urlscan.io logo urlscan.io
SecurityTrails logo

upstream.to Open in urlscan Pro
185.178.208.135  Public Scan

Go To Rescan Add Verdict Report
URL: http://upstream.to/embed-s23gywfk917w.html
Submission: On May 22 via manual from AU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 5 countries across 15 domains to perform 45 HTTP transactions. The main IP is 185.178.208.135, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is upstream.to. The Cisco Umbrella rank of the primary domain is 119424.
This is the only time upstream.to was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

14    185.178.208.135 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net
upstream.to
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    192.243.59.20 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
fadedpracticedduly.com
4    2600:9000:214f:e00:16:e911:10c0:21 (United States)

ASN16509 (AMAZON-02, US)
dyj8pbcnat4xv.cloudfront.net
2    54.36.107.40 (France)

ASN16276 (OVH, FR)
PTR: s14.upstream.to
s14.upstreamcdn.co
1    2606:4700:3030::ac43:d31d (United States)

ASN13335 (CLOUDFLARENET, US)
inklinkor.com
2    139.45.197.234 (United Kingdom)

ASN9002 (RETN-AS, GB)
bedrapiona.com
2    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2606:4700:3030::6815:2dcf (United States)

ASN13335 (CLOUDFLARENET, US)
freychang.fun
4    108.138.7.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-91.fra56.r.cloudfront.net
wfordsgoo.xyz
4    2a06:98c1:3121::a (United States)

ASN13335 (CLOUDFLARENET, US)
dinterperson.xyz
1    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a00:1450:4001:812::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
14 upstream.to
upstream.to — Cisco Umbrella Rank: 119424
298 KB
4 dinterperson.xyz
dinterperson.xyz
2 KB
4 wfordsgoo.xyz
wfordsgoo.xyz
6 KB
4 cloudfront.net
dyj8pbcnat4xv.cloudfront.net
83 KB
2 google.com
accounts.google.com — Cisco Umbrella Rank: 82
2 freychang.fun
freychang.fun — Cisco Umbrella Rank: 21790
101 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
2 bedrapiona.com
bedrapiona.com — Cisco Umbrella Rank: 33983
4 KB
2 upstreamcdn.co
s14.upstreamcdn.co
17 KB
2 fadedpracticedduly.com
fadedpracticedduly.com
1 gstatic.com
www.gstatic.com
3 KB
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 9438
540 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 102
1 inklinkor.com
inklinkor.com — Cisco Umbrella Rank: 98506
25 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
39 KB
45 15
Domain Requested by
14 upstream.to upstream.to
4 dinterperson.xyz upstream.to
4 wfordsgoo.xyz dyj8pbcnat4xv.cloudfront.net
4 dyj8pbcnat4xv.cloudfront.net upstream.to
wfordsgoo.xyz
2 accounts.google.com upstream.to
2 freychang.fun dyj8pbcnat4xv.cloudfront.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 bedrapiona.com inklinkor.com
2 s14.upstreamcdn.co upstream.to
2 fadedpracticedduly.com upstream.to
1 www.gstatic.com upstream.to
1 my.rtmark.net inklinkor.com
1 www.facebook.com upstream.to
1 inklinkor.com upstream.to
1 www.googletagmanager.com upstream.to
45 15

This site contains no links.

Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
upstream.to
R3		 2022-05-11 -
2022-08-09		 3 months crt.sh
*.upstreamcdn.co
Sectigo RSA Domain Validation Secure Server CA		 2022-02-13 -
2023-02-17		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-04-01 -
2023-03-31		 a year crt.sh
bedrapiona.com
R3		 2022-03-30 -
2022-06-28		 3 months crt.sh
wfordsgoo.xyz
Amazon		 2022-05-15 -
2023-06-13		 a year crt.sh
*.dinterperson.xyz
E1		 2022-04-28 -
2022-07-27		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-03-01 -
2022-05-30		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.rtmark.net
Sectigo RSA Domain Validation Secure Server CA		 2021-11-20 -
2022-11-26		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh

This page contains 4 frames:

Primary Page: http://upstream.to/embed-s23gywfk917w.html
Frame ID: B33C6BAD4F892F892E35748B01D2950B
Requests: 39 HTTP requests in this frame

Frame: http://wfordsgoo.xyz/amxnRDQLDgQpCwtRBWJBGABaYQYsSVUCUBMGXzRWCQIGMAASGkknWAUZAyJGBQITaloPGEJ2cgM1CRZsCCQqBnMQBywQdjMIKnVyJjkiCkEyByUBfAM9IwxmICYoEEM7IA0nbSUFBAZ7LgtVBXcOPy48bTI0VxZMKy4uCXFYHCwCUx00BigFPC0fBQU/OQMBdSkPIwNyUg8oM3EMLjYJEVgqIAVfOTkODXo+C18meDs5AQBcPBU/LmIyOwogfjs6LSd9KzkDBlwZCy91bjs+Iy9tPAAlAW4GFAMRWCwHKyhuOz4kBXIiOjUFVwZUHxYEMAIhAWI9ND9pfg89EAlxIBsmE3I4KVYGTAU7MhNhGz4LAnAPOl4CZlo2CRZ2DScmAFsrOgsFBwkAUgBwAlxfB2IwPTUAdSApJi9WDAcLBmECD0J2ciIEEBRxMiYCCmIkKT0vfi44IgZBPTktCWUHIi0VYiMkKSNbOSkldU0yBjEcZlguJBVyOD8uKHIpSg03WwQcWipkCSAkC2I+Dysrbhkp
Frame ID: 302917A372C85A985537979BEB0DC3CC
Requests: 2 HTTP requests in this frame

Frame: http://wfordsgoo.xyz/MVFQaEhQMzMFd1BsMk49Qz1tTXp3dGIuLEg7aBgqUj8xHHxJJ34LJF4kNA46Xj8kRiZUJXVaDlg0OyI4YysJMgRgMjgrGQUjFDAnYQIYPhJVNgoLA3M+Pz8JQXRiLgxyFzQnDGAVEi8dQxUTACBgNhEFHnkyAS4hfBkZKTxSGycLI3JhJAMLch8FOntrAR0ELHkdJzFxaSkJHQt2GBU4AFUZNBAGeDI7LT9pKQEFClsTFjB7cwsbPQJXMhYEenM9AhEceQNgMHtzCx0ucGQ1FlkhcwU4Bh8CNR88AGsQCQ8aehgoA3tmOWhZDHIHNC0yaxw0MAphMgZFfUETBRAmZmIzDQ1iPjQjJEE3Mys4WBMVBz1wEig8EAITCiEOfAsbORJEFGAAMXI4aS0OYmkdMS9gaTNZJAMWFRg7aQlkLBsDKTYLMH8YMwAnXAQSGz9wFhktGHk1MQsKWRs0LXBIEmAbblsiPwY4DDQ2AwpHOxM7GX8Q
Frame ID: 0A8CF0A7013882552A5ED4EB97043674
Requests: 2 HTTP requests in this frame

