upstream.to Open in urlscan Pro
185.39.11.251 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://upstream.to/embed-ot63xegvwafh.html
Effective URL:
https://upstream.to/embed-ot63xegvwafh.html
Submission: On February 24 via manual (February 24th 2020, 5:10:35 pm UTC) from IT

Summary HTTP 52 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 26 IPs in 9 countries across 19 domains to perform 52 HTTP transactions. The main IP is 185.39.11.251, located in Switzerland and belongs to NETWORKDEDICATED, CH. The main domain is upstream.to.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 4th 2019. Valid for: 2 years.

This is the only time upstream.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	185.39.11.251 185.39.11.251	62355 (NETWORKDE...) (NETWORKDEDICATED)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1	198.134.112.241 198.134.112.241	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 3	173.192.101.24 173.192.101.24	36351 (SOFTLAYER) (SOFTLAYER)
1	2600:9000:205... 2600:9000:2057:8e00:1d:6a4c:5ec0:21	16509 (AMAZON-02) (AMAZON-02)
1	188.42.34.34 188.42.34.34	7979 (SERVERS) (SERVERS)
1	2606:4700:303... 2606:4700:3033::681b:8e06	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	165.231.0.28 165.231.0.28	61072 (EZNET-AS) (EZNET-AS)
2	2a00:1450:400... 2a00:1450:4001:825::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:c16b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3035::6812:3747	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.190.8.27 35.190.8.27	15169 (GOOGLE) (GOOGLE)
1	52.4.200.187 52.4.200.187	14618 (AMAZON-AES) (AMAZON-AES)
4	107.23.120.245 107.23.120.245	14618 (AMAZON-AES) (AMAZON-AES)
1	195.181.175.51 195.181.175.51	60068 (CDN77) (CDN77)
2 2	185.33.223.200 185.33.223.200	29990 (ASN-APPNEX) (ASN-APPNEX)
6	104.18.3.207 104.18.3.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	94.31.29.128 94.31.29.128	33438 (HIGHWINDS2) (HIGHWINDS2)
3	62.210.222.188 62.210.222.188	12876 (Online SAS) (Online SAS)
3	2606:4700::68... 2606:4700::6811:a6ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	162.252.214.5 162.252.214.5	53334 (TUT-AS) (TUT-AS)
1	2606:4700::68... 2606:4700::6811:a7ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.200.118.90 185.200.118.90	9009 (M247) (M247)
1	38.132.109.186 38.132.109.186	9009 (M247) (M247)
1	185.200.116.90 185.200.116.90	9009 (M247) (M247)
1	216.21.13.16 216.21.13.16	53334 (TUT-AS) (TUT-AS)
52	26

12 185.39.11.251 (Switzerland) 1 redirects

ASN62355 (NETWORKDEDICATED, CH)

upstream.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.134.112.241 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)

pl15221366.passeura.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 173.192.101.24 (Dallas, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com

p349709.clksite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mybestdc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
clksite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:8e00:1d:6a4c:5ec0:21 (United States)

ASN16509 (AMAZON-02, US)

d3hs51abvkuanv.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.42.34.34 (Luxembourg)

ASN7979 (SERVERS, US)

vagwyn.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::681b:8e06 (United States)

ASN13335 (CLOUDFLARENET, US)

images.upstream.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 165.231.0.28 (Sweden) 1 redirects

ASN61072 (EZNET-AS, GB)

meapk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:c16b (United States)

ASN13335 (CLOUDFLARENET, US)

fbcdn2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6812:3747 (United States)

ASN13335 (CLOUDFLARENET, US)

ufpcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.8.27 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 27.8.190.35.bc.googleusercontent.com

onclicksuper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.4.200.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-200-187.compute-1.amazonaws.com

elastinabuker.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 107.23.120.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-120-245.compute-1.amazonaws.com

eralsstroying.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.181.175.51 (Frankfurt am Main, Germany)

ASN60068 (CDN77, GB)
PTR: unn-195-181-175-51.datapacket.com

c1.popads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.200 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 308.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.3.207 (United States)

ASN13335 (CLOUDFLARENET, US)

desigactinific.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.31.29.128 (United Kingdom)

ASN33438 (HIGHWINDS2, US)
PTR: 94.31.29.128.IPYX-077437-ZYO.above.net

p349709.mycdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 62.210.222.188 (France)

ASN12876 (Online SAS, FR)
PTR: 62-210-222-188.rev.poneytelecom.eu

s38.upstream.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:a6ba (United States)

ASN13335 (CLOUDFLARENET, US)

c.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
6.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.252.214.5 (United States)

ASN53334 (TUT-AS, US)

adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:a7ba (United States)

ASN13335 (CLOUDFLARENET, US)

6.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.200.118.90 (London, United Kingdom)

ASN9009 (M247, GB)
PTR: adscore.com

t9970mlt9hd8.l.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.132.109.186 (New York, United States)

ASN9009 (M247, GB)

t9970mlt9hd8.n.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.200.116.90 (Singapore, Singapore)

ASN9009 (M247, GB)
PTR: no-mans-land.m247.com

t9970mlt9hd8.s.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.21.13.16 (United States)

ASN53334 (TUT-AS, US)

serve.popads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	upstream.to 1 redirects upstream.to images.upstream.to s38.upstream.to	3 MB
9	adsco.re c.adsco.re 6.adsco.re adsco.re t9970mlt9hd8.l.adsco.re t9970mlt9hd8.n.adsco.re t9970mlt9hd8.s.adsco.re	15 KB
6	desigactinific.pro desigactinific.pro	4 KB
4	eralsstroying.info eralsstroying.info	383 B
2	adnxs.com 2 redirects secure.adnxs.com	2 KB
2	popads.net c1.popads.net serve.popads.net	9 KB
2	fbcdn2.com fbcdn2.com	17 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	meapk.com 1 redirects meapk.com	231 B
2	clksite.com 1 redirects p349709.clksite.com clksite.com	373 B
1	mycdn.co p349709.mycdn.co	67 KB
1	elastinabuker.site elastinabuker.site
1	onclicksuper.com onclicksuper.com	96 B
1	ufpcdn.com ufpcdn.com
1	vagwyn.pw vagwyn.pw	1 KB
1	cloudfront.net d3hs51abvkuanv.cloudfront.net	38 KB
1	mybestdc.com mybestdc.com	38 KB
1	passeura.com pl15221366.passeura.com
1	googletagmanager.com www.googletagmanager.com	28 KB
52	19

	Domain	Requested by
12	upstream.to	1 redirects upstream.to
6	desigactinific.pro	upstream.to d3hs51abvkuanv.cloudfront.net
4	eralsstroying.info	upstream.to
3	s38.upstream.to	upstream.to
2	adsco.re	c.adsco.re
2	6.adsco.re	upstream.to c.adsco.re
2	c.adsco.re	mybestdc.com
2	secure.adnxs.com	2 redirects
2	fbcdn2.com	upstream.to
2	www.google-analytics.com	www.googletagmanager.com upstream.to
2	meapk.com	1 redirects upstream.to
1	serve.popads.net	mybestdc.com
1	t9970mlt9hd8.s.adsco.re	c.adsco.re
1	t9970mlt9hd8.n.adsco.re	c.adsco.re
1	t9970mlt9hd8.l.adsco.re	c.adsco.re
1	p349709.mycdn.co	mybestdc.com
1	c1.popads.net	upstream.to
1	elastinabuker.site	d3hs51abvkuanv.cloudfront.net
1	clksite.com	upstream.to
1	onclicksuper.com	upstream.to
1	ufpcdn.com	upstream.to
1	images.upstream.to	upstream.to
1	vagwyn.pw	upstream.to
1	d3hs51abvkuanv.cloudfront.net	upstream.to
1	mybestdc.com	upstream.to
1	p349709.clksite.com	1 redirects
1	pl15221366.passeura.com	upstream.to
1	www.googletagmanager.com	upstream.to
52	28

This site contains links to these domains. Also see Links.

