT
last-modified: Tue, 02 Apr 2024 11:49:53 GMT
server: nginx/1.18.0 (Ubuntu)
accept-ranges: bytes
etag: "660bf0e1-1cc00"
content-length: 117760
content-type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.alexanderchristie.pages.dev/	1970-01-20 22:08:55	Name: __cf_mw_byp Value: ZgJcahXLQ3sTh7keZeuAO4vd5XWVZkkOzFj7XGkknto-1721249321-0.0.1.1-/override/-/?usdt=TOTO%20KOI

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://alexanderchristie.pages.dev/override/-/?usdt=TOTO%20KOI Message: The resource https://s9.gifyu.com/images/SVXdp.jpg was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alexanderchristie.pages.dev
cdn.ampproject.org
i.imgur.com
s12.gifyu.com
s9.gifyu.com
172.217.16.193
172.66.47.23
199.232.192.193
2a00:1450:4001:813::2001
65.108.226.197
65.21.74.205
0bdd0b0c570ddb33b64cd10996b5a75d022046b21e0fdf3a9eb202aeb10be1ac
112150e5c6f2d2049e0dc2db39014a5257e988434cdc7120bb11ab403eccdba0
268acdb61785bedd7ffc8ef1af2c725d9bccf92fac35ef9299f3cd5f305e7c70
28fc5aafc2a6512b40a3f5ad395c890ccf6281dddc934d3843ffc6beda937dfb
448251b93a2fb3f80f51081ce205fc240ce07b4673076dde994f7e814df402c4
5b048995239389eace0a45abda4e1dc55459b8ab924ddc8410d2f7d64f860613
67b2caa3e56fe561efed0b0a8960f6c98f7b211dd151e5bbe4279fc55f714508
82a83d371708d9df49f213ebc3e87992f59f2011870ac8323b6ec67764da1abf
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8ee947a39b7746e8364c378f4bf0cd78414a58717712a4db0c7ca23e2003585b
93b506fbccdafe0878ad739a67422c7063ffd135bd12d7ef6ce922edc89e0ae8
a75ae9927ff6a2213b32e56e92ae5ec2362faad21f4b05258c75b27e85b3d16e
abf0df4780df14126d9862d8c4940c744d09647024cba17480ad18253d2dea48
c5cd6ba9787bd2e949e1e59a38c4b78f5df6d46aa5669f4aa37d640cb6eb59ed
ca6d055634eaa59c428c11fa265cabe5aa7f36872ac5fbcf02e68d15b48052b5
d71cf7542f04b81900dcedceb0adeb4d4117db4c8735c7ea47701575012b84a3
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

alexanderchristie.pages.dev Open in urlscan Pro 172.66.47.23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

20 Requests

100 %HTTPS

17 %IPv6

4 Domains

5 Subdomains

7 IPs

3 Countries

1533 kBTransfer

2859 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

alexanderchristie.pages.dev Open in urlscan Pro
172.66.47.23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

17 %
IPv6

4
Domains

5
Subdomains

7
IPs

3
Countries

1533 kB
Transfer

2859 kB
Size

1
Cookies

20 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!