Frame: http://wfordsgoo.xyz/dDNmQ28VUQUuUBUOBGUaBl9bZl0yFlQFCw1ZXjMNF10HN1sMRUggAxtGAiUdG10SbQERR0NxKRBqVw09FXs3Aj8wCykQFxcFKBU5OWVUFQUhdjAFICd6LgQHOkYrJAA8dQEwWSNmPCILJ2Y1BilBWQI0PiJ3MhEcIFsjDSIzSzwWCD0AK3I5NWE1GhgiYQ0OJCBUIwQuPgE/Olo2ZzENXyNYNA8lMFQhBi4DWC8oXjNmHHMDIGY8FzYZdSERKi5UI3NeM2YfEls2WCwbCxl6FxY5MlktFVo1YAgZBSNxMxcmDgMoAhgtSykkKjVhCwY3LGYCFgkjHiwmOiJ1DCY+OVAgOVtNZzMaCBBeKBooNVxSDSpFdDM5PkRwHnsiEV00Ij01clEKGBdpJC01Hn8NFTstXV8aOBhXFxkpGFIwFAtEZA0SPjlZBQktE0NUGhZBcTMEPVEBIBRfPnUsLhcuFQwwABpDWyANB0Y+KF5GCg
Frame ID: 5775376B7843E73150F7211358E46E39
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

45
Requests

47 %
HTTPS

60 %
IPv6

15
Domains

15
Subdomains

16
IPs

5
Countries

598 kB
Transfer

1627 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • http://upstream.to/js/boxad.js HTTP 307
  • https://upstream.to/js/boxad.js
Request Chain 31
  • http://upstream.to/player8/jwplayer.core.controls.js HTTP 307
  • https://upstream.to/player8/jwplayer.core.controls.js
Request Chain 32
  • http://upstream.to/player8/provider.hlsjs.js HTTP 307
  • https://upstream.to/player8/provider.hlsjs.js
Request Chain 36
  • http://upstream.to/srt/empty.srt HTTP 307
  • https://upstream.to/srt/empty.srt
Request Chain 37
  • http://upstream.to/player8/polyfills.webvtt.js HTTP 307
  • https://upstream.to/player8/polyfills.webvtt.js
Request Chain 38
  • http://upstream.to/player8/provider.cast.js HTTP 307
  • https://upstream.to/player8/provider.cast.js
Request Chain 42
  • http://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474 HTTP 307
  • https://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request embed-s23gywfk917w.html
upstream.to/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
e46ce3a91dc6e3faf41d9fd97c08a6349d7f6c7a6193b4282e4c6927b58969ba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers
X-Requested-With
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 22 May 2022 21:45:10 GMT
Expires
Sat, 21 May 2022 21:45:10 GMT
Keep-Alive
timeout=60
Server
ddos-guard
Transfer-Encoding
chunked
Vary
Accept-Encoding
main.css
upstream.to/css/ 		48 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://upstream.to/css/main.css
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
3c802f6a57fd63fee08a3cfe9d2edc5ee1cc1404e007a51854c9f4e8f5027b4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/embed-s23gywfk917w.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
Age
0
Transfer-Encoding
chunked
Access-Control-Allow-Headers
X-Requested-With
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Fri, 12 Nov 2021 10:24:55 GMT
Server
ddos-guard
ETag
W/"618e40f7-c076"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/css
DDG-Cache-Status
MISS
Cache-Control
max-age=2592000
Keep-Alive
timeout=60
Expires
Tue, 21 Jun 2022 21:45:10 GMT
jquery.min.js
upstream.to/js/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://upstream.to/js/jquery.min.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/embed-s23gywfk917w.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
Age
0
Transfer-Encoding
chunked
Access-Control-Allow-Headers
X-Requested-With
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Fri, 12 Nov 2021 10:25:11 GMT
Server
ddos-guard
ETag
W/"618e4107-15d9d"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
application/javascript; charset=utf8
DDG-Cache-Status
MISS
Cache-Control
max-age=2592000
Keep-Alive
timeout=60
Expires
Tue, 21 Jun 2022 21:45:10 GMT
xupload.js
upstream.to/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://upstream.to/js/xupload.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/embed-s23gywfk917w.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
Age
0
Transfer-Encoding
chunked
Access-Control-Allow-Headers
X-Requested-With
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Fri, 12 Nov 2021 10:25:12 GMT
Server
ddos-guard
ETag
W/"618e4108-2a73"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
application/javascript; charset=utf8
DDG-Cache-Status
MISS
Cache-Control
max-age=2592000
Keep-Alive
timeout=60
Expires
Tue, 21 Jun 2022 21:45:10 GMT
sUpload.js
upstream.to/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://upstream.to/js/sUpload.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
2e9c06706597aa91fe358cfdea02caf63bdb84140e4503989bac07c7f2811565

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/embed-s23gywfk917w.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
Age
0
Transfer-Encoding
chunked
Access-Control-Allow-Headers
X-Requested-With
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Fri, 25 Sep 2020 09:52:00 GMT
Server
ddos-guard
ETag
W/"5f6dbdc0-35b8"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
application/javascript; charset=utf8
DDG-Cache-Status
MISS
Cache-Control
max-age=2592000
Keep-Alive
timeout=60
Expires
Tue, 21 Jun 2022 21:45:10 GMT
jquery.cookie.js
upstream.to/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://upstream.to/js/jquery.cookie.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/embed-s23gywfk917w.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
Age
0
Transfer-Encoding
chunked
Access-Control-Allow-Headers
X-Requested-With
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Fri, 12 Nov 2021 10:25:10 GMT
Server
ddos-guard
ETag
W/"618e4106-10eb"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
application/javascript; charset=utf8
DDG-Cache-Status
MISS
Cache-Control
max-age=2592000
Keep-Alive
timeout=60
Expires
Tue, 21 Jun 2022 21:45:10 GMT
js
www.googletagmanager.com/gtag/ 		99 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-49432491-14
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ed25271e0757ad6beced6bd7c1d643cbc8b7f2553e03b496649815658c5b9100
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39203
x-xss-protection
0
last-modified
Sun, 22 May 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 21:45:10 GMT
5639b0e88eb809d5d041d6d759e2dff5.js
fadedpracticedduly.com/56/39/b0/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://fadedpracticedduly.com/56/39/b0/5639b0e88eb809d5d041d6d759e2dff5.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Server
nginx/1.17.9
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA,x-Device-User-Agent
Content-Type
application/javascript
Content-Length
0
/
dyj8pbcnat4xv.cloudfront.net/ 		241 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://dyj8pbcnat4xv.cloudfront.net/?bpjyd=827923
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
2600:9000:214f:e00:16:e911:10c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
891c9923651b0cb855e9b940e5ce0282b32c19ce80b3596074111792eda72cc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 22 May 2022 21:45:02 GMT
Content-Encoding
gzip
Connection
keep-alive
Age
8
X-Cache
Hit from cloudfront
access-control-allow-origin
*
Cache-Control
no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
X-Amz-Cf-Pop
FRA53-C1
Content-Length
82034
Via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
X-Amz-Cf-Id
ht4ZFBDoG7a6YmcxVbF4C8LSCg_4e17mLR2Drwtc-_Q3auskxMin0g==
jwplayer.js
upstream.to/player8/ 		112 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://upstream.to/player8/jwplayer.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
7a62e26a91aedd37d146a72757693c8a7e3693f8fca4733f970efeb62c94d6ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Fri, 12 Nov 2021 12:17:31 GMT
server
ddos-guard
age
0
etag
W/"618e5b5b-1be9d"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript; charset=utf8
access-control-allow-origin
*
cache-control
max-age=2592000
date
Sun, 22 May 2022 21:45:10 GMT
ddg-cache-status
MISS
access-control-allow-headers
X-Requested-With
expires
Tue, 21 Jun 2022 21:45:10 GMT
dnsads.js
upstream.to/js/ 		36 B
421 B 		Script
General
Check archive.org
Download Go to
Full URL
https://upstream.to/js/dnsads.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
dc8aa13b90fe5e2a0ebf43aac306d67309b7fc9086c430d92709d45f92f83b81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
etag
W/"618e4106-24"
age
903277
ddg-cache-status
HIT
last-modified
Fri, 12 Nov 2021 10:25:10 GMT
server
ddos-guard
date
Thu, 12 May 2022 10:50:33 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript; charset=utf8
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
access-control-allow-headers
X-Requested-With
expires
Sat, 11 Jun 2022 10:50:33 GMT
s23gywfk917w.jpg
s14.upstreamcdn.co/i/01/00076/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s14.upstreamcdn.co/i/01/00076/s23gywfk917w.jpg
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.36.107.40 , France, ASN16276 (OVH, FR),
Reverse DNS
s14.upstream.to
Software
nginx /
Resource Hash
5aa985b929724b7af31c240c0c202a1eedec2219c0d2a4261bc9abcc6ec93077