Domain
adsco.re

Subject Issuer	Validity	Valid
*.upstream.to Sectigo RSA Domain Validation Secure Server CA	`2019-11-04` - `2021-11-03`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-02-12` - `2020-05-06`	3 months	crt.sh
passeura.com Let's Encrypt Authority X3	`2020-01-08` - `2020-04-07`	3 months	crt.sh
*.mybestdc.com Sectigo RSA Domain Validation Secure Server CA	`2019-07-11` - `2020-07-21`	a year	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
vagwyn.pw Let's Encrypt Authority X3	`2019-12-29` - `2020-03-28`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-11-07` - `2020-10-09`	a year	crt.sh
meapk.com cPanel, Inc. Certification Authority	`2020-01-23` - `2020-04-22`	3 months	crt.sh
www.fbcdn2.com COMODO RSA Domain Validation Secure Server CA	`2017-10-23` - `2020-10-22`	3 years	crt.sh
www.onclicksuper.com COMODO RSA Domain Validation Secure Server CA	`2017-10-18` - `2020-10-17`	3 years	crt.sh
*.clksite.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-10` - `2020-10-26`	a year	crt.sh
elastinabuker.site Amazon	`2020-02-23` - `2021-03-23`	a year	crt.sh
eralsstroying.info Amazon	`2020-02-20` - `2021-03-20`	a year	crt.sh
1355769017.rsc.cdn77.org Let's Encrypt Authority X3	`2020-01-13` - `2020-04-12`	3 months	crt.sh
*.mycdn.co Sectigo RSA Domain Validation Secure Server CA	`2019-10-10` - `2020-10-21`	a year	crt.sh
*.adsco.re COMODO RSA Organization Validation Secure Server CA	`2017-09-26` - `2020-09-25`	3 years	crt.sh
*.l.adsco.re COMODO RSA Domain Validation Secure Server CA	`2018-07-14` - `2020-07-13`	2 years	crt.sh
*.n.adsco.re COMODO RSA Domain Validation Secure Server CA	`2018-07-30` - `2020-07-29`	2 years	crt.sh
*.s.adsco.re COMODO RSA Domain Validation Secure Server CA	`2018-07-30` - `2020-07-29`	2 years	crt.sh
*.popads.net Sectigo RSA Domain Validation Secure Server CA	`2019-10-29` - `2021-10-29`	2 years	crt.sh

This page contains 4 frames:

Primary Page: https://upstream.to/embed-ot63xegvwafh.html
Frame ID: 6608C2977CE764D56975EFEB8B0B4B2C
Requests: 49 HTTP requests in this frame

Frame: https://ufpcdn.com/script/identify.html?frmt=0
Frame ID: 925AA0A96B7A76BC50D41E971532BE07
Requests: 1 HTTP requests in this frame

Frame: https://elastinabuker.site/UW5NenowDC4XRTBTL1wPIwJwX0gXS388HmIGPk9LMAw7EQ8wADtUGT0BOB4cIwEjDlQ/CzlfSBceHiwsGyMLGQseByktGxVedTYrYBgoSDAmLyAoDAEUPRw1BQIiM0oYBg8oDRYKCk4uHDoLMjw5Xi45OAgEAAA8YS8VPxYfLSkiGzxWOjBLHx8oMjc+OAksSgg5dD8wKDdoSDg1KyIDMShWdSwAEBsDOQkGJyQSFRsodQ4zFQUhLyIbWQhJDTQ0fwIUNDwqTDEVNyoiExwDBxM/BzQMDg00GQxfSBMkND8JCSYHTSACPB80PSkAKCxCOgwKHk8CJgdNIAlDKjs5GQYlPB0HS384GBYKeC8pMlsCKQIZIyQJX2MsBD8oKAs1NEIQXA8UID9WGyAiPVcEFh07JAkWCRAGHwkgYgIuKhMYGS87MD8iJzsLBhQlHRkZHQw0ORQABxZKKAwKGSoTXAMUIAYNCSMyJR0XDTw5DQU4TRAtHBU3KAYOKhcpAAkNLDoIIw5MEwAIQhsZCQk3KSkHASsSOQh/S0MEOR9fSBMMDgkyCzY+STYmI38cEBQaGy0waDceDTN3BD4VFCFTJwgMHScCPkMLCjUNOwUnDA
Frame ID: 4EAA8B620202A6932DEB3C8EF061838F
Requests: 1 HTTP requests in this frame

Frame: https://c.adsco.re/
Frame ID: 8017D14035B24911CCDDA279BF47C0D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://upstream.to/embed-ot63xegvwafh.html HTTP 301
https://upstream.to/embed-ot63xegvwafh.html Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

52
Requests

98 %
HTTPS

31 %
IPv6

19
Domains

28
Subdomains

26
IPs

9
Countries

3417 kB
Transfer

6970 kB
Size

10
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://adsco.re/v
Title: Click Here

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://upstream.to/embed-ot63xegvwafh.html HTTP 301
https://upstream.to/embed-ot63xegvwafh.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://p349709.clksite.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false HTTP 301
https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false

Request Chain 12

https://meapk.com/upstream/counter.php?sw=1600&sc=24&referer=&page=https://upstream.to/embed-ot63xegvwafh.html HTTP 302
https://meapk.com/cgi-sys/suspendedpage.cgi?sw=1600&sc=24&referer=&page=https://upstream.to/embed-ot63xegvwafh.html

Request Chain 25

https://secure.adnxs.com/getuid?https://desigactinific.pro/s?a=$UID&b=318164182050 HTTP 302
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdesigactinific.pro%2Fs%3Fa%3D%24UID%26b%3D318164182050 HTTP 302
https://desigactinific.pro/s?a=2400712831092577111&b=318164182050

52 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request embed-ot63xegvwafh.html Show response
upstream.to/
Redirect Chain

http://upstream.to/embed-ot63xegvwafh.html
https://upstream.to/embed-ot63xegvwafh.html

89 KB
33 KB

491ms
450ms

Document
text/html

185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL

https://upstream.to/embed-ot63xegvwafh.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),

Reverse DNS

Software

nginx /

Resource Hash

bf3fac7b738c326ca40a8006180c8d43447369dd76feedd790f49a1441eba256

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	1
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: upstream.to
:scheme: https
:path: /embed-ot63xegvwafh.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
server: nginx
date: Mon, 24 Feb 2020 17:10:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 23 Feb 2020 17:10:17 GMT
x-frame-options: 1
set-cookie: lang=1; domain=.upstream.to; path=/; HttpOnly
cache-control: public
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-server-powered-by: Engintron
content-encoding: gzip

Redirect headers

Server: nginx
Date: Mon, 24 Feb 2020 17:10:16 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 251
Connection: keep-alive
Location: https://upstream.to/embed-ot63xegvwafh.html
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Server-Powered-By: Engintron

