Report - paste.fo/dd234e212112

Report Overview

Submitted URL
paste.fo/dd234e212112
IP
172.67.144.225
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 09:13:05
Access
public
Website Title
⛔️ 2x PureVpn.com | VPN Accounts ⛔️ | paste.fo
Final URL
paste.fo/dd234e212112
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
76

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-17	415 B	94 kB	142.250.74.168
paste.fo	unknown	2022-08-23	2022-09-02	2024-04-16	18 kB	12 MB	104.21.28.76
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-04-16	480 B	17 kB	104.16.80.73
newassets.hcaptcha.com	11055	2018-01-12	2021-03-22	2024-04-16	2.5 kB	1.2 MB	104.18.125.91
js.hcaptcha.com	23463	2018-01-12	2021-07-30	2024-04-16	393 B	388 kB	104.18.125.91
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-17	550 B	41 kB	142.250.74.106
u.paste.fo	unknown	2022-08-23	2023-05-13	2024-04-17	1.3 kB	5.8 kB	104.21.28.76
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-17	2.0 kB	226 kB	104.17.25.14
api.hcaptcha.com	63834	2018-01-12	2021-07-31	2024-04-17	596 B	1.3 kB	104.18.125.91
api2.hcaptcha.com	unknown	2018-01-12	2023-05-02	2024-04-16	597 B	1.5 kB	104.18.125.91
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-17	1.1 kB	45 kB	142.251.209.131

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed
2024-04-17	medium	paste.fo	Sinkholed

ThreatFox

No alerts detected

JavaScript (31)

	URL	Size	First Seen	Last Seen
	newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js	387 kB	2024-04-04	2024-04-30
Pretty URL newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js IP 104.18.125.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 18:06:19 Last Seen2024-04-30 03:27:12 Times Seen1310 Hash 052bf4abb4128ef78b68c418f7d94678 2b6c44a8cc009017a2909c7afd71e371e82b7d27 01908359050da30c842f89d13af0447be961b00b67b46eb61114d1fa48f1bdc9 Loading...

	unknown	48 B	2023-04-11	2024-04-30
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:45:29 Last Seen2024-04-30 03:27:12 Times Seen19046 Hash 43d643e449b4ea13394fe737b1d6a447 1c03d56d955fd266d7659379e63d5711bd5382db 4817661f6ac7d2e1691bc3aeb9966e66012891ccda569ff872dc0932010c540d Loading...

	newassets.hcaptcha.com/c/282d0ff/hsw.js	528 kB	2024-04-02	2024-04-17
Pretty URL newassets.hcaptcha.com/c/282d0ff/hsw.js IP 104.18.125.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 21:03:12 Last Seen2024-04-17 22:23:44 Times Seen557 Hash f593c8f46e9cb4a93e13a33ec29e7214 40817a1a4bc1e5418a8cba7ecfcd5d10e5dd6e5c e9299541a3837fefdaa7e596c82626eb26d5774273b13a2590cb4a71845880f5 Loading...

	paste.fo/dd234e212112	153 B	2023-03-08	2024-04-30
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-30 03:27:12 Times Seen688 Hash 2bc0082aba5a35e515758023fa651be0 a8db1112fc735be0d64a64e864a52131f7eaf878 75367336210d6cc8328fad7ddbdcf9afaceae3dae97c2a2e6b95a6ae82d8bc1f Loading...

	paste.fo/dd234e212112	220 B	2023-03-08	2024-04-30
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-30 02:53:11 Times Seen547 Hash 3db1e9a5b3900e6e537c9a3c37c3a710 ad5a93d1d63c4147ccea4e92c31e76ac33e48fa2 009775e1b19c7979e577f9eacfb2da159c57074b82eb7985b4fb0e31c28133f2 Loading...

	paste.fo/dd234e212112	733 B	2024-04-17	2024-04-17
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen1 Hash c34e9d3005722313b9ae1d78f8e36a6a 4603a2e73c1cc0d8fba670570e4ceb3c32e55f51 e9300a0d0a4d41e94c31ec8f7c4e2c735563e610de8957e7bef8e5fb1a8f1018 Loading...

	www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3	269 kB	2024-04-17	2024-04-17
Pretty URL www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen2 Hash 7f605d02b9ac9313d3b3e3827aada8c0 c7cef85ba5da4535486fa3d071f87885125574a7 93310fa10eec9ffc43ee20d06dd890d29ab8774fd8e3bb919da6ed13a38bd872 Loading...

	paste.fo/dd234e212112	44 B	2024-04-17	2024-04-17
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen1 Hash c6d1be05f8df05bcec0c9a4fdc22a2ac 3e87a581206a4274ae06106901eee1fd0c955787 7ba0c62c665b2fe660fb9766567ceb3b507483b27d5877863560b88313d01257 Loading...

	paste.fo/codemirror/lib/codemirror.js	401 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/lib/codemirror.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen75 Hash 819ea032bd1e81457ff348bee2a86533 095dfcbeebb24f9a38d6558291fd0af8925321b0 8beb242c41927656e634cda1db88a72aac40b18bc887e831efd2e842db123453 Loading...

	paste.fo/dd234e212112	751 B	2024-04-17	2024-04-17
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen1 Hash 71985192a85e46ac87c21cdf974117c6 2b4b96ea3b1d3d858a78fe17f76537e386ad2f71 3c91d5efebdc794434d67bad10bca7631a2729a7424f0d35cb13a91d0aad346f Loading...

	paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-30
Pretty URL paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-30 05:43:07 Times Seen55453 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	paste.fo/codemirror/mode/css/css.js	40 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/css/css.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen127 Hash 3675078ada8a185a353a6560bda2d5ac 1045cdc88a58fb002511eb21db184ed242730f05 60f0689e5c6af7f36c341e8e1341a4f10b4f0a04cebfb7341bcbedba9b572b32 Loading...

	paste.fo/dd234e212112	703 B	2024-04-17	2024-04-17
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen1 Hash 0421183aa8715247fbc1190f32681efd 8c677d13fbf2dcf00c6a88f764a85fae0fcf5091 e0e0c31a8e2d104f10fbd10699abe38fb6d3b93b65a098620d19860659f9d828 Loading...

	paste.fo/dd234e212112	580 B	2024-04-17	2024-04-17
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen1 Hash 1e31197b373b7e62f3bb8c75db6e42f3 220e93d6ae31eaad836be7f07e47feb8d1c4883c 2b493474511c3f95334a78d290c6f83b6bfa203b2a3e804d85e62b95e02facbb Loading...

	paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js	43 kB	2023-03-08	2024-04-30
Pretty URL paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-30 03:27:12 Times Seen1397 Hash f15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910 Loading...

	paste.fo/codemirror/mode/clike/clike.js	37 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/clike/clike.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen122 Hash 145b41ea6cde47e8889ef8b2214eecde d0ae7cc4040a57a76b86265f492f87e251d1cc9d a1ff458a030f8b1db2d901811344f3e178eaceb19b598277d054bf83dacfecd2 Loading...

	paste.fo/codemirror/mode/htmlmixed/htmlmixed.js	5.7 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/htmlmixed/htmlmixed.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen88 Hash 4c5a6f44d738b718d1f6164c1c8d6904 a4f9c3552740fb908e14fb0f47832d10a3f535d6 fe5912e1d10f8fecb98bd31e2f957c0bbc9abf6b505d11b6dbcd27542d0fdcad Loading...

	paste.fo/dd234e212112	362 B	2023-03-08	2024-04-30
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-30 02:53:11 Times Seen529 Hash cc410e71e4e11ef150fc0b841e53a779 40fe8f68130bf0d500f779f7be6504a90d0b670e b2eeea9c303e9ed86aad00cf3f5224a2bcb03dbec9db3139d1b1c267b27457cf Loading...

	paste.fo/dd234e212112	1.1 kB	2024-04-17	2024-04-17
Pretty URL paste.fo/dd234e212112 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen1 Hash 7f575039cdc93ec9b684826ede843928 ca34889316148e1a958d956729b66d37a1b1832a 0852087ec015a630547d16a98f1580e5dee885c04e422894b0f1c1e98106917b Loading...

	static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793	19 kB	2024-04-17	2024-04-30
Pretty URL static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 04:05:01 Last Seen2024-04-30 05:42:10 Times Seen1244 Hash 3be93fd15d2f7dee2fc0c8981c6fa5c6 8cd88c36fad3e96641dbc4d781f5ddbe5123312f 17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee Loading...

	paste.fo/codemirror/mode/xml/xml.js	13 kB	2023-06-07	2024-04-29
Pretty URL paste.fo/codemirror/mode/xml/xml.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-07 17:23:47 Last Seen2024-04-29 01:26:11 Times Seen148 Hash c93fe254ef100aeb5c9dfcda4c91d27f 510c71566cf81560cb5bd1bb25287ed6502dde75 dc7e44d410399326f802e2924573cbf6f942a79f647fd0b97f0b607973bc9a09 Loading...

	paste.fo/codemirror/mode/sql/sql.js	60 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/sql/sql.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen123 Hash b48a3934b20b392ae812b17df05355f4 40d1a558afba1f5043b23131e496de37d8e2dfb4 ac23d3f196deb9be25cfcecb966bdc1789b9e177aac683ddccde1420670c4d8a Loading...

	paste.fo/codemirror/mode/shell/shell.js	5.4 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/shell/shell.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen82 Hash ab0fc779b5fb9bdc1310a28d7dccd379 ece7e7661886871cc46ef71248c67ea53a61ac7d 24f77cb162ea9d9e9fc79b95ba547a7cc10a0767e3a5a52c786d4c24253736fe Loading...

	paste.fo/assets/js/hyperlink.js	1.0 kB	2023-03-08	2024-04-30
Pretty URL paste.fo/assets/js/hyperlink.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-30 02:53:11 Times Seen672 Hash 754527075e7f43e5b376a6879d591ad3 019edc8ec844b25f28c0049c56aa09c5cc0a5121 d5ff35dd76c5fa9ebfe3b89012a8dd40e85a89ee50f4f85623d338f0514e15d4 Loading...

	unknown	247 B	2024-04-17	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:07 Times Seen1 Hash 3de8e670aae8c747f9be75fadcd904d4 c333fb78a06937afc9ae426ebfe9bd41911eb20c b4016ff4702dacae98bb69dcab5afc28e1549b1080b53e91bca810a3c7cd77a2 Loading...

	paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-04-17	2024-04-17
Pretty URL paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 11:13:07 Last Seen2024-04-17 11:13:08 Times Seen2 Hash 9aa9a1694edd8a3e02edda6cb15d70ad 5bcc9d411433d0582accb18b17a5124aca9ba1a3 9ce4c9760ddb0c3bd51384a6288ecd6ba190ee87fc85dc10e3f34702b98f5b7b Loading...

	paste.fo/codemirror/mode/php/php.js	18 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/php/php.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen130 Hash f2f1668dbc8a4b0fd9f031dceda0e4ab 31d6961d6d4cbe7bf5deb2f0b5ba099c49e5c962 07819ae34d5830a3cf040e1904d4b641cb70142845394211f7fb63c891d80945 Loading...

	paste.fo/codemirror/mode/python/python.js	15 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/python/python.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen124 Hash 9b50648e6f546e4f63f1a8eb25adb039 b178c4d31cc4eeefe58e97a60723d47af96b79ed ec56443dfebe73f332cc639289ad2de6921560c8952a3e2127397a0849882657 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-30
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-30 05:44:04 Times Seen263406 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	paste.fo/codemirror/mode/javascript/javascript.js	39 kB	2023-03-26	2024-04-29
Pretty URL paste.fo/codemirror/mode/javascript/javascript.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 07:55:40 Last Seen2024-04-29 01:26:11 Times Seen121 Hash 178dfcd5f64c97da22a3d3a62713b7a9 969b4a80be53b334612b44a0cc6ef57cfe171a26 21fa74c1638c7a4eb3e8cd04b5c8c997181394568330b341c83716da18ffad8e Loading...

	u.paste.fo/script.js	2.4 kB	2024-02-20	2024-04-30
Pretty URL u.paste.fo/script.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 04:21:10 Last Seen2024-04-30 03:27:12 Times Seen673 Hash 8285978df55a18d7ba03a3106d4b28d2 3c69c6b6715afaca3b655fa3ea18e6c447a0956e 56e70678cbf7e8c157c423bac4d2872f3b384a1784f43b1126ae5e59fd45d144 Loading...