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:11 GMT
Last-Modified
Wed, 01 Jan 2020 10:01:39 GMT
Server
nginx
ETag
"5e0c6e03-4169"
Content-Type
image/jpeg
Cache-Control
max-age=1209600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
16745
Expires
Sun, 05 Jun 2022 21:45:11 GMT
boxad.js
upstream.to/js/
Redirect Chain
  • http://upstream.to/js/boxad.js
  • https://upstream.to/js/boxad.js
35 B
247 B 		Script
General
Check archive.org
Download Go to
Full URL
https://upstream.to/js/boxad.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
d48b428c1788391a1aef29802daaa691077732dc7b821d0968831bc50b19278d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
etag
W/"618e4105-23"
age
906484
ddg-cache-status
HIT
last-modified
Fri, 12 Nov 2021 10:25:09 GMT
server
ddos-guard
date
Thu, 12 May 2022 09:57:07 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript; charset=utf8
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
access-control-allow-headers
X-Requested-With
expires
Sat, 11 Jun 2022 09:57:07 GMT

Redirect headers

Location
https://upstream.to/js/boxad.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
tag.min.js
inklinkor.com/ 		70 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://inklinkor.com/tag.min.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:d31d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0197bd8fb37c6d869159083bca425fe9ce87804111b22f38bf2a190b75cf671f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
*
age
32636
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-trace-id
afae4832cde84c3dc280915f8de45342
pragma
no-cache
last-modified
Thu, 19 May 2022 11:06:04 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FHpL2oWhBDLj%2F7zWmpIITXcqodAkd5M54x0RZcN0S47CASFyvXB3gL4mVPXkvqhmmHM2ctTR7bHY2QXFpHON90GBZ5ECosfqq%2FzS%2BQBPUeeyjrJK3zjtcV2kc%2FK1OJogHrj8T74r7dpLvt2O"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400
access-control-allow-credentials
true
cf-ray
70f8bcbf2e939b86-FRA
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Mon, 23 May 2022 12:41:07 GMT
/
bedrapiona.com/5/4236549/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bedrapiona.com/5/4236549/?oo=1&js_build=iclick-v1.388.3
Requested by
Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
34628e98dd0d5cf9e02f6049c53a6ca4dc28add3125c5813764dfa5265fea4bf

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-trace-id
eec910746c0963d9582d54e68d1f74c9
pragma
no-cache, no-cache
date
Sun, 22 May 2022 21:45:10 GMT
content-encoding
gzip
server
nginx
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
http://upstream.to
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-49432491-14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
624
date
Sun, 22 May 2022 21:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 22 May 2022 23:34:46 GMT
asd100.bin
freychang.fun/ 		100 KB
101 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://freychang.fun/asd100.bin
Requested by
Host: dyj8pbcnat4xv.cloudfront.net
URL: http://dyj8pbcnat4xv.cloudfront.net/?bpjyd=827923
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:2dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
access-control-allow-methods
GET
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1368
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sun, 22 May 2022 21:22:22 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L3st829O7iRNCYlFuDw%2FXjjexxwKrFCuFQutE8Jet4iW2HjJ51%2F96W6%2B1e0pjEM5Sbe8MuHtVNCERz3dxhD0zEDbUb%2BbFB9iSjNDu98qHnOvQJC0dtzQxZLM6Jx7n3Dg4pIbDvnfIBXnxbaT"}],"group":"cf-nel","max_age":604800}
content-type
binary/octet-stream
access-control-allow-origin
http://upstream.to
cache-control
max-age=14400
access-control-allow-credentials
true
cf-ray
70f8bcbffd099174-FRA
access-control-allow-headers
X-Requested-With, content-type
/
freychang.fun/ 		27 B
383 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://freychang.fun/
Requested by
Host: dyj8pbcnat4xv.cloudfront.net
URL: http://dyj8pbcnat4xv.cloudfront.net/?bpjyd=827923
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:2dcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
756f8a4beebf8c8d4cba449b5461a19104373c5f52d2134a2d59602971eb7038

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET
content-type
text/plain
access-control-allow-origin
http://upstream.to
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4K%2FWl2MlqMpCQs%2FPmmdqbuYciVlaMxGrzMTQxphTuhVERD9hinoYSMDqvoeAUVJ2mQp023vPSemL2jw%2FcQFijYKN8hVo4JSuhQ2pPrn3YLdcuNvM2eR%2BCNIwvjm8gJwd0Tn8UiqLxO62eW%2FQ"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
70f8bcbffd0b9174-FRA
access-control-allow-headers
X-Requested-With, content-type
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
utx
wfordsgoo.xyz/ 		0
486 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wfordsgoo.xyz/utx?cb=4JhXw5eSHZlb&top=upstream.to&tid=827923
Requested by
Host: dyj8pbcnat4xv.cloudfront.net
URL: http://dyj8pbcnat4xv.cloudfront.net/?bpjyd=827923
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-91.fra56.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 21:45:10 GMT
via
1.1 cfbb6e543d97587a32117dbabb25fc86.cloudfront.net (CloudFront)
server
openresty/1.17.8.2
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
p3p
CP="NID DSP ALL COR"
access-control-allow-origin
http://upstream.to
cache-control
no-store, no-cache, must-revalidate, no-transform
access-control-allow-credentials
true
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-amz-cf-id
gMZKhupVDtXlUu01e6cjLNw38gFjj99tWUUS3yE5i2h7zZXg1_4rBA==
LmIyOwogfjs6LSd9KzkDBlwZCy91bjs+Iy9tPAAlAW4GFAMRWCwHKyhuOz4kBXIiOjUFVwZUHxYEMAIhAWI9ND9pfg89EAlxIBsmE3I4KVYGTAU7MhNhGz4LAnAPOl4CZlo2CRZ2DScmAFsrOgsFBwkAUgBwAlxfB2IwPTUAdSApJi9WDAcLBmECD0J2ciIEEBRxM...
wfordsgoo.xyz/amxnRDQLDgQpCwtRBWJBGABaYQYsSVUCUBMGXzRWCQIGMAASGkknWAUZAyJGBQITaloPGEJ2cgM1CRZsCCQqBnMQBywQdjMIKnVyJjkiCkEyByUBfAM9IwxmICYoEEM7IA0nbSUFBAZ7LgtVBXcOPy48bTI0VxZMKy4uCXFYHCwCUx00BigFPC0... Frame 3029 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://wfordsgoo.xyz/amxnRDQLDgQpCwtRBWJBGABaYQYsSVUCUBMGXzRWCQIGMAASGkknWAUZAyJGBQITaloPGEJ2cgM1CRZsCCQqBnMQBywQdjMIKnVyJjkiCkEyByUBfAM9IwxmICYoEEM7IA0nbSUFBAZ7LgtVBXcOPy48bTI0VxZMKy4uCXFYHCwCUx00BigFPC0fBQU/OQMBdSkPIwNyUg8oM3EMLjYJEVgqIAVfOTkODXo+C18meDs5AQBcPBU/LmIyOwogfjs6LSd9KzkDBlwZCy91bjs+Iy9tPAAlAW4GFAMRWCwHKyhuOz4kBXIiOjUFVwZUHxYEMAIhAWI9ND9pfg89EAlxIBsmE3I4KVYGTAU7MhNhGz4LAnAPOl4CZlo2CRZ2DScmAFsrOgsFBwkAUgBwAlxfB2IwPTUAdSApJi9WDAcLBmECD0J2ciIEEBRxMiYCCmIkKT0vfi44IgZBPTktCWUHIi0VYiMkKSNbOSkldU0yBjEcZlguJBVyOD8uKHIpSg03WwQcWipkCSAkC2I+Dysrbhkp
Requested by
Host: dyj8pbcnat4xv.cloudfront.net
URL: http://dyj8pbcnat4xv.cloudfront.net/?bpjyd=827923
Protocol
HTTP/1.1
Server
108.138.7.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-91.fra56.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
26539792234f18519787d5046c2de0d21ef1e485ee22d45b2b54e7c9719c3f1c