GET
H2 200 main.css
upstream.to/css/ 48 KB
11 KB 23ms
21ms Stylesheet
text/css 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/css/main.css
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: 43ac3865ac01e3e268b117f477e1761ec9c1675b000ece5a99db12912a506c8b

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: gzip
last-modified: Sun, 03 Nov 2019 21:16:24 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:17 GMT

GET
H2 200 jquery.min.js Show response
upstream.to/js/ 94 KB
33 KB 29ms
26ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/js/jquery.min.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: gzip
last-modified: Sun, 17 Nov 2019 08:35:39 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:17 GMT

GET
H2 200 xupload.js Show response
upstream.to/js/ 10 KB
4 KB 34ms
32ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/js/xupload.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: f2f42bf6bd7d7ef2e610c717db7037be84a34c4085bbc299e498fe3251cd1222

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: gzip
last-modified: Sun, 17 Nov 2019 08:35:41 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:17 GMT

GET
H2 200 jquery.cookie.js Show response
upstream.to/js/ 4 KB
2 KB 35ms
33ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/js/jquery.cookie.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: 75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: gzip
last-modified: Sun, 17 Nov 2019 08:35:30 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-49432491-14

Requested by

Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

845bca8a141a59ecf3976b12e24a94fceb4ba8a332643bab5f6322e275715e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28493
x-xss-protection: 0
last-modified: Mon, 24 Feb 2020 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 24 Feb 2020 17:10:17 GMT

GET
H/1.1 403
Forbidden 5639b0e88eb809d5d041d6d759e2dff5.js
pl15221366.passeura.com/56/39/b0/ 0
0 483ms
274ms Script
application/javascript 198.134.112.241
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://pl15221366.passeura.com/56/39/b0/5639b0e88eb809d5d041d6d759e2dff5.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.134.112.241 Garden City, United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 24 Feb 2020 17:10:17 GMT
Server: nginx/1.17.6
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 0
Content-Type: application/javascript

GET
H2

200

banners Show response
mybestdc.com/adServe/
Redirect Chain

https://p349709.clksite.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false
https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false

99 KB
38 KB

502ms
223ms

Script
text/javascript

173.192.101.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.192.101.24 Dallas, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.65.c0ad.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 54eab73bcd748dacb86c677aca7d451069c7517bc5553b7eaf4c152996181117

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
status: 200
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

status: 301
date: Mon, 24 Feb 2020 17:10:17 GMT
server: nginx
content-length: 178
location: https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false
content-type: text/html

GET
H2 200 / Show response
d3hs51abvkuanv.cloudfront.net/ 103 KB
38 KB 237ms
196ms Script
text/plain 2600:9000:2057:8e00:1d:6a4c:5ec0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3hs51abvkuanv.cloudfront.net/?bashd=827923
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:8e00:1d:6a4c:5ec0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: b50a29eef21cc5f4e515ade343267a735197f40bf9c715928c4d5f41d56f7a98

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: gzip
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
status: 200
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
access-control-allow-origin: *
content-length: 38392
via: 1.1 7ed7afde326861e358c3c83359e99895.cloudfront.net (CloudFront)
x-amz-cf-id: Yt1OlJuDFlCF9KbNtJLdVds3PRafJ5boGRJWaQk8-3sSvholXQqUug==

GET
H/1.1 200
OK 15636 Show response
vagwyn.pw/rQoH8AUd1Ui6cSTh/ 5 B
1 KB 248ms
32ms Script
application/javascript 188.42.34.34
SERVERS

General

Check archive.org

Show headers Download Go to

Full URL: https://vagwyn.pw/rQoH8AUd1Ui6cSTh/15636
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 188.42.34.34 , Luxembourg, ASN7979 (SERVERS, US),
Reverse DNS
Software: nginx /
Resource Hash: d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Mon, 24 Feb 2020 17:10:17 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: https://upstream.to
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=20

GET
H2 200 jwplayer.js Show response
upstream.to/player8/ 99 KB
32 KB 30ms
29ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/player8/jwplayer.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: 2c1fa8d90a4037b759e005c9216c36bdbf4ff3c695b4d31ccce7cc00ff403532

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: gzip
last-modified: Sun, 12 Jan 2020 21:36:18 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:17 GMT

GET
H2 200 googima.js Show response
upstream.to/js/ 36 B
224 B 34ms
33ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/js/googima.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: ff687e2177537cc8e021014af056c22a44036a19c9101350dedf64a6666d47ba

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:17 GMT
last-modified: Thu, 14 May 2015 12:57:56 GMT
server: nginx
content-type: application/javascript
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 36
expires: Wed, 25 Mar 2020 17:10:17 GMT

GET
H2 200 ot63xegvwafh.jpg
images.upstream.to/ 19 KB
19 KB 46ms
15ms Image
image/jpeg 2606:4700:3033::681b:8e06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.upstream.to/ot63xegvwafh.jpg
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::681b:8e06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0724263586901e21d1014eabb33ba336ed77cd7672ecad3842ca94779bea48c9

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Mon, 24 Feb 2020 17:10:17 GMT
cf-cache-status: HIT
last-modified: Fri, 14 Feb 2020 17:57:57 GMT
server: cloudflare
age: 858145
etag: "5e46dfa5-4a5e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=1209600
accept-ranges: bytes
cf-ray: 56a30d56bf99d6d1-FRA
content-length: 19038
expires: Fri, 28 Feb 2020 18:40:51 GMT

GET
H2

200

suspendedpage.cgi
meapk.com/cgi-sys/
Redirect Chain

https://meapk.com/upstream/counter.php?sw=1600&sc=24&referer=&page=https://upstream.to/embed-ot63xegvwafh.html
https://meapk.com/cgi-sys/suspendedpage.cgi?sw=1600&sc=24&referer=&page=https://upstream.to/embed-ot63xegvwafh.html

0
0

84ms
84ms

Image
text/html

165.231.0.28
EZNET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://meapk.com/cgi-sys/suspendedpage.cgi?sw=1600&sc=24&referer=&page=https://upstream.to/embed-ot63xegvwafh.html
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 165.231.0.28 , Sweden, ASN61072 (EZNET-AS, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date: Mon, 24 Feb 2020 17:10:17 GMT
x-content-type-options: nosniff
server: nginx
location: https://meapk.com/cgi-sys/suspendedpage.cgi?sw=1600&sc=24&referer=&page=https://upstream.to/embed-ot63xegvwafh.html
content-type: text/html; charset=iso-8859-1
status: 302
x-server-powered-by: Engintron
content-length: 311
x-xss-protection: 1; mode=block

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-49432491-14

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 4907
date: Mon, 24 Feb 2020 15:48:30 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Mon, 24 Feb 2020 17:48:30 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 14ms
14ms Image
image/gif 2a00:1450:4001:825::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1673561496&t=pageview&_s=1&dl=https%3A%2F%2Fupstream.to%2Fembed-ot63xegvwafh.html&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=718593028&gjid=1779890501&cid=1785568832.1582564217&tid=UA-49432491-14&_gid=1170260939.1582564217&_r=1&gtm=2ou2c0&z=1589537164

Requested by

Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Mon, 24 Feb 2020 17:10:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 compatibility.js Show response
fbcdn2.com/script/ 12 KB
7 KB 69ms
46ms Script
application/javascript 2606:4700::6811:c16b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fbcdn2.com/script/compatibility.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6811:c16b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 424c22882d902d767bff802920ee13a2ad43a10a5d80933359e0908c38f9b75c