HTTP Transactions (55)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

104.17.25.14

200 OK

19 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (52276)
Size
19 kB (18752 bytes)
Hash
ded1c367363e8b20bdc6a19b8350a737
8c06d82739d14b094ff6d9036021a252bd1d985d
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 142192
expires: Mon, 07 Apr 2025 09:12:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aq816iTNMvRGBvyYYYNzPhm6q3RL3oWrNG1x8AfTafisEUsLKqDNEzzPmMj7Khzl8UDJr%2F5BZjIs8krDGtF6QhtKCozFL85Hp0icKdVj1iI3qtycc50rQnnQjSZMZ6I75wAu8zuB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875b4b661e7592d6-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 144627
expires: Mon, 07 Apr 2025 09:12:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C9GKAnv3De%2F6Hz0UsPSBEGWnUedT%2BCV9eOiENJCr8oMyHqHUNBPFWMT9eskRFRLzVXpnvEbUpqp2%2B9pInjLBSlk1Qe4P6%2FXyJiHow6GhflXRV3e9NZaPcRFv%2B1xUjYKQirx53Dgt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875b4b663eb892d6-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3

142.250.74.168

200 OK

93 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (3034)
Size
93 kB (93147 bytes)
Hash
7f605d02b9ac9313d3b3e3827aada8c0
c7cef85ba5da4535486fa3d071f87885125574a7
93310fa10eec9ffc43ee20d06dd890d29ab8774fd8e3bb919da6ed13a38bd872

HTTP Headers

GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 17 Apr 2024 09:12:38 GMT
expires: Wed, 17 Apr 2024 09:12:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93147
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/CSSb8daa07cd928bc86.css

104.21.28.76

200 OK

591 B

URL GET HTTP/3
paste.fo/CSSb8daa07cd928bc86.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
591 B (591 bytes)
Hash
e09957853ee7f0a3a621f54331c82664
8a0a90102e1d2dab47400bdc148ad1cf643394bb
bec5deff3bfaa06a71ee3b73ff5a264b56f3dbfaa09d3d811ca2a6065812c914

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CSSb8daa07cd928bc86.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Wed, 17 Apr 2024 09:12:38 GMT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUL67%2FkHbwid0ZRU243YkljO99%2Fj52lULv4LETxob9Ft%2FFWdiXpK0fB8Qalm1H7yeUHf%2B%2B46OEY4v7Y3D%2Fg9xIp8ipoleLd9Brr2Q%2BGT2H1gwJAAyC7204j%2FmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65ab0aabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/sql/sql.js

104.21.28.76

200 OK

18 kB

URL GET HTTP/3
paste.fo/codemirror/mode/sql/sql.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7061)
Size
18 kB (17597 bytes)
Hash
b48a3934b20b392ae812b17df05355f4
40d1a558afba1f5043b23131e496de37d8e2dfb4
ac23d3f196deb9be25cfcecb966bdc1789b9e177aac683ddccde1420670c4d8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/sql/sql.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"e892-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LnJn9ep7X07R0Hf5CR5H75fLQKPpEQ1XFrjrQ1%2FgoUs8N4wyUya%2FCPNtblyMBL9uwxiYvPg0yFC2Tr24%2FQQl9s285Mr8Wr53hvJAVvcSyfxltMO7%2FZrlhukF5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65aafcabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/python/python.js

104.21.28.76

200 OK

4.7 kB

URL GET HTTP/3
paste.fo/codemirror/mode/python/python.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
4.7 kB (4739 bytes)
Hash
9b50648e6f546e4f63f1a8eb25adb039
b178c4d31cc4eeefe58e97a60723d47af96b79ed
ec56443dfebe73f332cc639289ad2de6921560c8952a3e2127397a0849882657

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/python/python.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3a4e-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Se7FDhwTlbBqMwo727rP63aCnpSN%2F7LglBi6Iy5KfpI3jEVudVQG3Xa6U7Dinwh21m%2FZmvj%2BHpcUzGZxyIIDrlf6Ee3%2BYDVGlYqSD8Nkhia%2FD0RTkk0nBjaTyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65ab00abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/css/css.js

104.21.28.76

200 OK

11 kB

URL GET HTTP/3
paste.fo/codemirror/mode/css/css.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
11 kB (10678 bytes)
Hash
3675078ada8a185a353a6560bda2d5ac
1045cdc88a58fb002511eb21db184ed242730f05
60f0689e5c6af7f36c341e8e1341a4f10b4f0a04cebfb7341bcbedba9b572b32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/css/css.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"9e2c-614ce4aba67d0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K5kpBSwftB7e1TwO7LnsZWK3IzeKa8yhIPYTJUtLE23Lfk5XSouAWQelMNBgONpCfaZa%2B6xQeGgJYyRmnv%2F0njFO9x%2BD3gK9r4cU%2FF2U4U8FmKp4ltpUzUZqKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65aaf7abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/htmlmixed/htmlmixed.js

104.21.28.76

200 OK

13 kB

URL GET HTTP/3
paste.fo/codemirror/mode/htmlmixed/htmlmixed.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
13 kB (12725 bytes)
Hash
4c5a6f44d738b718d1f6164c1c8d6904
a4f9c3552740fb908e14fb0f47832d10a3f535d6
fe5912e1d10f8fecb98bd31e2f957c0bbc9abf6b505d11b6dbcd27542d0fdcad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/htmlmixed/htmlmixed.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1638-614ce4aba4890-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nduYQmFbWQqSaaEiRNULe%2FaA7Rbe%2BHM8XsjgaxuRRZ2Ea1eEjdRuaMad3G0iLuGqBxAi0Fv0MxfeJYMPL5UxBnQMOS9yByR9kawi6w705XuNJ58ANE7DtAIOAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65ab06abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/php/php.js

104.21.28.76

200 OK

13 kB

URL GET HTTP/3
paste.fo/codemirror/mode/php/php.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9306)
Size
13 kB (12558 bytes)
Hash
f2f1668dbc8a4b0fd9f031dceda0e4ab
31d6961d6d4cbe7bf5deb2f0b5ba099c49e5c962
07819ae34d5830a3cf040e1904d4b641cb70142845394211f7fb63c891d80945

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/php/php.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"47a3-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKRZLA3kE2jOW4KxCuHG87hxDVj9WSyLkkiG20IzWzs0AT8v7MinHkjC%2FFDZMd7Y6oGe6W0W0uUlhF1mxqg5bIcge8bL%2BkCnoMIVAlAYx%2FNOysv752sxp4%2FMGw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65aafeabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/email.php