Request headers

Referer
http://upstream.to/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-CH
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Connection
keep-alive
Content-Length
1238
Content-Type
text/html
Date
Sun, 22 May 2022 21:45:10 GMT
P3P
CP="NID DSP ALL COR"
Pragma
no-cache
Server
openresty/1.17.8.2
Via
1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
X-Amz-Cf-Id
OX7A4qTVcGvUg2n2pTNltniDnYglJwBXt6R7REmyd0kjuR-8xAf5Rw==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Miss from cloudfront
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
MVFQaEhQMzMFd1BsMk49Qz1tTXp3dGIuLEg7aBgqUj8xHHxJJ34LJF4kNA46Xj8kRiZUJXVaDlg0OyI4YysJMgRgMjgrGQUjFDAnYQIYPhJVNgoLA3M+Pz8JQXRiLgxyFzQnDGAVEi8dQxUTACBgNhEFHnkyAS4hfBkZKTxSGycLI3JhJAMLch8FOntrAR0ELHkdJ...
wfordsgoo.xyz/ Frame 0A8C 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://wfordsgoo.xyz/MVFQaEhQMzMFd1BsMk49Qz1tTXp3dGIuLEg7aBgqUj8xHHxJJ34LJF4kNA46Xj8kRiZUJXVaDlg0OyI4YysJMgRgMjgrGQUjFDAnYQIYPhJVNgoLA3M+Pz8JQXRiLgxyFzQnDGAVEi8dQxUTACBgNhEFHnkyAS4hfBkZKTxSGycLI3JhJAMLch8FOntrAR0ELHkdJzFxaSkJHQt2GBU4AFUZNBAGeDI7LT9pKQEFClsTFjB7cwsbPQJXMhYEenM9AhEceQNgMHtzCx0ucGQ1FlkhcwU4Bh8CNR88AGsQCQ8aehgoA3tmOWhZDHIHNC0yaxw0MAphMgZFfUETBRAmZmIzDQ1iPjQjJEE3Mys4WBMVBz1wEig8EAITCiEOfAsbORJEFGAAMXI4aS0OYmkdMS9gaTNZJAMWFRg7aQlkLBsDKTYLMH8YMwAnXAQSGz9wFhktGHk1MQsKWRs0LXBIEmAbblsiPwY4DDQ2AwpHOxM7GX8Q
Requested by
Host: dyj8pbcnat4xv.cloudfront.net
URL: http://dyj8pbcnat4xv.cloudfront.net/?bpjyd=827923
Protocol
HTTP/1.1
Server
108.138.7.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-91.fra56.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
318ad0a1ac6bbb66fa7b6ff2283bfe8ba5a6304c70817d725ab70f42ffe748d3

Request headers

Referer
http://upstream.to/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-CH
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Connection
keep-alive
Content-Length
1213
Content-Type
text/html
Date
Sun, 22 May 2022 21:45:10 GMT
P3P
CP="NID DSP ALL COR"
Pragma
no-cache
Server
openresty/1.17.8.2
Via
1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
X-Amz-Cf-Id
sJ3VlTBvp9dLstz9l64V6KDPi4srkbUr76nl_f7Vfu89XD_SjmG9YQ==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Miss from cloudfront
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
Olo2ZzENXyNYNA8lMFQhBi4DWC8oXjNmHHMDIGY8FzYZdSERKi5UI3NeM2YfEls2WCwbCxl6FxY5MlktFVo1YAgZBSNxMxcmDgMoAhgtSykkKjVhCwY3LGYCFgkjHiwmOiJ1DCY+OVAgOVtNZzMaCBBeKBooNVxSDSpFdDM5PkRwHnsiEV00Ij01clEKGBdpJC01H...
wfordsgoo.xyz/dDNmQ28VUQUuUBUOBGUaBl9bZl0yFlQFCw1ZXjMNF10HN1sMRUggAxtGAiUdG10SbQERR0NxKRBqVw09FXs3Aj8wCykQFxcFKBU5OWVUFQUhdjAFICd6LgQHOkYrJAA8dQEwWSNmPCILJ2Y1BilBWQI0PiJ3MhEcIFsjDSIzSzwWCD0AK3I5NWE... Frame 5775 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://wfordsgoo.xyz/dDNmQ28VUQUuUBUOBGUaBl9bZl0yFlQFCw1ZXjMNF10HN1sMRUggAxtGAiUdG10SbQERR0NxKRBqVw09FXs3Aj8wCykQFxcFKBU5OWVUFQUhdjAFICd6LgQHOkYrJAA8dQEwWSNmPCILJ2Y1BilBWQI0PiJ3MhEcIFsjDSIzSzwWCD0AK3I5NWE1GhgiYQ0OJCBUIwQuPgE/Olo2ZzENXyNYNA8lMFQhBi4DWC8oXjNmHHMDIGY8FzYZdSERKi5UI3NeM2YfEls2WCwbCxl6FxY5MlktFVo1YAgZBSNxMxcmDgMoAhgtSykkKjVhCwY3LGYCFgkjHiwmOiJ1DCY+OVAgOVtNZzMaCBBeKBooNVxSDSpFdDM5PkRwHnsiEV00Ij01clEKGBdpJC01Hn8NFTstXV8aOBhXFxkpGFIwFAtEZA0SPjlZBQktE0NUGhZBcTMEPVEBIBRfPnUsLhcuFQwwABpDWyANB0Y+KF5GCg
Requested by
Host: dyj8pbcnat4xv.cloudfront.net
URL: http://dyj8pbcnat4xv.cloudfront.net/?bpjyd=827923
Protocol
HTTP/1.1
Server
108.138.7.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-91.fra56.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash
4d2e9a3a191229a907e34346b23e7f04e1bffaeca2cd990283e2b63ce8ece28d