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 24 Feb 2020 17:10:17 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 237
status: 200
x-guploader-uploadid: AEnB2UrU-KwA4Wft8Jqm9w6XACZoLjDTbzb87YzECcSmApWjx7Zi05PJrGl_de_f337lfB9sN_wOakPVfVd0a3abGkGqztGY6A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
last-modified: Thu, 14 Nov 2019 10:12:19 GMT
server: cloudflare
etag: W/"4798f8dea4e1699c741550414944af68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=bUD+ww==, md5=R5j43qThaZx0FVBBSUSvaA==
content-type: application/javascript
x-goog-generation: 1573726339118281
cache-control: public, max-age=14400
x-goog-stored-content-length: 12119
cf-ray: 56a30d59aefa9ace-FRA
expires: Mon, 24 Feb 2020 21:10:17 GMT

GET
H2 200 identify.html
ufpcdn.com/script/ Frame 925A 0
0 200ms
175ms Document
text/html 2606:4700:3035::6812:3747
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ufpcdn.com/script/identify.html?frmt=0
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6812:3747 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: ufpcdn.com
:scheme: https
:path: /script/identify.html?frmt=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://upstream.to/embed-ot63xegvwafh.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://upstream.to/embed-ot63xegvwafh.html

Response headers

status: 200
date: Mon, 24 Feb 2020 17:10:18 GMT
content-type: text/html
set-cookie: __cfduid=dff8df5be219a24aac8ce4244facb6f941582564217; expires=Wed, 25-Mar-20 17:10:17 GMT; path=/; domain=.ufpcdn.com; HttpOnly; SameSite=Lax
last-modified: Tue, 15 May 2018 06:39:25 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 56a30d5a3ba397a8-FRA
content-encoding: br

GET
H2 204 suurl.php Show response
onclicksuper.com/script/ 0
96 B 181ms
137ms Script
text/plain 35.190.8.27
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://onclicksuper.com/script/suurl.php?r=2856391&cbrandom=0.8909568338724927&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.8.27 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 27.8.190.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 204
date: Mon, 24 Feb 2020 17:10:18 GMT
via: 1.1 google
referrer-policy: no-referrer
server: openresty
access-control-allow-origin: *
alt-svc: clear

GET
H2 200 chrome.js Show response
fbcdn2.com/script/ 18 KB
10 KB 22ms
22ms Script
application/javascript 2606:4700::6811:c16b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fbcdn2.com/script/chrome.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2606:4700::6811:c16b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd185dfbf9ab9c108d634166de89aed49aa428db7b7a50d7eb8e23faf81196ca

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 705
status: 200
x-guploader-uploadid: AEnB2Uruf3_5tjXQNKmxm9uRwkyLPbCT1YECAh0gCzDZl-nietgwn0kXa7U5nd36vra49SOebcLfPU6pJJOIitFO6iGYQuLvpA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
last-modified: Thu, 31 Oct 2019 10:14:31 GMT
server: cloudflare
etag: W/"2990eae17895f67de9f4fbca62475041"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=hVwIww==, md5=KZDq4XiV9n3p9PvKYkdQQQ==
content-type: application/javascript
x-goog-generation: 1572516871888329
cache-control: public, max-age=14400
x-goog-stored-content-length: 18777
cf-ray: 56a30d5b39179ace-FRA
expires: Mon, 24 Feb 2020 21:10:18 GMT

GET
H2 200 advertisement.js Show response
clksite.com/static/ 27 B
235 B 138ms
137ms Script
application/javascript 173.192.101.24
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL: https://clksite.com/static/advertisement.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.192.101.24 Dallas, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: 18.65.c0ad.ip4.static.sl-reverse.com
Software: nginx /
Resource Hash: 582dc3c50568b761094d84da5b58e54ab33061750ef04871288de8e57f3de79e

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
last-modified: Mon, 12 Jun 2017 13:33:59 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=172800
expires: Wed, 26 Feb 2020 17:10:18 GMT

GET
H2 200 S0MEOR9fSBMMDgkyCzY+STYmI38cEBQaGy0waDceDTN3BD4VFCFTJwgMHScCPkMLCjUNOwUnDA
elastinabuker.site/UW5NenowDC4XRTBTL1wPIwJwX0gXS388HmIGPk9LMAw7EQ8wADtUGT0BOB4cIwEjDlQ/CzlfSBceHiwsGyMLGQseByktGxVedTYrYBgoSDAmLyAoDAEUPRw1BQIiM0oYBg8oDRYKCk4uHDoLMjw5Xi45OAgEAAA8YS8VPxYfLSkiGzxWOj... Frame 4EAA 0
0 347ms
122ms Document
text/html 52.4.200.187
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://elastinabuker.site/UW5NenowDC4XRTBTL1wPIwJwX0gXS388HmIGPk9LMAw7EQ8wADtUGT0BOB4cIwEjDlQ/CzlfSBceHiwsGyMLGQseByktGxVedTYrYBgoSDAmLyAoDAEUPRw1BQIiM0oYBg8oDRYKCk4uHDoLMjw5Xi45OAgEAAA8YS8VPxYfLSkiGzxWOjBLHx8oMjc+OAksSgg5dD8wKDdoSDg1KyIDMShWdSwAEBsDOQkGJyQSFRsodQ4zFQUhLyIbWQhJDTQ0fwIUNDwqTDEVNyoiExwDBxM/BzQMDg00GQxfSBMkND8JCSYHTSACPB80PSkAKCxCOgwKHk8CJgdNIAlDKjs5GQYlPB0HS384GBYKeC8pMlsCKQIZIyQJX2MsBD8oKAs1NEIQXA8UID9WGyAiPVcEFh07JAkWCRAGHwkgYgIuKhMYGS87MD8iJzsLBhQlHRkZHQw0ORQABxZKKAwKGSoTXAMUIAYNCSMyJR0XDTw5DQU4TRAtHBU3KAYOKhcpAAkNLDoIIw5MEwAIQhsZCQk3KSkHASsSOQh/S0MEOR9fSBMMDgkyCzY+STYmI38cEBQaGy0waDceDTN3BD4VFCFTJwgMHScCPkMLCjUNOwUnDA
Requested by: Host: d3hs51abvkuanv.cloudfront.net
URL: https://d3hs51abvkuanv.cloudfront.net/?bashd=827923
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.4.200.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-4-200-187.compute-1.amazonaws.com
Software: openresty/1.15.8.2 /
Resource Hash

Request headers

:method: GET
:authority: elastinabuker.site
:scheme: https
:path: /UW5NenowDC4XRTBTL1wPIwJwX0gXS388HmIGPk9LMAw7EQ8wADtUGT0BOB4cIwEjDlQ/CzlfSBceHiwsGyMLGQseByktGxVedTYrYBgoSDAmLyAoDAEUPRw1BQIiM0oYBg8oDRYKCk4uHDoLMjw5Xi45OAgEAAA8YS8VPxYfLSkiGzxWOjBLHx8oMjc+OAksSgg5dD8wKDdoSDg1KyIDMShWdSwAEBsDOQkGJyQSFRsodQ4zFQUhLyIbWQhJDTQ0fwIUNDwqTDEVNyoiExwDBxM/BzQMDg00GQxfSBMkND8JCSYHTSACPB80PSkAKCxCOgwKHk8CJgdNIAlDKjs5GQYlPB0HS384GBYKeC8pMlsCKQIZIyQJX2MsBD8oKAs1NEIQXA8UID9WGyAiPVcEFh07JAkWCRAGHwkgYgIuKhMYGS87MD8iJzsLBhQlHRkZHQw0ORQABxZKKAwKGSoTXAMUIAYNCSMyJR0XDTw5DQU4TRAtHBU3KAYOKhcpAAkNLDoIIw5MEwAIQhsZCQk3KSkHASsSOQh/S0MEOR9fSBMMDgkyCzY+STYmI38cEBQaGy0waDceDTN3BD4VFCFTJwgMHScCPkMLCjUNOwUnDA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://upstream.to/embed-ot63xegvwafh.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://upstream.to/embed-ot63xegvwafh.html

Response headers

status: 200
date: Mon, 24 Feb 2020 17:10:18 GMT
content-type: text/html
content-length: 1278
server: openresty/1.15.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip

GET
H2 204 RkR3
eralsstroying.info/cHNBOUdfTCJKeiMJFAoJQTV3eAE1MRsKcicyLWM3FhQDahE3NXYfMxkXfAF1R0pzCmEAGiUEdlYANVgzBQB8CGEZHSdWelYFfAhpQ0dvCHdeRGdNNxEUfAhhAAc1VXpBRnkLckZHcwh/ 0
57 B 322ms
107ms Image
text/plain 107.23.120.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eralsstroying.info/cHNBOUdfTCJKeiMJFAoJQTV3eAE1MRsKcicyLWM3FhQDahE3NXYfMxkXfAF1R0pzCmEAGiUEdlYANVgzBQB8CGEZHSdWelYFfAhpQ0dvCHdeRGdNNxEUfAhhAAc1VXpBRnkLckZHcwh/RkR3
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.120.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-120-245.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
access-control-allow-origin: *
date: Mon, 24 Feb 2020 17:10:18 GMT

GET
H2 200 pop.js Show response
c1.popads.net/ 31 KB
9 KB 100ms
32ms Script
application/javascript 195.181.175.51
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.popads.net/pop.js
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 195.181.175.51 Frankfurt am Main, Germany, ASN60068 (CDN77, GB),
Reverse DNS: unn-195-181-175-51.datapacket.com
Software: CDN77-Turbo /
Resource Hash: 4ee2321843d0ce41723b85fa88153fc89ce5e5597ba3310fd2cf4c29208ece23

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: br
last-modified: Mon, 17 Feb 2020 20:32:17 GMT
server: CDN77-Turbo
access-control-allow-origin: *
x-edge-location: frankfurtDE
etag: W/"5e4af851-7bfb"
x-cache: HIT
content-type: application/javascript
status: 200
x-edge-ip: 195.181.175.50
x-age: 2215
alt-svc: quic="195.181.175.50:443"; ma=2592000; v="44,43,39"

GET
H2 200 jwplayer.core.controls.html5.js Show response
upstream.to/player8/ 297 KB
76 KB 24ms
23ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/player8/jwplayer.core.controls.html5.js
Requested by: Host: upstream.to
URL: https://upstream.to/player8/jwplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: 198f48cd1767027558a66aa24203eb04a48e699e343ef2efb93deeaa98caff70

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
last-modified: Sun, 12 Jan 2020 21:36:09 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:18 GMT

GET
H2 200 related.js Show response
upstream.to/player8/ 115 KB
26 KB 38ms
38ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/player8/related.js
Requested by: Host: upstream.to
URL: https://upstream.to/player8/jwplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: da7957f6fe0ac3c1d8431423709855a79936308b2fc81e9430fa0245e2399965

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
last-modified: Sun, 12 Jan 2020 21:36:31 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:18 GMT

GET
H/1.1

200
OK

s
desigactinific.pro/
Redirect Chain

https://secure.adnxs.com/getuid?https://desigactinific.pro/s?a=$UID&b=318164182050
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdesigactinific.pro%2Fs%3Fa%3D%24UID%26b%3D318164182050
https://desigactinific.pro/s?a=2400712831092577111&b=318164182050

43 B
561 B

224ms
181ms

Image
image/gif

104.18.3.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://desigactinific.pro/s?a=2400712831092577111&b=318164182050
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:19 GMT
CF-Cache-Status: DYNAMIC
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Content-Type: image/gif
Connection: keep-alive
CF-RAY: 56a30d603f799d60-AMS
Content-Length: 43

Redirect headers

Pragma: no-cache
Date: Mon, 24 Feb 2020 17:10:20 GMT
AN-X-Request-Uuid: 6d5b4fc1-7b35-4d16-acb3-0034ff13cb85
Content-Type: text/html; charset=utf-8
Server: nginx/1.13.4
Location: https://desigactinific.pro/s?a=2400712831092577111&b=318164182050
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 82.102.19.134; 82.102.19.134; 308.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.43:80
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 rhpop_80.2-1.js Show response
p349709.mycdn.co/script/ 174 KB
67 KB 57ms
18ms Script
application/javascript 94.31.29.128
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://p349709.mycdn.co/script/rhpop_80.2-1.js
Requested by: Host: mybestdc.com
URL: https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 94.31.29.128 , United Kingdom, ASN33438 (HIGHWINDS2, US),
Reverse DNS: 94.31.29.128.IPYX-077437-ZYO.above.net
Software: NetDNA-cache/2.2 /
Resource Hash: 93a4512f74d4f46b230b4a335f956c14688561bd60a9c2e307ccb413c4fd6f4d

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
last-modified: Mon, 24 Jun 2019 11:33:16 GMT
server: NetDNA-cache/2.2
etag: W/"5d10b4fc-2b75b"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
expires: Thu, 18 Feb 2021 17:10:18 GMT

GET
H2 200 empty.srt Show response
upstream.to/srt/ 42 B
254 B 150ms
150ms XHR
text/vtt 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL

https://upstream.to/srt/empty.srt

Requested by

Host: upstream.to
URL: https://upstream.to/player8/jwplayer.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),

Reverse DNS

Software

nginx /

Resource Hash

f3adadb235f7ecab4a68f4d0961640c155c0d2057d28fe24e19d36b04904ddc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

date: Mon, 24 Feb 2020 17:10:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Nov 2019 21:20:48 GMT
server: nginx
content-type: text/vtt; charset=utf-8
status: 200
cache-control: public
x-server-powered-by: Engintron
accept-ranges: bytes
content-length: 42
x-xss-protection: 1; mode=block

GET
H2 200 polyfills.webvtt.js Show response
upstream.to/player8/ 10 KB
4 KB 27ms
27ms Script
application/javascript 185.39.11.251
NETWORKDEDICATED

General

Check archive.org

Show headers Download Go to

Full URL: https://upstream.to/player8/polyfills.webvtt.js
Requested by: Host: upstream.to
URL: https://upstream.to/player8/jwplayer.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.39.11.251 , Switzerland, ASN62355 (NETWORKDEDICATED, CH),
Reverse DNS
Software: nginx /
Resource Hash: 16841c6cb99efce1a44e8ce1e0e5a0c14de17c1638e552722e5acf641eb3ec37

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
last-modified: Sun, 12 Jan 2020 21:36:19 GMT
server: nginx
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=2592000
expires: Wed, 25 Mar 2020 17:10:18 GMT

GET
H/1.1 206
Partial Content v.mp4
s38.upstream.to/o2up376ssqysmvk4xt7su2fpbw6caoicpbgrmnuxz6banrzy6hxzt33jjmcq/ 48 KB
0 185ms
103ms Media
video/mp4 62.210.222.188
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://s38.upstream.to/o2up376ssqysmvk4xt7su2fpbw6caoicpbgrmnuxz6banrzy6hxzt33jjmcq/v.mp4
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.210.222.188 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 62-210-222-188.rev.poneytelecom.eu
Software: nginx /
Resource Hash

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Sec-Fetch-Dest: video
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

Date: Mon, 24 Feb 2020 17:10:18 GMT
Last-Modified: Fri, 14 Feb 2020 17:57:56 GMT
Server: nginx
ETag: "5e46dfa4-9719f2a4"
Content-Type: video/mp4
Content-Range: bytes 0-2535060131/2535060132
Connection: keep-alive
Content-Length: 2535060132

GET
H2 200 / Show response
c.adsco.re/ 34 KB
11 KB 54ms
18ms Script
text/html 2606:4700::6811:a6ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.adsco.re/
Requested by: Host: mybestdc.com
URL: https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b66e0ae4a3a7b8e6a280d5b512ba4dcf43afb3ae8862fed33266a038cbe1f154

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: gzip
cf-cache-status: HIT
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
age: 755185
etag: "a73Qdnp6tbMta3RY0Wgotw=="
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: max-age=43200,public,immutable,no-transform
cf-ray: 56a30d605d21d6e9-FRA
link: <//adsco.re>;rel=preconnect,<//6.adsco.re>;rel=prefetch
expires: Sun, 16 Feb 2020 11:23:53 GMT

GET
H2 200 /
6.adsco.re/ 0
241 B 15ms
14ms Other
text/plain 2606:4700::6811:a6ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://6.adsco.re/
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: empty

Response headers

date: Mon, 24 Feb 2020 17:10:18 GMT
content-encoding: br
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: text/plain;charset=UTF-8
status: 200
access-control-max-age: 2592000
cache-control: max-age=600,public,immutable
cf-ray: 56a30d607d72d6e9-FRA
access-control-allow-headers: Content-Type

POST
H/1.1 401 t Show response
adsco.re/ 67 B
382 B 124ms
30ms XHR
application/json 162.252.214.5
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adsco.re/t
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: d30037802015657dc95ee75b39f5da5965682adb0016df0ec4aa045e54f5ce67

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:19 GMT
Access-Control-Max-Age: 2592000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://upstream.to
Cache-Control: no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

GET
H/1.1 206
Partial Content v.mp4
s38.upstream.to/o2up376ssqysmvk4xt7su2fpbw6caoicpbgrmnuxz6banrzy6hxzt33jjmcq/ 3 MB
3 MB 199ms
123ms Media
video/mp4 62.210.222.188
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://s38.upstream.to/o2up376ssqysmvk4xt7su2fpbw6caoicpbgrmnuxz6banrzy6hxzt33jjmcq/v.mp4
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.210.222.188 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 62-210-222-188.rev.poneytelecom.eu
Software: nginx /
Resource Hash: fa0e5746839cd1e9716b63503d4a9335732ea38fa1f8d75ca6e90979ce918de2

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Sec-Fetch-Dest: video
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=2532048896-

Response headers

Date: Mon, 24 Feb 2020 17:10:19 GMT
Last-Modified: Fri, 14 Feb 2020 17:57:56 GMT
Server: nginx
ETag: "5e46dfa4-9719f2a4"
Content-Type: video/mp4
Content-Range: bytes 2532048896-2535060131/2535060132
Connection: keep-alive
Content-Length: 3011236

GET
H2 200 / Show response
6.adsco.re/ 53 B
440 B 48ms
11ms XHR
text/plain 2606:4700::6811:a7ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://6.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a7ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12f310d36e9a9d454ad40ff78184fb0418ce74134dda23efe7f4244a5dd651d8

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 24 Feb 2020 17:10:19 GMT
content-encoding: br
server: cloudflare
access-control-allow-headers: Content-Type
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: text/plain;charset=UTF-8
access-control-allow-origin: https://upstream.to
access-control-max-age: 2592000
cache-control: max-age=600,public,immutable
cf-ray: 56a30d6198cbc290-FRA
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

GET
H/1.1 200
OK / Show response
t9970mlt9hd8.l.adsco.re/ 0
464 B 138ms
20ms XHR
text/html 185.200.118.90
M247

General

Check archive.org

Show headers Download Go to

Full URL: https://t9970mlt9hd8.l.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.200.118.90 London, United Kingdom, ASN9009 (M247, GB),
Reverse DNS: adscore.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:19 GMT
Last-Modified: Tue, 31 Jul 2018 22:16:15 GMT
ETag: "5b60dfaf-0"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: close
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

GET
H/1.1 200
OK / Show response
t9970mlt9hd8.n.adsco.re/ 0
464 B 385ms
95ms XHR
text/html 38.132.109.186
M247

General

Check archive.org

Show headers Download Go to

Full URL: https://t9970mlt9hd8.n.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.132.109.186 New York, United States, ASN9009 (M247, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:19 GMT
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
ETag: "5b5f2f9a-0"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: close
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

GET
H/1.1 200
OK / Show response
t9970mlt9hd8.s.adsco.re/ 0
464 B 951ms
184ms XHR
text/html 185.200.116.90
M247

General

Check archive.org

Show headers Download Go to

Full URL: https://t9970mlt9hd8.s.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.200.116.90 Singapore, Singapore, ASN9009 (M247, GB),
Reverse DNS: no-mans-land.m247.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:19 GMT
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
ETag: "5b5f30d9-0"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: close
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

GET
H2 200 /
c.adsco.re/ Frame 8017 0
0 15ms
14ms Document
text/html 2606:4700::6811:a6ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.adsco.re/
Requested by: Host: mybestdc.com
URL: https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: c.adsco.re
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://upstream.to/embed-ot63xegvwafh.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://upstream.to/embed-ot63xegvwafh.html

Response headers

status: 200
date: Mon, 24 Feb 2020 17:10:19 GMT
content-type: text/html
cache-control: max-age=43200,public,immutable,no-transform
link: <//adsco.re>;rel=preconnect,<//6.adsco.re>;rel=prefetch
expires: Sun, 16 Feb 2020 11:23:53 GMT
etag: "a73Qdnp6tbMta3RY0Wgotw=="
content-encoding: gzip
cf-cache-status: HIT
age: 755186
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
alt-svc: h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
server: cloudflare
cf-ray: 56a30d617869d6e9-FRA

GET
H2 200 popunder.gif
eralsstroying.info/ 35 B
212 B 108ms
107ms Image
image/gif 107.23.120.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eralsstroying.info/popunder.gif
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.120.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-120-245.compute-1.amazonaws.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: public
date: Mon, 24 Feb 2020 17:10:19 GMT
content-encoding: gzip
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: public, max-age=604800, immutable
content-length: 58