104.21.28.76

200 OK

12 kB

URL GET HTTP/3
paste.fo/assets/svg/email.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (576)
Size
12 kB (11653 bytes)
Hash
228beb59530af110cfac760f33b0868d
4c6909e4a1939dfccf4e38d430a39855d35bab47
779ff7dada730e034b90d2a74d93fc1fc74f332819bce6d98d81f4d42762e37c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/email.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PmaignzFxlh9MCAf%2FiiGBBJibImHwgaQAShxxzu8gMb7uhbtxr7azkqlAT5CfkIfGGN5ykNvRNJcxEZCj4s9dlzNckPCfUmgh79ajoP8hQgZZsEGyEfd%2BmFaug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65bb1eabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793

104.16.80.73

200 OK

16 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
gzip compressed data, from Unix
Size
16 kB (16498 bytes)
Hash
4235d6d4ca6161328d9ed394e26fa7c1
0739f07378b2b36440f34cb1c41ce9f0b1313bc9
336697ec1ed68a481e52f88f9df2ddcddaa902cbd0b7b970616fc3b651940c68

HTTP Headers

GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Mon, 15 Apr 2024 22:09:58 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b665d48abd8-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2

104.17.25.14

200 OK

25 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24948, version 772.256
Size
25 kB (24948 bytes)
Hash
61f30b79daf5b31f0d254a31fba66158
fb363d27cfdfe71a243fa2ac3dab2815232b9b7e
8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 24948
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-6174"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 137867
expires: Mon, 07 Apr 2025 09:12:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHLU382bYXU%2Ft%2F1BhlC8MGTELNS07%2BDYPStM5qgAX0kKYFx%2Bt7VkNR2wRun83ztPdV7xG5YZQ1wXhFT0jNzjNo5%2BqG7fkF5UjJab7CfOOoazxPMJ3b6fi%2FLXE1LnicvsVFt2jSc4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875b4b697d7a92d6-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

150 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150124, version 772.256
Size
150 kB (150124 bytes)
Hash
c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1095457
expires: Mon, 07 Apr 2025 09:12:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=guLT2rPsBJ6SHbdIwSiXEIr9ODx3ICtiTYiNhawu8XCAtiiEFolnNga3VSOZL4AM97JI%2BGJh7pyYSuDbrZjDhODeEjx62%2BPWBB%2BxmjeRql6472C7qliPNwLfj8XjkiSSaQYSjTWb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 875b4b696d6792d6-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

142.251.209.131

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
142.251.209.131:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 Apr 2024 22:47:07 GMT
expires: Sun, 13 Apr 2025 22:47:07 GMT
cache-control: public, max-age=31536000
age: 296731
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.28.76

302 Found

0 B

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 17 Apr 2024 09:12:38 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U99fRlLpk48yK0NKUCYkZJLhMdXzrx62%2BxAeCcGAkVMxMHooMToLMYU%2FuzZA9tyJWdSOkhx2qyJIlcCZfNbQAhhOg73aH%2Fj9wY7p3MubkpN6F7RPSw%2BB7NcoFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b6a3bcfabda-CPH
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

142.251.209.131

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
142.251.209.131:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 Apr 2024 22:47:07 GMT
expires: Sun, 13 Apr 2025 22:47:07 GMT
cache-control: public, max-age=31536000
age: 296731
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/assets/css/cio.css

104.21.28.76

200 OK

22 kB

URL GET HTTP/3
paste.fo/assets/css/cio.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
22 kB (22088 bytes)
Hash
495978f1df765f0993859afcf8490189
5ef8a4b916f6d464c755881fe251859a5a842c67
c03d3189c28dc88b8042d27b55e75cf0872d9c7e8ef4244608b6da9319ebef42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/cio.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"675-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GxmuKVGv85lBBoKzQI4EU1efr3JGNxmp%2FgMzGVFiUukKIaTVy2fW6KMqeNa11uLFttNU34km7SwN67krNMswJ88hmEtyus5L0EMWm%2F4Vv4cCOy4Hp5Iv6VLWig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b658abaabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/img/bg1.gif

104.21.28.76

200 OK

25 kB

URL GET HTTP/3
paste.fo/assets/img/bg1.gif
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (24898 bytes)
Hash
dcab8f9443952c7589be3e4db6072853
824ca8c921eeca604844d3f00d08691631199201
a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KjJ05vJgf9voKXwf5zbo8xlQdovRc952RXyaCK82BMWrN9YPV7mwPctTijBwNiUs%2FDqKCPnfUCZLxl7xIh6SZho2NzvvRtqVYw8dQWTBjqkLAkWz5BSXtEcbtA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b6949cfabda-CPH
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/rum?

104.21.28.76

204 No Content

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/rum?
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1046
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9; _ga_HKXR34F8P3=GS1.1.1713345158.1.0.1713345158.0.0.0; _ga=GA1.1.1298633968.1713345159; cf_clearance=_EobJRkG5T8UfBdPgHPddVwm4vwEV9jFPbGAkHC6B1I-1713345159-1.0.1.1-BfCZTn.PVB5ZQfTB_F306Gp0VjyqrocRHdIcsGHjHktdywxJ0_maCXpxepMLwBpIUKWpQSHlUpVC9v69ET7cdA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 17 Apr 2024 09:12:39 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 875b4b6e1bc4abda-CPH
x-frame-options: DENY
x-content-type-options: nosniff

paste.fo/0323EDFEMC5C464049450A1D1C5E1B585A511A070EAM4C036166092B2A081B64044E16525F50.jpg

104.21.28.76

200 OK

8.1 MB

URL GET HTTP/3
paste.fo/0323EDFEMC5C464049450A1D1C5E1B585A511A070EAM4C036166092B2A081B64044E16525F50.jpg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 800 x 200
Size
8.1 MB (8065033 bytes)
Hash
5a48b1279d915d1b844ceeda0212ba80
a702fb7f99a765fd6ba5fe6798ab2dfcb67d0021
0256536e816bf82884335ae611639bf19843101e50e5f5dca5616a313a6e62c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /0323EDFEMC5C464049450A1D1C5E1B585A511A070EAM4C036166092B2A081B64044E16525F50.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 717
last-modified: Wed, 17 Apr 2024 09:00:41 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IS7HpTnmZEC8KthysmuSK0zpNKxXUyhoo3vy1c4bt8eWhbfK2nLv92HUBg4Aw2B7Ul6f7DUeZC2n8NimuyexqIb8VYaxhd8Y5YJa%2FIrptCWpjlLDbtL%2FXr0JCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b6949c2abda-CPH
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js