Request headers

Referer
http://upstream.to/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-CH
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Connection
keep-alive
Content-Length
1212
Content-Type
text/html
Date
Sun, 22 May 2022 21:45:10 GMT
P3P
CP="NID DSP ALL COR"
Pragma
no-cache
Server
openresty/1.17.8.2
Via
1.1 0ece2d48b2ca1badca11fa675b7785ea.cloudfront.net (CloudFront)
X-Amz-Cf-Id
2QSeJJGlBfGs6QjZk7YXluxBpnCz5ARVZ3gYSCBKJ4uZJk-r5JspGQ==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Miss from cloudfront
cache-control
no-store, no-cache, must-revalidate, no-transform
content-encoding
gzip
Rms4elRpVFsJaQguCQ0xEz57HwEIIls7Fn46UzwuAiNMMgcOWx4OPSJWAEhjf1kLXCQvDwVLcjUfWQ4hNVYJXD0oDVdHcjBWCVRnckUKTHp2TU1HZWAfSBsze1oeCiAyBwVLYnNYCk9hf1oISWZ+
dinterperson.xyz/ 		0
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dinterperson.xyz/Rms4elRpVFsJaQguCQ0xEz57HwEIIls7Fn46UzwuAiNMMgcOWx4OPSJWAEhjf1kLXCQvDwVLcjUfWQ4hNVYJXD0oDVdHcjBWCVRnckUKTHp2TU1HZWAfSBsze1oeCiAyBwVLYnNYCk9hf1oISWZ+
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BpVQYZCCGWZ5JiGSU2iSzKZUIF1VVxOIUz3AXsdOfQw64781v40HQt33RlMFr%2FZcips%2FSPYiXbRAPwbt13g9cHOjpUDBsXJqkrIxXMNlriXw6RkRtGZSEFsZ33d7JXwGcnM1KjK1MVDsIFS4IoEs"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
70f8bcc03e809034-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
login.php
www.facebook.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers
ServiceLogin
accounts.google.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers
ServiceLogin
accounts.google.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers
UUY3bjl+eVQdBDItYhlqFAxyCngTcVQrc2EHf1tOAw4HJF9iNREaUDV7DlwOYXcHSEk4IgpfAXc1Qw9NJDUKXx84KFEBBHcwCl8XYWgGQAl3MwpfHyU2VgkEYGBHGk09ewZYDGJ0AlsAYHYEWwg
dinterperson.xyz/ 		0
495 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dinterperson.xyz/UUY3bjl+eVQdBDItYhlqFAxyCngTcVQrc2EHf1tOAw4HJF9iNREaUDV7DlwOYXcHSEk4IgpfAXc1Qw9NJDUKXx84KFEBBHcwCl8XYWgGQAl3MwpfHyU2VgkEYGBHGk09ewZYDGJ0AlsAYHYEWwg
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FjSyXc3xGZMkF9adInos4V05BKI%2BrB9aBQTCzeW00P0jESAH%2BRXle4joTvhZOXnHwEfiCD0q90IsUAnkBX%2Bnz1FXV30LKPiGKrKXaft8tZiUuyP1kke2y7zEe1PBqubylksDgf7A2BDQ3fgz%2B7q"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
70f8bcc03e829034-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
c1lpbTBcZgoeDRIOPxx+HiE7OGZHGjE7dhcMDlhSKw8rNHJCPk8ZWRdkUVkGQWFYS0AaPVRcCFUqHQxEBipUXBYaNw8CDVUvVFweQ3dYQwBVLFRcFgcpCAoNQn8ZGUQfZFhbBUBrXFgJQmlaWAk
dinterperson.xyz/ 		0
255 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dinterperson.xyz/c1lpbTBcZgoeDRIOPxx+HiE7OGZHGjE7dhcMDlhSKw8rNHJCPk8ZWRdkUVkGQWFYS0AaPVRcCFUqHQxEBipUXBYaNw8CDVUvVFweQ3dYQwBVLFRcFgcpCAoNQn8ZGUQfZFhbBUBrXFgJQmlaWAk
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Vw89z6b8BpBnTI9g9BoARs6Kg273EIdtidlFAKIEaWz4GJECrs91XQjrJtXIy%2Bczg9nxNjkfRJmRd4FsmUMGOmbOiJ41ixXLuTCW2JHMMeD3dS6R7jPFgQwF5ZdyxAfIhdV9hZw8eLvjn9MT61S"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
70f8bcc03e859034-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
5639b0e88eb809d5d041d6d759e2dff5.js
fadedpracticedduly.com/56/39/b0/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://fadedpracticedduly.com/56/39/b0/5639b0e88eb809d5d041d6d759e2dff5.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Server
nginx/1.17.9
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA,x-Device-User-Agent
Content-Type
application/javascript
Content-Length
0
/
bedrapiona.com/5/4236549/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bedrapiona.com/5/4236549/?oo=1&js_build=iclick-v1.388.3
Requested by
Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
be7a604994e4ffd1e12072a45fe0e93b78e71dc13bd08b76ccee0cfcacc57d7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-trace-id
2674e38c6dcce81f3e0a2ff9ea9b780c
pragma
no-cache, no-cache
date
Sun, 22 May 2022 21:45:10 GMT
content-encoding
gzip
server
nginx
link
<https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
http://upstream.to
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding
expires
Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
gid.js
my.rtmark.net/ 		65 B
540 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?userId=45a7139b4e3f46d7b0ec69178cb1ce8b
Requested by
Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
71802740d812011fd76d154ad668349c4aa7cfc3c21d8c2902f0102ccd311a65
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
x-content-type-options
nosniff
server
nginx
strict-transport-security
max-age=1
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
http://upstream.to
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
collect
www.google-analytics.com/j/ 		1 B
202 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1335621398&t=pageview&_s=1&dl=http%3A%2F%2Fupstream.to%2Fembed-s23gywfk917w.html&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=187044242&gjid=644266949&cid=1126599780.1653255910&tid=UA-49432491-14&_gid=128843102.1653255910&_r=1&gtm=2ou5b0&z=263175407
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://upstream.to/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 22 May 2022 21:45:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://upstream.to
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
jwplayer.core.controls.js
upstream.to/player8/
Redirect Chain
  • http://upstream.to/player8/jwplayer.core.controls.js
  • https://upstream.to/player8/jwplayer.core.controls.js
305 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://upstream.to/player8/jwplayer.core.controls.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
b372ba82431aa0eff7d94071558ba1bf9386a7193632cf501e98812904e5f598
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Fri, 12 Nov 2021 12:17:30 GMT
server
ddos-guard
age
0
etag
W/"618e5b5a-4c5a1"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript; charset=utf8
access-control-allow-origin
*
cache-control
max-age=2592000
date
Sun, 22 May 2022 21:45:10 GMT
ddg-cache-status
MISS
access-control-allow-headers
X-Requested-With
expires
Tue, 21 Jun 2022 21:45:10 GMT

Redirect headers

Location
https://upstream.to/player8/jwplayer.core.controls.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
provider.hlsjs.js
upstream.to/player8/
Redirect Chain
  • http://upstream.to/player8/provider.hlsjs.js
  • https://upstream.to/player8/provider.hlsjs.js
409 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://upstream.to/player8/provider.hlsjs.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
c72255901dfcec5f556681d91d28b283aebadd786d5502a5fcdcdc660ea906ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Fri, 12 Nov 2021 12:17:34 GMT
server
ddos-guard
age
0
etag
W/"618e5b5e-66596"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript; charset=utf8
access-control-allow-origin
*
cache-control
max-age=2592000
date
Sun, 22 May 2022 21:45:10 GMT
ddg-cache-status
MISS
access-control-allow-headers
X-Requested-With
expires
Tue, 21 Jun 2022 21:45:10 GMT