GET
H2 204 HTQdNk9mKDUVBAAUCTNSFDgZAmI0FQUNT2dcOAhTakJ+Vg5lSWoRXjNHfUdEIxs4FERqTn5HXjkcI1wCZE5qFwpmVH9VGWZKYlYRIwotBgpmXDwVQztHfVQPZU96VQVmQ35TAg
eralsstroying.info/YTdXekxOCDQJcTN/ 0
57 B 107ms
107ms Image
text/plain 107.23.120.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eralsstroying.info/YTdXekxOCDQJcTN/HTQdNk9mKDUVBAAUCTNSFDgZAmI0FQUNT2dcOAhTakJ+Vg5lSWoRXjNHfUdEIxs4FERqTn5HXjkcI1wCZE5qFwpmVH9VGWZKYlYRIwotBgpmXDwVQztHfVQPZU96VQVmQ35TAg
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.120.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-120-245.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
access-control-allow-origin: *
date: Mon, 24 Feb 2020 17:10:19 GMT

GET
H2 204 YmxHb1FNUyQcbAEWJFwAUDYELj0kXRIqCzctLiU0MAsNPBgkNgNJJQsIeldjVVV1XHcSBSNSYEQfMw4lFx96WWNEBSkJPl9KMVJgTF9zQWBSQnBJJRINIFJgRBwzGz1fXXJXY1dac11gW193XA
eralsstroying.info/ 0
57 B 107ms
107ms Image
text/plain 107.23.120.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eralsstroying.info/YmxHb1FNUyQcbAEWJFwAUDYELj0kXRIqCzctLiU0MAsNPBgkNgNJJQsIeldjVVV1XHcSBSNSYEQfMw4lFx96WWNEBSkJPl9KMVJgTF9zQWBSQnBJJRINIFJgRBwzGz1fXXJXY1dac11gW193XA
Requested by: Host: upstream.to
URL: https://upstream.to/embed-ot63xegvwafh.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.23.120.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-23-120-245.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
access-control-allow-origin: *
date: Mon, 24 Feb 2020 17:10:19 GMT

GET
H/1.1 206
Partial Content v.mp4
s38.upstream.to/o2up376ssqysmvk4xt7su2fpbw6caoicpbgrmnuxz6banrzy6hxzt33jjmcq/ 3 MB
0 91ms
90ms Media
video/mp4 62.210.222.188
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: https://s38.upstream.to/o2up376ssqysmvk4xt7su2fpbw6caoicpbgrmnuxz6banrzy6hxzt33jjmcq/v.mp4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.210.222.188 , France, ASN12876 (Online SAS, FR),
Reverse DNS: 62-210-222-188.rev.poneytelecom.eu
Software: nginx /
Resource Hash

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Sec-Fetch-Dest: video
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=32768-

Response headers

Date: Mon, 24 Feb 2020 17:10:19 GMT
Last-Modified: Fri, 14 Feb 2020 17:57:56 GMT
Server: nginx
ETag: "5e46dfa4-9719f2a4"
Content-Type: video/mp4
Content-Range: bytes 32768-2535060131/2535060132
Connection: keep-alive
Content-Length: 2535027364

POST
H/1.1 200
OK p Show response
adsco.re/ 259 B
763 B 44ms
44ms XHR
text/html 162.252.214.5
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://adsco.re/p
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: 4c7f699e8075046c709c66c471c435d85242f211b4417fbe21545795284e242e

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

AS-P-G: OK
Date: Mon, 24 Feb 2020 17:10:19 GMT
AS-P-7: OK
AS-P-9: OK
AS-P-C: OK
Transfer-Encoding: chunked
AS-P-5: OK
AS-P-F: OK
Connection: keep-alive
Content-Encoding: gzip
AS-P-2: OK
AS-P-D: OK
AS-P-6: OK
AS-P-B: OK
AS-P-4: OK
AS-P-A: OK
Access-Control-Max-Age: 2592000
AS-P-1: OK
Access-Control-Allow-Origin: https://upstream.to
Cache-Control: no-transform
Access-Control-Allow-Credentials: true
AS-P-8: OK
Content-Type: text/html; charset=UTF-8
AS-P-E: OK
AS-P-3: OK

GET
H/1.1 200
OK c Show response
serve.popads.net/ 0
202 B 190ms
124ms Script
text/html 216.21.13.16
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://serve.popads.net/c?_=BAoAXlQDewFeVAN7gAGBAcAAIDix2JenL2foaXN8tp6lFmve7qt4rWYqHN2kmndHzsIxwQAgqEP7ZVTw79LKz3gI2d_580rAeajbDnp1B6LclpZ1WQDCACCPxv0ZN-ybgC1VizBnpzUpWBrjC4H27LofWtbq4x-MWsQAECoBBPgBklQUAAAAAAAAAALFABCkT489QribCLq1KTNC7Q-vwwAgmxZTlYjDuAJQahHYwwR5GbcneX49Tr0WxIqChYfNqNI&v=4&siteId=3685374&minBid=&popundersPerIP=2&blockedCountries=&documentRef=&s=1600,1200,1,1600,1200
Requested by: Host: mybestdc.com
URL: https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 216.21.13.16 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 24 Feb 2020 17:10:20 GMT
PopAds-EC: ASB
Connection: Keep-Alive
Content-Length: 0
PopAds-CI: 93
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK p Show response
desigactinific.pro/ 26 B
628 B 152ms
112ms XHR
text/plain 104.18.3.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://desigactinific.pro/p?b=318164182050&c=92075410
Requested by: Host: d3hs51abvkuanv.cloudfront.net
URL: https://d3hs51abvkuanv.cloudfront.net/?bashd=827923
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dce7da03ca3eefd7bdd748173d3e5228181b99323017062ca4044cd80616b51

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:20 GMT
Content-Encoding: br
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
CF-RAY: 56a30d6bb8bfc79d-AMS

GET
H/1.1 200
OK p Show response
desigactinific.pro/ 26 B
633 B 111ms
111ms XHR
text/plain 104.18.3.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://desigactinific.pro/p?b=318164182050&c=51920118
Requested by: Host: d3hs51abvkuanv.cloudfront.net
URL: https://d3hs51abvkuanv.cloudfront.net/?bashd=827923
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dce7da03ca3eefd7bdd748173d3e5228181b99323017062ca4044cd80616b51

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:22 GMT
Content-Encoding: br
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
CF-RAY: 56a30d77fe74c79d-AMS

GET
H/1.1 200
OK p Show response
desigactinific.pro/ 26 B
628 B 173ms
173ms XHR
text/plain 104.18.3.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://desigactinific.pro/p?b=318164182050&c=30555642
Requested by: Host: d3hs51abvkuanv.cloudfront.net
URL: https://d3hs51abvkuanv.cloudfront.net/?bashd=827923
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dce7da03ca3eefd7bdd748173d3e5228181b99323017062ca4044cd80616b51

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:24 GMT
Content-Encoding: br
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
CF-RAY: 56a30d847f52c79d-AMS

GET
H/1.1 200
OK p Show response
desigactinific.pro/ 26 B
628 B 179ms
179ms XHR
text/plain 104.18.3.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://desigactinific.pro/p?b=318164182050&c=83202864
Requested by: Host: d3hs51abvkuanv.cloudfront.net
URL: https://d3hs51abvkuanv.cloudfront.net/?bashd=827923
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dce7da03ca3eefd7bdd748173d3e5228181b99323017062ca4044cd80616b51

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:26 GMT
Content-Encoding: br
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
CF-RAY: 56a30d90fd49c79d-AMS

GET
H/1.1 200
OK p Show response
desigactinific.pro/ 26 B
628 B 179ms
177ms XHR
text/plain 104.18.3.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://desigactinific.pro/p?b=318164182050&c=55833345
Requested by: Host: d3hs51abvkuanv.cloudfront.net
URL: https://d3hs51abvkuanv.cloudfront.net/?bashd=827923
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.3.207 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dce7da03ca3eefd7bdd748173d3e5228181b99323017062ca4044cd80616b51

Request headers

Referer: https://upstream.to/embed-ot63xegvwafh.html
Origin: https://upstream.to
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 24 Feb 2020 17:10:28 GMT
Content-Encoding: br
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Connection: keep-alive
CF-RAY: 56a30d9d7b37c79d-AMS

GET p
desigactinific.pro/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: desigactinific.pro
URL: https://desigactinific.pro/p?b=318164182050&c=61226657

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ufpcdn.com/	1969-12-31 23:59:59	Name: adcashufpv3 Value: 1263880858969419474763563823
.upstream.to/	1970-01-19 07:37:30	Name: _gid Value: GA1.2.1170260939.1582564217
.upstream.to/	1970-01-19 07:36:04	Name: _gat_gtag_UA_49432491_14 Value: 1
.upstream.to/	1970-01-20 01:07:16	Name: _ga Value: GA1.2.1785568832.1582564217
upstream.to/	1970-01-19 09:02:28	Name: adcashufpv3 Value: 1263880858969419474763563823
.upstream.to/	1970-01-19 08:19:16	Name: __cfduid Value: d4ece95278c01f4c34989e9a24530880e1582564217
upstream.to/	1969-12-31 23:59:59	Name: rhid_c Value: 0
upstream.to/	1970-01-19 07:36:40	Name: aff Value: 991
upstream.to/	1970-01-19 07:36:40	Name: file_id Value: 1079781
.upstream.to/	1969-12-31 23:59:59	Name: lang Value: 1

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://mybestdc.com/adServe/banners?tid=GY1UPSTREAM_POP&tagid=2&pop_dl=false&hybridPop=false(Line 1) Message: %c [object HTMLImageElement] pw7.2.15,51,43
console-api	log	URL: https://upstream.to/embed-ot63xegvwafh.html(Line 55) Message: %c undefined
console-api	warning	URL: https://upstream.to/player8/jwplayer.js(Line 4) Message: JW Player Warning 301129. For more information see https://developer.jwplayer.com/jw-player/docs/developer-guide/api/errors-reference#301129
console-api	log	URL: https://c.adsco.re/(Line 13) Message:
console-api	log	URL: https://c1.popads.net/pop.js(Line 44) Message: CI BAoAXlQDewFeVAN7gAGBAcAAIDix2JenL2foaXN8tp6lFmve7qt4rWYqHN2kmndHzsIxwQAgqEP7ZVTw79LKz3gI2d_580rAeajbDnp1B6LclpZ1WQDCACCPxv0ZN-ybgC1VizBnpzUpWBrjC4H27LofWtbq4x-MWsQAECoBBPgBklQUAAAAAAAAAALFABCkT489QribCLq1KTNC7Q-vwwAgmxZTlYjDuAJQahHYwwR5GbcneX49Tr0WxIqChYfNqNI

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	1
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6.adsco.re
adsco.re
c.adsco.re
c1.popads.net
clksite.com
d3hs51abvkuanv.cloudfront.net
desigactinific.pro
elastinabuker.site
eralsstroying.info
fbcdn2.com
images.upstream.to
meapk.com
mybestdc.com
onclicksuper.com
p349709.clksite.com
p349709.mycdn.co
pl15221366.passeura.com
s38.upstream.to
secure.adnxs.com
serve.popads.net
t9970mlt9hd8.l.adsco.re
t9970mlt9hd8.n.adsco.re
t9970mlt9hd8.s.adsco.re
ufpcdn.com
upstream.to
vagwyn.pw
www.google-analytics.com
www.googletagmanager.com
desigactinific.pro
104.18.3.207
107.23.120.245
162.252.214.5
165.231.0.28
173.192.101.24
185.200.116.90
185.200.118.90
185.33.223.200
185.39.11.251
188.42.34.34
195.181.175.51
198.134.112.241
216.21.13.16
2600:9000:2057:8e00:1d:6a4c:5ec0:21
2606:4700:3033::681b:8e06
2606:4700:3035::6812:3747
2606:4700::6811:a6ba
2606:4700::6811:a7ba
2606:4700::6811:c16b
2a00:1450:4001:800::2008
2a00:1450:4001:825::200e
35.190.8.27
38.132.109.186
52.4.200.187
62.210.222.188
94.31.29.128
0724263586901e21d1014eabb33ba336ed77cd7672ecad3842ca94779bea48c9
12f310d36e9a9d454ad40ff78184fb0418ce74134dda23efe7f4244a5dd651d8
16841c6cb99efce1a44e8ce1e0e5a0c14de17c1638e552722e5acf641eb3ec37
198f48cd1767027558a66aa24203eb04a48e699e343ef2efb93deeaa98caff70
2c1fa8d90a4037b759e005c9216c36bdbf4ff3c695b4d31ccce7cc00ff403532
424c22882d902d767bff802920ee13a2ad43a10a5d80933359e0908c38f9b75c
43ac3865ac01e3e268b117f477e1761ec9c1675b000ece5a99db12912a506c8b
4c7f699e8075046c709c66c471c435d85242f211b4417fbe21545795284e242e
4dce7da03ca3eefd7bdd748173d3e5228181b99323017062ca4044cd80616b51
4ee2321843d0ce41723b85fa88153fc89ce5e5597ba3310fd2cf4c29208ece23
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
54eab73bcd748dacb86c677aca7d451069c7517bc5553b7eaf4c152996181117
582dc3c50568b761094d84da5b58e54ab33061750ef04871288de8e57f3de79e
75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
845bca8a141a59ecf3976b12e24a94fceb4ba8a332643bab5f6322e275715e30
93a4512f74d4f46b230b4a335f956c14688561bd60a9c2e307ccb413c4fd6f4d
b50a29eef21cc5f4e515ade343267a735197f40bf9c715928c4d5f41d56f7a98
b66e0ae4a3a7b8e6a280d5b512ba4dcf43afb3ae8862fed33266a038cbe1f154
bf3fac7b738c326ca40a8006180c8d43447369dd76feedd790f49a1441eba256
cd185dfbf9ab9c108d634166de89aed49aa428db7b7a50d7eb8e23faf81196ca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d30037802015657dc95ee75b39f5da5965682adb0016df0ec4aa045e54f5ce67
d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a
da7957f6fe0ac3c1d8431423709855a79936308b2fc81e9430fa0245e2399965
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f2f42bf6bd7d7ef2e610c717db7037be84a34c4085bbc299e498fe3251cd1222
f3adadb235f7ecab4a68f4d0961640c155c0d2057d28fe24e19d36b04904ddc6
fa0e5746839cd1e9716b63503d4a9335732ea38fa1f8d75ca6e90979ce918de2
ff687e2177537cc8e021014af056c22a44036a19c9101350dedf64a6666d47ba

upstream.to Open in urlscan Pro 185.39.11.251 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

98 %HTTPS

31 %IPv6

19 Domains

28 Subdomains

26 IPs

9 Countries

3417 kBTransfer

6970 kBSize

10 Cookies

1 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

upstream.to Open in urlscan Pro
185.39.11.251 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

98 %
HTTPS

31 %
IPv6

19
Domains

28
Subdomains

26
IPs

9
Countries

3417 kB
Transfer

6970 kB
Size

10
Cookies

52 HTTP transactions
0 data transactions