104.18.125.91

200 OK

136 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0oz3n6s51lo&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41625)
Size
136 kB (135622 bytes)
Hash
052bf4abb4128ef78b68c418f7d94678
2b6c44a8cc009017a2909c7afd71e371e82b7d27
01908359050da30c842f89d13af0447be961b00b67b46eb61114d1fa48f1bdc9

HTTP Headers

GET /captcha/v1/b1c589a/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 01 May 2024 09:12:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875b4b6b4c9392d0-CPH
content-encoding: br

paste.fo/assets/js/hyperlink.js

104.21.28.76

200 OK

6.5 kB

URL GET HTTP/3
paste.fo/assets/js/hyperlink.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (630)
Size
6.5 kB (6458 bytes)
Hash
754527075e7f43e5b376a6879d591ad3
019edc8ec844b25f28c0049c56aa09c5cc0a5121
d5ff35dd76c5fa9ebfe3b89012a8dd40e85a89ee50f4f85623d338f0514e15d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/hyperlink.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2060
etag: W/"80c-614ce4abce86d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3133
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vq3yfPIosBQIXEUz6Yv4dqXuBWNmAaOQLzheaifdpyD5pH6knm9WFFijpBSBTuNRtCPFsW4raaz%2Fnfba9uv2nQHgVQXdR3BskdhhIq0Nb8DLoI2Kor%2BFK5fVxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65ab08abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/8F516AC8MC0A401246170C1D16081D5C56031D54564A7AM2506816020D644A7B585D431C561B055D00.jpg

104.21.28.76

200 OK

2.7 MB

URL GET HTTP/3
paste.fo/8F516AC8MC0A401246170C1D16081D5C56031D54564A7AM2506816020D644A7B585D431C561B055D00.jpg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 550 x 138
Size
2.7 MB (2716204 bytes)
Hash
98e81cb80ce584cb4a7674eb9ab9fb52
e035e2e1791e2f06158ba44d067f1d7315745e71
c1205599e407622f5ed64ef56b0c52a478b9cb156dc770a1cf08e89ba868b691

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8F516AC8MC0A401246170C1D16081D5C56031D54564A7AM2506816020D644A7B585D431C561B055D00.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 289
last-modified: Wed, 17 Apr 2024 09:07:49 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fdc9Q002I%2B7EN8eSLnLlPEaF11vC3Aonq55gCSQhBCiTNHLK9QJAvaSRm6FwQwEAG5VWmw9zaMQl77mKo9NE6Lfw1u9LlM4YLC%2Bk85vzYIdwz6E%2BrXthbRQeEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b6949c6abda-CPH
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/282d0ff/hsw.js

104.18.125.91

200 OK

528 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/282d0ff/hsw.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0oz3n6s51lo&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
528 kB (527636 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/282d0ff/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: application/javascript
etag: W/"f593c8f46e9cb4a93e13a33ec29e7214"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 09:12:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875b4b6e3a9192d0-CPH
content-encoding: br

js.hcaptcha.com/1/api.js

104.18.125.91

200 OK

387 kB

URL GET HTTP/2
js.hcaptcha.com/1/api.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
387 kB (387091 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/api.js HTTP/1.1
Host: js.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: max-age=300
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 01 May 2024 09:12:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 875b4b662cc5abd2-CPH
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.106

200 OK

40 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text
Size
40 kB (40360 bytes)
Hash
fb9a01c247c59daca77d5e373217b0b1
df072c2f05f7e6884df927cf8b4d2144937b8cbe
f6ce0c3fb43d72007637cf61a13dc4c6a0cb1111d2f457dc1386008f83fe13c3

HTTP Headers

GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 17 Apr 2024 09:12:38 GMT
date: Wed, 17 Apr 2024 09:12:38 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

u.paste.fo/api/send

104.21.28.76

204 No Content

0 B

URL OPTIONS HTTP/3
u.paste.fo/api/send
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://paste.fo/
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Wed, 17 Apr 2024 09:12:39 GMT
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V3RjM2u%2BjO5%2BvqYQTCNEaiM90ONnCrlJ0G6xpUvr1O%2BmGKfTMIyVde%2FF5sQ1tWHqtTyorX4tAifLTs3LS06GYOPz410xKSXjybsILOBO0qpmRQzPsVOLtCuBwTXe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b6e1bbeabda-CPH
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/clike/clike.js

104.21.28.76

200 OK

37 kB

URL GET HTTP/3
paste.fo/codemirror/mode/clike/clike.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
37 kB (37231 bytes)
Hash
145b41ea6cde47e8889ef8b2214eecde
d0ae7cc4040a57a76b86265f492f87e251d1cc9d
a1ff458a030f8b1db2d901811344f3e178eaceb19b598277d054bf83dacfecd2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/clike/clike.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"916f-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0MyToQkUKUYmZanW6JNpuRyxyB1dNP51f7%2BfMyBGgRNVD3EVYASxbEdLMWG%2FW%2FWsJNRYhjo6SPCs%2FetiQbTeIuiUuc09%2B1cX1uSNN88j5YXRq3jWS8cimbScDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65ab04abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/responsive.css

104.21.28.76

200 OK

7.5 kB

URL GET HTTP/3
paste.fo/assets/css/responsive.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7970), with no line terminators
Size
7.5 kB (7512 bytes)
Hash
2aa89582cef12be226b501d2b5a3cc15
d9ce8a5fed661b25f182757e56e1b6240a2e5853
81f523d5dac2560f01b8b0a30d90bcb08bf90a501e558bcb49da7e4f19291b72

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/responsive.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1d58-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hmCAJIkwv82SfJHA%2Fdl9fcoeGp8A%2FmrrhVMPdkQ3f5sD70Nj3rKOdr8VYeUHvKbpEXenC59aOizoCu56RvRcTt2gGqxJmY37hYl8vvucVogxRbgGGjRrqfNXww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b658ab6abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/lib/codemirror.js

104.21.28.76

200 OK

401 kB

URL GET HTTP/3
paste.fo/codemirror/lib/codemirror.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
401 kB (401347 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/lib/codemirror.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"61fc3-614ce4aba67d0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bwccfcNwgFP5ABUsMxfN6iztxmwE3Kda3EAXnIjsLYNW1xx6vmJ%2B5XfceCHzEvWl2Vte5Rvrx4Tm6Z3TJPJDmET2tVBXnE9asYRvLYefT25VL1STGsNSTXHdjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b659addabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/twitter.php