Redirect headers

Location
https://upstream.to/player8/provider.hlsjs.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
HhwPEXJeNVNEZkJDTEBuWUJMQmNJQVIHNgoSEB1yXjVXR2BCQFRSIlFC
dyj8pbcnat4xv.cloudfront.net/iYnRXbHMBGzkKTBYdM1FLUENuXkBEHiQDHRJJOTwQLjcYOicBODg2ACdSIxYXX0RxABIME2pKFgwXal1VAxA1UUdEACcDGF8cOwEfBQM/GAkSUiINTg8bLQUfDhVyXjVXWmdJQVJcIAUdBhsgH1ZQRDkYVlBEZlxdUlFkLlZ... Frame 3029 		686 B
876 B 		Script
General
Check archive.org
Download Go to
Full URL
http://dyj8pbcnat4xv.cloudfront.net/iYnRXbHMBGzkKTBYdM1FLUENuXkBEHiQDHRJJOTwQLjcYOicBODg2ACdSIxYXX0RxABIME2pKFgwXal1VAxA1UUdEACcDGF8cOwEfBQM/GAkSUiINTg8bLQUfDhVyXjVXWmdJQVJcIAUdBhsgH1ZQRDkYVlBEZlxdUlFkLlZQRCAFHVRAcl8xR0ZnFEVWXX-JeQwMEJwAWFRE1BxoWUWUqRlFDeV9FR0ZnRBgKADoAVlA3cl5DDh08CVZQRDAJEAkbfklBUhc/HhwPEXJeNVNEZkJDTEBuWUJMQmNJQVIHNgoSEB1yXjVXR2BCQFRSIlFC
Requested by
Host: wfordsgoo.xyz
URL: http://wfordsgoo.xyz/amxnRDQLDgQpCwtRBWJBGABaYQYsSVUCUBMGXzRWCQIGMAASGkknWAUZAyJGBQITaloPGEJ2cgM1CRZsCCQqBnMQBywQdjMIKnVyJjkiCkEyByUBfAM9IwxmICYoEEM7IA0nbSUFBAZ7LgtVBXcOPy48bTI0VxZMKy4uCXFYHCwCUx00BigFPC0fBQU/OQMBdSkPIwNyUg8oM3EMLjYJEVgqIAVfOTkODXo+C18meDs5AQBcPBU/LmIyOwogfjs6LSd9KzkDBlwZCy91bjs+Iy9tPAAlAW4GFAMRWCwHKyhuOz4kBXIiOjUFVwZUHxYEMAIhAWI9ND9pfg89EAlxIBsmE3I4KVYGTAU7MhNhGz4LAnAPOl4CZlo2CRZ2DScmAFsrOgsFBwkAUgBwAlxfB2IwPTUAdSApJi9WDAcLBmECD0J2ciIEEBRxMiYCCmIkKT0vfi44IgZBPTktCWUHIi0VYiMkKSNbOSkldU0yBjEcZlguJBVyOD8uKHIpSg03WwQcWipkCSAkC2I+Dysrbhkp
Protocol
HTTP/1.1
Server
2600:9000:214f:e00:16:e911:10c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9a7f622ac7716850d62c5df050971bb747f8a22e4d43bf182c3b45ada17fcdc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wfordsgoo.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Miss from cloudfront
access-control-allow-origin
*
Cache-Control
max-age=31556926
Connection
keep-alive
Content-Length
489
Via
1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
X-Amz-Cf-Id
AIjqokieyKcoAH00QljlE9wLic5do0h6EaOoYKvBtfeq7KIE5wftzg==
DCFdODQDBGUrDChhQgAmVHcQFiMHIAtcJwckC0tkCCNUR3ZPMldHLwY9XxYuCGIEPHdHdxNIckEwXxQmBjBFX3BZKUJfcFl2BlRyTHR0X3BZMF8UdF1iBThnW3dOTHZAYgRKIxk3Wh81DCVdEzZMdXBPcV-5pBUxnW3ceESodKlpfcCpiBEouACxTX3BZIFMZKQZu...
dyj8pbcnat4xv.cloudfront.net/iekJpRzYZLQchCQ4rDXoPSHVZdgZcKBooWAp/ Frame 0A8C 		175 B
569 B 		Script
General
Check archive.org
Download Go to
Full URL
http://dyj8pbcnat4xv.cloudfront.net/iekJpRzYZLQchCQ4rDXoPSHVZdgZcKBooWAp/DCFdODQDBGUrDChhQgAmVHcQFiMHIAtcJwckC0tkCCNUR3ZPMldHLwY9XxYuCGIEPHdHdxNIckEwXxQmBjBFX3BZKUJfcFl2BlRyTHR0X3BZMF8UdF1iBThnW3dOTHZAYgRKIxk3Wh81DCVdEzZMdXBPcV-5pBUxnW3ceESodKlpfcCpiBEouACxTX3BZIFMZKQZuE0hyCi9EFS8MYgQ8c1l2GEpsXX4DS2xfcxNIchomUBswAGIEPHdacBhJdE8yC0s
Requested by
Host: wfordsgoo.xyz
URL: http://wfordsgoo.xyz/MVFQaEhQMzMFd1BsMk49Qz1tTXp3dGIuLEg7aBgqUj8xHHxJJ34LJF4kNA46Xj8kRiZUJXVaDlg0OyI4YysJMgRgMjgrGQUjFDAnYQIYPhJVNgoLA3M+Pz8JQXRiLgxyFzQnDGAVEi8dQxUTACBgNhEFHnkyAS4hfBkZKTxSGycLI3JhJAMLch8FOntrAR0ELHkdJzFxaSkJHQt2GBU4AFUZNBAGeDI7LT9pKQEFClsTFjB7cwsbPQJXMhYEenM9AhEceQNgMHtzCx0ucGQ1FlkhcwU4Bh8CNR88AGsQCQ8aehgoA3tmOWhZDHIHNC0yaxw0MAphMgZFfUETBRAmZmIzDQ1iPjQjJEE3Mys4WBMVBz1wEig8EAITCiEOfAsbORJEFGAAMXI4aS0OYmkdMS9gaTNZJAMWFRg7aQlkLBsDKTYLMH8YMwAnXAQSGz9wFhktGHk1MQsKWRs0LXBIEmAbblsiPwY4DDQ2AwpHOxM7GX8Q
Protocol
HTTP/1.1
Server
2600:9000:214f:e00:16:e911:10c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6d52c731d3821eaee65b1e541b0573a60ff38b938474c07fcbbca611e2968adc

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wfordsgoo.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Miss from cloudfront
access-control-allow-origin
*
Cache-Control
max-age=31556926
Connection
keep-alive
Content-Length
182
Via
1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
X-Amz-Cf-Id
NVzMyPGWVktdeEgPMxBfJYtyImKvV3qtomS00enSbNdcVrGBc_L8zg==
W0JFJmxZ
dyj8pbcnat4xv.cloudfront.net/dY1NRaHQAPD8OSxc6NVVMV2VjUEVFOSIHGhNuMgoHFgs6WUZadSUSEF5jdwQVDTRsThENMGxZUgI3M1VARSYwVRkMKTgEGAJ2Yy5BTWN0WkRLJDgGEAwkIk1GUz0lTUZTYmFGREZgE01GUyQ4BkJXdmIqUVFjKV5ASnZjWBU... Frame 5775 		177 B
567 B 		Script
General
Check archive.org
Download Go to
Full URL
http://dyj8pbcnat4xv.cloudfront.net/dY1NRaHQAPD8OSxc6NVVMV2VjUEVFOSIHGhNuMgoHFgs6WUZadSUSEF5jdwQVDTRsThENMGxZUgI3M1VARSYwVRkMKTgEGAJ2Yy5BTWN0WkRLJDgGEAwkIk1GUz0lTUZTYmFGREZgE01GUyQ4BkJXdmIqUVFjKV5ASnZjWBUTIz0NAwYxOgEARmEXXUdUfW-JeUVFjeQMcFz49TUYgdmNYGAo4NE1GUzQ0Cx8MenRaRAA7IwcZBnZjLkVTYn9YWldqZFlaVWd0WkQQMjcJBgp2Yy5BUGR/W0JFJmxZ
Requested by
Host: wfordsgoo.xyz
URL: http://wfordsgoo.xyz/dDNmQ28VUQUuUBUOBGUaBl9bZl0yFlQFCw1ZXjMNF10HN1sMRUggAxtGAiUdG10SbQERR0NxKRBqVw09FXs3Aj8wCykQFxcFKBU5OWVUFQUhdjAFICd6LgQHOkYrJAA8dQEwWSNmPCILJ2Y1BilBWQI0PiJ3MhEcIFsjDSIzSzwWCD0AK3I5NWE1GhgiYQ0OJCBUIwQuPgE/Olo2ZzENXyNYNA8lMFQhBi4DWC8oXjNmHHMDIGY8FzYZdSERKi5UI3NeM2YfEls2WCwbCxl6FxY5MlktFVo1YAgZBSNxMxcmDgMoAhgtSykkKjVhCwY3LGYCFgkjHiwmOiJ1DCY+OVAgOVtNZzMaCBBeKBooNVxSDSpFdDM5PkRwHnsiEV00Ij01clEKGBdpJC01Hn8NFTstXV8aOBhXFxkpGFIwFAtEZA0SPjlZBQktE0NUGhZBcTMEPVEBIBRfPnUsLhcuFQwwABpDWyANB0Y+KF5GCg
Protocol
HTTP/1.1
Server
2600:9000:214f:e00:16:e911:10c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c5bc9d18608ad18f890d26ced64f3de79a521a1ed2b9476ce2e50f3280d2ce68

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wfordsgoo.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
Content-Encoding
gzip
X-Amz-Cf-Pop
FRA53-C1
X-Cache
Miss from cloudfront
access-control-allow-origin
*
Cache-Control
max-age=31556926
Connection
keep-alive
Content-Length
180
Via
1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
X-Amz-Cf-Id
Nx996RLgMHGKMb_sO-4btKzabq-cYbw-4ejTJz962ihofu1kvQdgtw==
empty.srt
upstream.to/srt/
Redirect Chain
  • http://upstream.to/srt/empty.srt
  • https://upstream.to/srt/empty.srt
42 B
376 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://upstream.to/srt/empty.srt
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
f3adadb235f7ecab4a68f4d0961640c155c0d2057d28fe24e19d36b04904ddc6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
last-modified
Fri, 12 Nov 2021 10:26:07 GMT
server
ddos-guard
etag
"618e413f-2a"
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=2592000
date
Sun, 22 May 2022 21:45:10 GMT
accept-ranges
bytes
access-control-allow-headers
X-Requested-With
content-length
42
expires
Tue, 21 Jun 2022 21:45:10 GMT

Redirect headers

Location
https://upstream.to/srt/empty.srt
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
polyfills.webvtt.js
upstream.to/player8/
Redirect Chain
  • http://upstream.to/player8/polyfills.webvtt.js
  • https://upstream.to/player8/polyfills.webvtt.js
10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://upstream.to/player8/polyfills.webvtt.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
e734f7c8b8acfa4429aab7a59ff251cd4652ee1ae4c48404038e7dbf96a04749
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Fri, 12 Nov 2021 12:17:33 GMT
server
ddos-guard
age
0
etag
W/"618e5b5d-298e"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript; charset=utf8
access-control-allow-origin
*
cache-control
max-age=2592000
date
Sun, 22 May 2022 21:45:10 GMT
ddg-cache-status
MISS
access-control-allow-headers
X-Requested-With
expires
Tue, 21 Jun 2022 21:45:10 GMT

Redirect headers

Location
https://upstream.to/player8/polyfills.webvtt.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
provider.cast.js
upstream.to/player8/
Redirect Chain
  • http://upstream.to/player8/provider.cast.js
  • https://upstream.to/player8/provider.cast.js
25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://upstream.to/player8/provider.cast.js
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
H2
Server
185.178.208.135 , Russian Federation, ASN57724 (DDOS-GUARD, RU),
Reverse DNS
ddos-guard.net
Software
ddos-guard /
Resource Hash
097e5e2a9f98ee8d97a823e6c91422c9df1b524bb3615323cb8da87080d16e83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Fri, 12 Nov 2021 12:17:33 GMT
server
ddos-guard
age
0
etag
W/"618e5b5d-6401"
vary
Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS
content-type
application/javascript; charset=utf8
access-control-allow-origin
*
cache-control
max-age=2592000
date
Sun, 22 May 2022 21:45:10 GMT
ddg-cache-status
MISS
access-control-allow-headers
X-Requested-With
expires
Tue, 21 Jun 2022 21:45:10 GMT

Redirect headers

Location
https://upstream.to/player8/provider.cast.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
master.m3u8
s14.upstreamcdn.co/hls/w47ryrxob5bnx2nroz3kmqxzbsbsnih6vkfgdz35ewgdguhhyt6rjuh5t4cq/ 		437 B
784 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s14.upstreamcdn.co/hls/w47ryrxob5bnx2nroz3kmqxzbsbsnih6vkfgdz35ewgdguhhyt6rjuh5t4cq/master.m3u8
Requested by
Host: upstream.to
URL: http://upstream.to/player8/provider.hlsjs.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.36.107.40 , France, ASN16276 (OVH, FR),
Reverse DNS
s14.upstream.to
Software
nginx /
Resource Hash
ee01ef3491990c7c62c7dbcba710c759b7ad0d14f5994ee495a9a3ed3816df6d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:14 GMT
Last-Modified
Sun, 22 Sep 2020 00:00:00 GMT
Server
nginx
ETag
"-1-1b5"
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
437
Expires
Mon, 23 May 2022 21:45:14 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1
Requested by
Host: upstream.to
URL: https://upstream.to/player8/jwplayer.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 21:45:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 22 May 2022 21:45:10 GMT
popunder.gif
dinterperson.xyz/ 		35 B
869 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://dinterperson.xyz/popunder.gif
Requested by
Host: upstream.to
URL: http://upstream.to/embed-s23gywfk917w.html
Protocol
HTTP/1.1
Server
2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://upstream.to/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 21:45:10 GMT
content-encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
99445
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
58
Pragma
public
Last-Modified
Sat, 21 May 2022 18:07:45 GMT
Server
cloudflare
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qNmXZiCc5J5V9f4t092O8FG2fuq6kqHpcW4jsyWnDemyvDIZOXNMKtMKaN0o7ctTDhwt0xg6cvzYWHLoBem635Mi3UVXiV%2Fsv3w7fsGfo6fdw8JjUsJUmIV2QXAhi9Z3wyexuIYyihsQ5xuYE8pu"}],"group":"cf-nel","max_age":604800}
Content-Type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800, immutable
Accept-Ranges
bytes
CF-RAY
70f8bcc29cf69bda-FRA
ads.js
upstream.to/advertisement/
Redirect Chain
  • http://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474
  • https://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474
0
0
index-v1-a1.m3u8
s14.upstreamcdn.co/hls/w47ryrxob5bnx2nroz3kmqxzbsbsnih6vkfgdz35ewgdguhhyt6rjuh5t4cq/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
upstream.to
URL
https://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474
Domain
s14.upstreamcdn.co
URL
https://s14.upstreamcdn.co/hls/w47ryrxob5bnx2nroz3kmqxzbsbsnih6vkfgdz35ewgdguhhyt6rjuh5t4cq/index-v1-a1.m3u8

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| $ function| jQuery number| show_fname_chars undefined| form_action undefined| UID undefined| interval undefined| enccx undefined| fsize undefined| fmd5 function| $$ function| fileSelected function| openStatusWindow function| StartUpload function| checkExt function| fixLength function| getFormAction function| setFormAction function| InitUploadSelector function| findPos function| changeUploadType function| jah function| scaleImg function| OpenWin function| player_start function| copy function| download_video function| convertSeconds function| convertSize function| SP function| progressUpdate function| encStatus object| fuckAdBlock function| FuckAdBlock function| gtag object| dataLayer object| zfgstorage object| l1ojyf7209 object| zfgformats function| onClickTrigger boolean| zfgloadedpopup object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga number| LAST_CORRECT_EVENT_TIME number| _3530078558 object| gaplugins object| gaGlobal object| gaData object| webpackJsonpjwplayer function| jwplayer boolean| xRds boolean| cRAds undefined| vvplay undefined| vvad number| vastdone1 number| vastdone2 object| player number| prevt number| tott number| v2done function| doPlay function| set_audio_track function| showADBOverlay function| checkADB number| iinf function| WebVTT

10 Cookies

Domain/Path Name / Value
.upstream.to/ Name: __ddg1_
Value: 5V9ThWtce5Hg6P9pTqVO
upstream.to/ Name: file_id
Value: 380277
upstream.to/ Name: aff
Value: 804
bedrapiona.com/ Name: oaidts
Value: 1653255910
bedrapiona.com/ Name: OAID
Value: 479510f71b82429e9d0e96a2fd9c5042
.upstream.to/ Name: _ga
Value: GA1.2.1126599780.1653255910
.upstream.to/ Name: _gid
Value: GA1.2.128843102.1653255910
.upstream.to/ Name: _gat_gtag_UA_49432491_14
Value: 1
my.rtmark.net/ Name: ID
Value: 45a7139b4e3f46d7b0ec69178cb1ce8b
freychang.fun/ Name: csu
Value: 1020486948631284@1@1653255910

4 Console Messages

Source Level URL
Text
network error URL: http://fadedpracticedduly.com/56/39/b0/5639b0e88eb809d5d041d6d759e2dff5.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: http://fadedpracticedduly.com/56/39/b0/5639b0e88eb809d5d041d6d759e2dff5.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript error URL: http://upstream.to/embed-s23gywfk917w.html
Message:
Access to XMLHttpRequest at 'https://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474' (redirected from 'http://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474') from origin 'http://upstream.to' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://upstream.to/advertisement/ads.js?adzone=popunder&popzone=28178474
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
bedrapiona.com
dinterperson.xyz
dyj8pbcnat4xv.cloudfront.net
fadedpracticedduly.com
freychang.fun
inklinkor.com
my.rtmark.net
s14.upstreamcdn.co
upstream.to
wfordsgoo.xyz
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
s14.upstreamcdn.co
upstream.to
108.138.7.91
139.45.195.8
139.45.197.234
185.178.208.135
192.243.59.20
2600:9000:214f:e00:16:e911:10c0:21
2606:4700:3030::6815:2dcf
2606:4700:3030::ac43:d31d
2a00:1450:4001:800::2008
2a00:1450:4001:812::200d
2a00:1450:4001:812::200e
2a00:1450:4001:82a::2003
2a03:2880:f12d:83:face:b00c:0:25de
2a06:98c1:3121::a
54.36.107.40
0197bd8fb37c6d869159083bca425fe9ce87804111b22f38bf2a190b75cf671f
097e5e2a9f98ee8d97a823e6c91422c9df1b524bb3615323cb8da87080d16e83
26539792234f18519787d5046c2de0d21ef1e485ee22d45b2b54e7c9719c3f1c
2e9c06706597aa91fe358cfdea02caf63bdb84140e4503989bac07c7f2811565
318ad0a1ac6bbb66fa7b6ff2283bfe8ba5a6304c70817d725ab70f42ffe748d3
34628e98dd0d5cf9e02f6049c53a6ca4dc28add3125c5813764dfa5265fea4bf
3c802f6a57fd63fee08a3cfe9d2edc5ee1cc1404e007a51854c9f4e8f5027b4d
4d2e9a3a191229a907e34346b23e7f04e1bffaeca2cd990283e2b63ce8ece28d
5aa985b929724b7af31c240c0c202a1eedec2219c0d2a4261bc9abcc6ec93077
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d52c731d3821eaee65b1e541b0573a60ff38b938474c07fcbbca611e2968adc
71802740d812011fd76d154ad668349c4aa7cfc3c21d8c2902f0102ccd311a65
756f8a4beebf8c8d4cba449b5461a19104373c5f52d2134a2d59602971eb7038
75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc
7a62e26a91aedd37d146a72757693c8a7e3693f8fca4733f970efeb62c94d6ca
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
891c9923651b0cb855e9b940e5ce0282b32c19ce80b3596074111792eda72cc1
9a7f622ac7716850d62c5df050971bb747f8a22e4d43bf182c3b45ada17fcdc1
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
b372ba82431aa0eff7d94071558ba1bf9386a7193632cf501e98812904e5f598
be7a604994e4ffd1e12072a45fe0e93b78e71dc13bd08b76ccee0cfcacc57d7a
c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d
c5bc9d18608ad18f890d26ced64f3de79a521a1ed2b9476ce2e50f3280d2ce68
c72255901dfcec5f556681d91d28b283aebadd786d5502a5fcdcdc660ea906ba
d48b428c1788391a1aef29802daaa691077732dc7b821d0968831bc50b19278d
dc8aa13b90fe5e2a0ebf43aac306d67309b7fc9086c430d92709d45f92f83b81
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46ce3a91dc6e3faf41d9fd97c08a6349d7f6c7a6193b4282e4c6927b58969ba
e734f7c8b8acfa4429aab7a59ff251cd4652ee1ae4c48404038e7dbf96a04749
ed25271e0757ad6beced6bd7c1d643cbc8b7f2553e03b496649815658c5b9100
ee01ef3491990c7c62c7dbcba710c759b7ad0d14f5994ee495a9a3ed3816df6d
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
f3adadb235f7ecab4a68f4d0961640c155c0d2057d28fe24e19d36b04904ddc6
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e