104.21.28.76

200 OK

1.1 kB

URL GET HTTP/3
paste.fo/assets/svg/twitter.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1064), with no line terminators
Size
1.1 kB (1055 bytes)
Hash
52ada42cb5438b7b0421018fd75f361e
d5e00f0d91ac0e644fa97b585fa704764276830b
5814970c931c847c4acc7c25ce39b1f9abbed82f7642c2da34a93f895d875746

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/twitter.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ycG%2FnYgWhFh7V3al3Oyw4cX8mm4MlxWn%2FHTPDKwoLdxpYpnac%2FWnINKNmdcqoZwVlF70FNbYVyY%2B0E0vkE9wPE7AaEmyUECSxHOScNczlKbnbs65Zo2IGtTJzg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65bb1cabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/dd234e212112

104.21.28.76

200 OK

20 kB

URL User Request GET HTTP/2
paste.fo/dd234e212112
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
20 kB (20048 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dd234e212112 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 09:12:37 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9; path=/
token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
sscore: 0.53672316384181
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WkQVNg3XFumk%2B%2BCgjOS5mYU6p4q7JLQtooNCdOpNjRSQ8%2F9YsSi45xMhxhFNFs6%2BYFmlk%2BUk4QlTQxpZYlZPa02zG%2FPuB0sYugIYf4OcVO787uPwYBR2xuZ2MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b6339c28f59-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/codemirror/lib/codemirror.css

104.21.28.76

200 OK

8.7 kB

URL GET HTTP/3
paste.fo/codemirror/lib/codemirror.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9064), with no line terminators
Size
8.7 kB (8720 bytes)
Hash
8b045e55b2a449a117883ea28388a77b
115408c4f4cf7f856b9d6fb938d8d5b13b579fb1
be7c7e645a5db24c773efe72d8f45aa0ec7bd6a3725562bebe2c74612351a6d5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/lib/codemirror.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"2210-614ce4aba67d0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QmlBnkj%2BEhJ0mTpjm6%2BY%2F7xf%2BGECQY0pE4f7ErFZ1%2BzcT0AMLO7%2F9sn8jQMxFOekev7dXuKOnLI4LI%2FfnFXtccwkHViXeh%2BvpRdynR3AFj2vPo15eUP%2Bsac7Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b659ad3abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js

104.21.28.76

200 OK

43 kB

URL GET HTTP/3
paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42951), with no line terminators
Size
43 kB (42951 bytes)
Hash
f15be88a3c9bf40debcc080b125c7e91
4a636976285768dd43278f43d63ba5779f3f493d
8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=anM2b7pAlHtr9hyY1%2FJRBNSRbrYxpj31Fq5Z3V5GUfbY%2Fm9QclDumzDV0c1knREHj2qDguqDkt0RwVDGhorXUTd3PCftzVAF5nsRQsOJchary12GFSXpmt4ijA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b658ac5abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html

104.18.125.91

200 OK

1.7 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1768), with no line terminators
Size
1.7 kB (1725 bytes)
Hash
825c2f21a9a22bd9911e6686ced37ded
74f703bdafeabb1aad6a04b073d1745298c111dc
0624e04628b8b0d5f77b594b9ef1408296a1774109a47d7c1ac402e1d2636350

HTTP Headers

GET /captcha/v1/b1c589a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 01 May 2024 09:12:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875b4b6a2aaa92d0-CPH
content-encoding: br

paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/875b4b6339c28f59

104.21.28.76

200 OK

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/875b4b6339c28f59
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/875b4b6339c28f59 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12140
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9; _ga_HKXR34F8P3=GS1.1.1713345158.1.0.1713345158.0.0.0; _ga=GA1.1.1298633968.1713345159
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: text/plain; charset=UTF-8
priority: u=3,i=?0
set-cookie: cf_clearance=_EobJRkG5T8UfBdPgHPddVwm4vwEV9jFPbGAkHC6B1I-1713345159-1.0.1.1-BfCZTn.PVB5ZQfTB_F306Gp0VjyqrocRHdIcsGHjHktdywxJ0_maCXpxepMLwBpIUKWpQSHlUpVC9v69ET7cdA; path=/; expires=Thu, 17-Apr-25 09:12:39 GMT; domain=.paste.fo; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dRykzfGiwrTrpArZQdTbS4X92j4iuZ8u2uUuOKV6VKhlMmRwyN88bJWbA7TQAyiL9fKYPO67D46JVLEBLVTr6HD5hAYwa0uZf0RZ7HhM%2FpeopyICGq3xbUdv%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b6c0fb8abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/@sweetalert2/theme-dark/dark.css

104.21.28.76

200 OK

30 kB

URL GET HTTP/3
paste.fo/node_modules/@sweetalert2/theme-dark/dark.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
30 kB (30018 bytes)
Hash
00008b67e39ee270e57f03f4fcad4dac
04f3bb1e6464faf302f91ee5e42a94447ad916b9
c6842d1ae92847b8e8cf3283cab162e737127a8fda2e35e628c8994654266d8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/@sweetalert2/theme-dark/dark.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"7542-614ce4ab9ead1-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2F8Pfni%2FbyK8w%2BqabqU9DoyOXy4KfneLzD6%2B%2BWCrPBX%2F22BAZ7X6oF22DIH1o83Dgx%2Bas2qgMyIDPvVPVs0%2BoFA45Qw8AL1VKhU1QZc8RfXjuthcDWzsO3%2BAzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b658abeabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/javascript/javascript.js

104.21.28.76

200 OK

39 kB

URL GET HTTP/3
paste.fo/codemirror/mode/javascript/javascript.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
39 kB (38892 bytes)
Hash
178dfcd5f64c97da22a3d3a62713b7a9
969b4a80be53b334612b44a0cc6ef57cfe171a26
21fa74c1638c7a4eb3e8cd04b5c8c997181394568330b341c83716da18ffad8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/javascript/javascript.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"97ec-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7fY8Ur72wMhhNDuJgpPZ8e24sKbZLL1yqMF9PYmOMbzHsr4tZlb5X7K2sdPUNCmNSZeh8PwyJE5kyqcMR3HvhRNlf3XQwAfk%2BMSQ2ADgA2z%2FOqLrz7Q%2BNqCuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b659ae2abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/discord.php

104.21.28.76

200 OK

1.6 kB

URL GET HTTP/3
paste.fo/assets/svg/discord.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1567), with no line terminators
Size
1.6 kB (1558 bytes)
Hash
f25e187801ad4549ff6d1f7923827d9e
682ad175492f0c7ca063eb8b29df8e5fb92ab3ce
c4c482f2711284ca3fb68e15af960645b841af8880e7e86ea031ca86470c5e22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2zeBwaG%2FCIDgPr1ciFrKZWFyNx3EyIS1XAEiBGn6wmS4jAmuFav%2BEvQdrm6F3P8z%2FJeiacZtKYIm2Jeyc0PkosgL6r8GHHcdpuXnQNA3zqF495BNCz8aJumKTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65bb16abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/favicon.ico

104.21.28.76

200 OK

15 kB

URL GET HTTP/3
paste.fo/favicon.ico
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
15 kB (15340 bytes)
Hash
cf593ad6a070c546ba238d5172b52aa1
9bed079538917ab59999ea26e8becca1cec74af8
d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9; _ga_HKXR34F8P3=GS1.1.1713345158.1.0.1713345158.0.0.0; _ga=GA1.1.1298633968.1713345159
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z2U1joUESzTV%2BKtNxS8bSiSWjGhPkbMTnZgt9tSG%2BS740UojDoKfgVklwrTKIZBNAjj6N033RPFQyrhJGHUEX5%2FEV6kOJj%2BbFGcobCSo4spnGlOjPIyx%2FRz8Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b6c8890abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

api.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0

104.18.125.91

200 OK

718 B

URL POST HTTP/3
api.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0oz3n6s51lo&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (734), with no line terminators
Size
718 B (718 bytes)
Hash
b8df129ebc768f1c7621e9f63757643c
a38e72345cfa523322168bf4f87d857cb91c9cb4
15c5dbe04b8f56b4d9f9e0ba6b4ee941aa45d7ab39a0f01529e7b0ba5beeb241

HTTP Headers

POST /checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875b4b6da9b092d0-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/style.css

104.21.28.76

200 OK

16 kB

URL GET HTTP/3
paste.fo/assets/css/style.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (608)
Size
16 kB (15702 bytes)
Hash
5bda15770898ea87eac893ece623fe83
a1c6f0ef8c7fb26f5684c65c34991ce0ed9bcc9e
ac1f84e3b1d61d9a2599e9db20014bce4788930bf643ce8442ac322304e31b9b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/style.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3d56-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a2UbABlZN5crckHs5k9fvyYOBFZUagJVeRCOUcMTarUOMPNufFovkXB%2BPNQUDzMbxWTh31PeEfkav48QaZNdJFqFRNc8DuCRTu8fBiGnVg4wE1HOmJIduZYUaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b658aa5abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/282d0ff/hsw.js

104.18.125.91

200 OK

528 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/282d0ff/hsw.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=1ijned3an5o&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
528 kB (527636 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/282d0ff/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: application/javascript
etag: W/"f593c8f46e9cb4a93e13a33ec29e7214"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 22 May 2024 09:12:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875b4b6e3a8e92d0-CPH
content-encoding: br

newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html

104.18.125.91

200 OK

1.7 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1768), with no line terminators
Size
1.7 kB (1725 bytes)
Hash
825c2f21a9a22bd9911e6686ced37ded
74f703bdafeabb1aad6a04b073d1745298c111dc
0624e04628b8b0d5f77b594b9ef1408296a1774109a47d7c1ac402e1d2636350

HTTP Headers

GET /captcha/v1/b1c589a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Wed, 01 May 2024 09:12:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875b4b6a1aa292d0-CPH
content-encoding: br

paste.fo/assets/css/user.css

104.21.28.76

200 OK

7.1 kB

URL GET HTTP/3
paste.fo/assets/css/user.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (7437), with no line terminators
Size
7.1 kB (7053 bytes)
Hash
06d7b8a344fa4079f6fe906b7b0929dd
eba03dc4aba82c9249634258a6c9ecb7acdf477a
6d2ed86e12b41b92ecb3c7b16a637071304616c94ae39cc2d41efbf52617d9fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/user.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1b8d-614ce4abcf80d-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pxRhRGJki87OYzFl1GT3WR7bGx2%2FQeE%2BXp%2ByGpQjvYTEAqEawRvwTgzZgPb2V2V1XLUIIstdDCW8xnfGHeCgXK74qmBZar4aotNafCNJiz6uFBsqoGWc49MAgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b658ab0abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js

104.21.28.76

200 OK

7.9 kB

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7886), with no line terminators
Size
7.9 kB (7886 bytes)
Hash
9aa9a1694edd8a3e02edda6cb15d70ad
5bcc9d411433d0582accb18b17a5124aca9ba1a3
9ce4c9760ddb0c3bd51384a6288ecd6ba190ee87fc85dc10e3f34702b98f5b7b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9; _ga_HKXR34F8P3=GS1.1.1713345158.1.0.1713345158.0.0.0; _ga=GA1.1.1298633968.1713345159
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OOaCEAIhIMCeh%2FzdRw4JkcJB5ns7zhI61ujAI8qUet5%2FVICxdjaQnEdZE6le3qqimcSRc%2FcIrCAaKXhB5nTwweh0hkRSAoOk6gP7ode1qCfvyaMiNdbeKDBx%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b6add03abda-CPH
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/xml/xml.js

104.21.28.76

200 OK

13 kB

URL GET HTTP/3
paste.fo/codemirror/mode/xml/xml.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
13 kB (13353 bytes)
Hash
c93fe254ef100aeb5c9dfcda4c91d27f
510c71566cf81560cb5bd1bb25287ed6502dde75
dc7e44d410399326f802e2924573cbf6f942a79f647fd0b97f0b607973bc9a09

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/xml/xml.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3429-614ce4aba5830-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BB0Mp6olcjZ%2BqeDx5quOLuHH%2FJVngCH1qu5lRjhfpjSwe9Sm9J2m1zhrXPg%2BfUNALA%2BySpzh6JANQ246EMMiWNaHigVySwekfhd%2F%2FE7WrfsRGYBM1B%2BbxWRGDA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b659ae1abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/thumbs-down-regular.svg

104.21.28.76

200 OK

1.5 kB

URL GET HTTP/3
paste.fo/assets/svg/thumbs-down-regular.svg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1521 bytes)
Hash
389c8e85f6e31500977c27d913ef8802
1aadcd3b53c6e86b001ff153294a33260913fc82
e9be5fe625221dc40c32eb0f1faf336dd592141b6496b8f3be76a772e13dd591

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-down-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5f1-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3133
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cLNxePYh9F6VAsn8%2F9pfQKNyCsxyCAgKPtkrXpzyJH4Fcm5J9p%2Foewf%2FSZTQl9NMALCR6vi5bEQsQbU23%2BkEPCiaZD0Y3%2FHS1uexoqypZ%2FGkPEKawQriW98pxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b65bb12abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/thumbs-up-regular.svg

104.21.28.76

200 OK

1.5 kB

URL GET HTTP/3
paste.fo/assets/svg/thumbs-up-regular.svg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1497 bytes)
Hash
8316f24250b74fb4d08b7d0d8d7d1a66
e241a00103a7a81d5678741010703fddd7de83dd
7a4a04f8e984441f7a9fd9d4a796726e1d9b2124095688d9ecd0b891ab2f84e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-up-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5d9-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3133
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=spdnVgd%2BZxgZ1fNE40lzisslixu3lBrs6YDBeBcnWtUeGBwJEUGpsKKuBZQgwIhdJ4AE43EWCU0rqL3P5ndWapkl8Jlx5m8JD9H0f6qcl9F66xy190v5KeZG1A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b65ab0cabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/theme/material-palenight.css

104.21.28.76

200 OK

3.0 kB

URL GET HTTP/3
paste.fo/codemirror/theme/material-palenight.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3111), with no line terminators
Size
3.0 kB (2969 bytes)
Hash
1aa44862c3f13344efde99ae23ffa2dd
379767bab90d36575f7306b893be0d9d5f1708da
8c90c317211cba8f920341757d2b31c03f80b965abc07b300d2ad8e47c99ae58

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/theme/material-palenight.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: text/css
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"b99-614ce4aba19b0-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LfAKathlZztq72eZZRkcPsEfCW9760ENHne3G7JIAjxc6KmbNMpVz%2FcfOpzMSJ00lL3Iv0PPl%2BtWyKcjynwuA7fVk62KkaLzJnvXrFpRtdOwlgGdfmiYmTQfPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b659adbabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.28.76

200 OK

1.2 kB

URL GET HTTP/3
paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Mon, 15 Apr 2024 08:31:34 GMT
etag: W/"661ce5e6-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=obeRHZjbtZNAzEDcNOejmI%2BpKMjRRJkmwDIg1l1Oi6ldxuACLmet4kvsxtnJNYCgMWA3tDFZF9sXDm4nGG01xcJnNlptmRD2tzOKMlOmlWlo2%2F%2FndQ%2BvYkgYyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875b4b65bb2eabda-CPH
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 19 Apr 2024 09:12:38 GMT
cache-control: max-age=172800, public
content-encoding: gzip

u.paste.fo/api/send

104.21.28.76

200 OK

589 B

URL POST HTTP/3
u.paste.fo/api/send
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (589), with no line terminators
Size
589 B (589 bytes)
Hash
409a5b19e6a7920c709edc802844ebc4
e55dace87398b0d515bbcd10e58af24dbbb788a9
e2bfe2f1f403a73ba3e9280de3f5bc7f70c887426bef0dbc11028731fc33d030

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://paste.fo/
Content-Type: application/json
Content-Length: 284
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: text/plain
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
etag: W/"qyfxhz886bgd-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1YKJi5MBsw0xZupwrp2SdYcIBs9RlrxQ7Nq6mnpz1Mq36OVAo11X4%2B8CXXrB0YL1eO6FMi1DZqboV6ZfD7XTZO27hWjFEX8QybGWcDmfj5Zj4N7wiyMGEmOQvmSL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b704fbbabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/shell/shell.js

104.21.28.76

200 OK

5.4 kB

URL GET HTTP/3
paste.fo/codemirror/mode/shell/shell.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5808), with no line terminators
Size
5.4 kB (5383 bytes)
Hash
208231715496dbfc0ec69b40f2edfeec
ca8d73adea5dca0b2dd9ae8d323cfa8f5a00ac91
47a0a9215d6bac9bfe69c40e42023a75ba11e02c338c3de8ca73bd230d14a06d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/shell/shell.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/dd234e212112
Cookie: PHPSESSID=e98g8oja39omb8fehmr892cip9
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"1507-614ce4aba2950-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uFrbTdzbaRWhZbuC%2BeJq07%2BckyjBPfzU7KVUfl83GL2GwImBnvU4xT4gWVY8RW70HAVUSitSAvuHNtqIb6I8FJnGqPJ0aE7SVPlX0jCbKcsTy7KjiJjDa5hlYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b65ab03abda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

u.paste.fo/script.js

104.21.28.76

200 OK

2.4 kB

URL GET HTTP/3
u.paste.fo/script.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/dd234e212112
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2496), with no line terminators
Size
2.4 kB (2423 bytes)
Hash
c7b7184df64285d4548b9eaa32a19509
ef7da84b4e6bd419d7afb62e99ab6461bdc3c8fb
bb0c244f2792bc3cb178f2e98d239be893d11443e142aafcb5c0c059b8483440

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script.js HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:38 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
cache-control: public, max-age=14400
last-modified: Fri, 29 Mar 2024 16:49:26 GMT
etag: W/"977-18e8b1dc16f"
vary: Accept-Encoding
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VNbftqxSzu2vYkUK3Bo85E0tptwwJlFhDg2%2BCelWCVId7i4RERASrPER%2BpgpzxauDqW3aNeHlIgpqrmSmhxJRA6s33vFbOuSeFk60vjmG0CApoKmFBPEl9NdkmYp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 875b4b659aceabda-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0

104.18.125.91

200 OK

718 B

URL POST HTTP/3
api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=1ijned3an5o&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (734), with no line terminators
Size
718 B (718 bytes)
Hash
a7f1d76a1e784786f80e1f25425916a8
4a2124bcbfb07ed129fc958a4a4891e076687871
abb56c74a216710b154772e88846090cc1e882931df275520ce49c37d56457b1

HTTP Headers

POST /checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Wed, 17 Apr 2024 09:12:39 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCmxiAY2P53gH; SameSite=None; Secure; path=/; expires=Wed, 17-Apr-24 09:42:39 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 875b4b6da9a892d0-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (31)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL