Report - paste.fo/d61eb46d1c22

Report Overview

Submitted URL
paste.fo/d61eb46d1c22
IP
172.67.144.225
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-16 20:02:27
Access
public
Website Title
Unlock Paste: d61eb46d1c22 | paste.fo
Final URL
paste.fo/unlock/d61eb46d1c22
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-04-16	482 B	20 kB	104.16.79.73
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-16	441 B	20 kB	104.17.25.14
paste.fo	unknown	2022-08-23	2022-09-02	2024-04-16	12 kB	5.9 MB	104.21.28.76
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-16	415 B	94 kB	142.250.74.72
js.hcaptcha.com	23463	2018-01-12	2021-07-30	2024-04-15	391 B	110 kB	104.18.125.91
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-16	530 B	22 kB	216.58.207.227
u.paste.fo	unknown	2022-08-23	2023-05-13	2024-04-15	896 B	4.3 kB	104.21.28.76
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-16	550 B	41 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	paste.fo/unlock/d61eb46d1c22	153 B	2023-03-08	2024-04-29
Pretty URL paste.fo/unlock/d61eb46d1c22 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 22:54:46 Times Seen670 Hash 2bc0082aba5a35e515758023fa651be0 a8db1112fc735be0d64a64e864a52131f7eaf878 75367336210d6cc8328fad7ddbdcf9afaceae3dae97c2a2e6b95a6ae82d8bc1f Loading...

	static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317	20 kB	2023-10-13	2024-04-29
Pretty URL static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:51:00 Last Seen2024-04-29 05:41:51 Times Seen28476 Hash dd1d068fdb5fe90b6c05a5b3940e088c 0d96f9df8772633a9df4c81cf323a4ef8998ba59 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101 Loading...

	paste.fo/unlock/d61eb46d1c22	745 B	2024-04-16	2024-04-16
Pretty URL paste.fo/unlock/d61eb46d1c22 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 22:02:27 Last Seen2024-04-16 22:02:27 Times Seen1 Hash c29d9af44413d995d3e1e13d4dbb619d fa25e3ef0e4a4907e26acbe3a6224bf0c2e8b2bb 535c34b115366329e28c48d3a7092cc9d3ddfdfbd750bd2b5036293a960e19ab Loading...

	paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-29
Pretty URL paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-29 23:44:31 Times Seen55412 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	unknown	247 B	2024-04-16	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 22:02:27 Last Seen2024-04-16 22:02:27 Times Seen1 Hash 83391f7caa2799fad39c7a47819fee05 74eb61c6cc689163e826876511269f9313d83c60 7140979c032a6e053361f819c472f9502c738e67dd5773a9296bc72e8a0038ae Loading...

	paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js	43 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 22:54:47 Times Seen1362 Hash f15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910 Loading...

	paste.fo/unlock/d61eb46d1c22	701 B	2024-04-16	2024-04-16
Pretty URL paste.fo/unlock/d61eb46d1c22 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 22:02:27 Last Seen2024-04-16 22:02:28 Times Seen1 Hash 73a8fdadae4dcd66639ff0e1ce3ed5b8 7c1c31ae7dc54ae1d51e991c625501b14834e969 a57e705d04b5e5843e87b7f58028e417ae6f44f6d032ed92ab1597fd718625cd Loading...

	paste.fo/unlock/d61eb46d1c22	578 B	2024-04-16	2024-04-16
Pretty URL paste.fo/unlock/d61eb46d1c22 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 22:02:28 Last Seen2024-04-16 22:02:28 Times Seen1 Hash fff2278c4cdbdb3f710db178cdd918b6 406b31b211fc7a06f8ab82a61b7c389ba93cf798 ba5493040096af211c67d48d96f76233b7c0ce2bedc5359ed9c41ceccdd09506 Loading...

	www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3	269 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 22:02:09 Last Seen2024-04-16 22:02:28 Times Seen4 Hash 01be51c00c03872ea9f548afb68612ca 8bd02c248aca623616fd33d38ad9e1c24dd5febb 1ee96c024c1d77cf868eb1770c38b912d86a0c7b46575d5dcf7ed5ddfb050076 Loading...

	paste.fo/unlock/d61eb46d1c22	1.1 kB	2024-04-16	2024-04-16
Pretty URL paste.fo/unlock/d61eb46d1c22 IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 22:02:28 Last Seen2024-04-16 22:02:28 Times Seen1 Hash e1b8efcc7dece3bd4be0c6f0629931e7 462a519d0dd03fffd0c1d227e1b92087a49008c1 82bcb29f03ec1c672fe69e426e984a8b56eef8070eb020be1382503aa13c86d7 Loading...

	u.paste.fo/script.js	2.4 kB	2024-02-20	2024-04-29
Pretty URL u.paste.fo/script.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 04:21:10 Last Seen2024-04-29 22:54:47 Times Seen653 Hash 8285978df55a18d7ba03a3106d4b28d2 3c69c6b6715afaca3b655fa3ea18e6c447a0956e 56e70678cbf7e8c157c423bac4d2872f3b384a1784f43b1126ae5e59fd45d144 Loading...

	js.hcaptcha.com/1/api.js	387 kB	2024-04-04	2024-04-29
Pretty URL js.hcaptcha.com/1/api.js IP 104.18.125.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 18:06:19 Last Seen2024-04-29 23:45:15 Times Seen1261 Hash 052bf4abb4128ef78b68c418f7d94678 2b6c44a8cc009017a2909c7afd71e371e82b7d27 01908359050da30c842f89d13af0447be961b00b67b46eb61114d1fa48f1bdc9 Loading...

	paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-04-16	2024-04-16
Pretty URL paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.28.76 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 22:02:28 Last Seen2024-04-16 22:02:28 Times Seen2 Hash 42f85f7d783f1c9d13e6d0160489a80f 2642ad1bee498e162a3ac4cbabfaf9da3b43756b 73e67566d93b841d1852093b8779d67fe56ae3c01ce6cae880a71e1a473bd30e Loading...

HTTP Transactions (30)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

104.17.25.14

200 OK

19 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (52276)
Size
19 kB (18752 bytes)
Hash
ded1c367363e8b20bdc6a19b8350a737
8c06d82739d14b094ff6d9036021a252bd1d985d
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 94216
expires: Sun, 06 Apr 2025 20:02:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLuDrRtE19ZqEyODZMWWLNf%2BUOhMCA3lU%2FeUNhQyy1sHJBqDNlAouHnmSgakmG8YMZcK8wq7ztHgaYkvxcqppXYcNpGBJJWwcnKIrvL03GjZXcxM1463wfYEtxpn0sWERBu1HWMh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8756c5460aa956c9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/node_modules/@sweetalert2/theme-dark/dark.css

104.21.28.76

200 OK

4.9 kB

URL GET HTTP/3
paste.fo/node_modules/@sweetalert2/theme-dark/dark.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (24342), with no line terminators
Size
4.9 kB (4917 bytes)
Hash
80b002261f8a746e3756d6883342252a
c8282deb8dfdcdf89ca54c6d6e34b23bc2beeb22
6b7dfdcc77e85a9db663a990f749d892c774f63254404cf2a72b312a8136bfd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/@sweetalert2/theme-dark/dark.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=30018
etag: W/"7542-614ce4ab9ead1-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3113
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x63d7ckJ7GK3WYQqogEpMmy4m5orysiQqIQrTR2SiOVEoHXv4uiPmeAE69QL51LJA0JLBZWac7qIpmONhdzaT16BsNqH9mQxTtp%2F%2B4CxSxRmsUmIqCRfD3sg5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545abef56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3

142.250.74.72

200 OK

93 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3
IP
142.250.74.72:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (3034)
Size
93 kB (93136 bytes)
Hash
01be51c00c03872ea9f548afb68612ca
8bd02c248aca623616fd33d38ad9e1c24dd5febb
1ee96c024c1d77cf868eb1770c38b912d86a0c7b46575d5dcf7ed5ddfb050076

HTTP Headers

GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 20:02:01 GMT
expires: Tue, 16 Apr 2024 20:02:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93136
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

js.hcaptcha.com/1/api.js

104.18.125.91

200 OK

110 kB

URL GET HTTP/2
js.hcaptcha.com/1/api.js
IP
104.18.125.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41625)
Size
110 kB (109624 bytes)
Hash
052bf4abb4128ef78b68c418f7d94678
2b6c44a8cc009017a2909c7afd71e371e82b7d27
01908359050da30c842f89d13af0447be961b00b67b46eb61114d1fa48f1bdc9

HTTP Headers

GET /1/api.js HTTP/1.1
Host: js.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: max-age=300
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 30 Apr 2024 20:02:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 8756c5462ab07128-OSL
content-encoding: br
X-Firefox-Spdy: h2

paste.fo/CSSvc159224e.css

104.21.28.76

200 OK

25 kB

URL GET HTTP/3
paste.fo/CSSvc159224e.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text
Size
25 kB (25013 bytes)
Hash
cfe9f25dd002714753a9d6897f9ab4d4
68b18cdb6f61484b7f3ae451f68fa5682000ff17
d48765742c91c9603746bd40af37786f9b351fdf106336a50d419aa05a5b56a5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CSSvc159224e.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 16 Apr 2024 20:02:01 GMT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLTZ8LnPRfD1iOm5xvaHORnXWTYLbadIIyGd7dLEtPacynxu2RYco7%2FYASLjcH6iTvebJNSJXLsBwLbE4dK21fbX%2BCKBlbYhrFtfI8QTXyYM%2BvAFKWipRjcDbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545bbfe56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.28.76

302 Found

0 B

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Tue, 16 Apr 2024 20:02:01 GMT
content-length: 0
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
access-control-allow-origin: *
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cWNlfwu6P5Ebxe2YE0XP%2FFCIqJoScpnCN5s4gka649zII0YU3ZSIFgjleM1FoaDPpCF4UtFWO%2F2wxd46xRZ7LqcU4R4y7Ls%2BHWu%2F1xgmETUk5vWJpSMAFeiCnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756c548d8b756c5-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 17:41:26 GMT
expires: Fri, 11 Apr 2025 17:41:26 GMT
cache-control: public, max-age=31536000
age: 440435
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/assets/svg/discord.php

104.21.28.76

200 OK

22 kB

URL GET HTTP/3
paste.fo/assets/svg/discord.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1557)
Size
22 kB (22295 bytes)
Hash
9e11d725232644a01452b56fe0fa8bcc
72bd4257388bceb963492b4e6c4a72cad7d3be96
99d543831ee87e57ca87d24cc16028b0e7784a41754b95ade07e069ef56ff8a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BbWuTbSPce8BQstmJdxutECaYS5zW2mR5y0Q3xg4DKeNoyp3zoySulpJ%2Fi1WSuZ2wEavAP8%2FhT3Q%2BuLDzMTAbcLOUF6YYwcHkLU66B3l8kGoTsPEAG8IvF9JEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545bc0056c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/twitter.php

104.21.28.76

200 OK

22 kB

URL GET HTTP/3
paste.fo/assets/svg/twitter.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1054)
Size
22 kB (22124 bytes)
Hash
cc846134fcb44b9037eedbe94d351335
02ee7a8c7cfb91ddb05a2d08e9335d408384ea49
b69cdc4a1472bc829f824efa2102ee740c0be093c77e6c935d08bf2347bc04a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/twitter.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tiCzqFLB1Dsq74SfHvgDnXIej6UAN%2F%2Bvt6bNSEDep6WqWYZdQcr4bfiFaNp0XGqyoF9ApDL4Ycgrn0z6NwdTxGyPVTuQqG3e73XaMA8ZRj0amum9%2BTLmgK1%2Brw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545cc0c56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/8756c543a9705691

104.21.28.76

200 OK

504 B

URL POST HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/8756c543a9705691
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
data
Size
504 B (504 bytes)
Hash
40fd45bcd10d1691fdb94d0b8a217bf5
2dbecfd597f228c25cbaac812258ff022d6e3dce
b98f332c0df016e580a88f40f060c73c0aeb48725424b81b2cab99af2cf515e7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8756c543a9705691 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12142
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc; _ga_HKXR34F8P3=GS1.1.1713297721.1.0.1713297721.0.0.0; _ga=GA1.1.510427163.1713297722
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/plain; charset=UTF-8
priority: u=3,i=?0
set-cookie: cf_clearance=Cirnxne3M6cc4UkE2VzwM0bByRlofijnx0BvcH_wR3M-1713297721-1.0.1.1-lMjREweshrq5Vsj.IqzPOMYkJ_9dp_0pnMTMkxW6c.KV6RWh1PejqWRzXgPmcLbA10Cpea9QMrBXN0kMBXE1.A; path=/; expires=Wed, 16-Apr-25 20:02:01 GMT; domain=.paste.fo; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N6CpOztQ0CdIhS0YU%2BBOkGuT5FnhEqmE4lFIJyImGqWxhM%2BLceOlW86t9xERp%2Fcth0MH2%2FSHiyF05geFZd54YSj5qY8MnhbgVPJPjGw30dHQ37yqy%2FbYEWeHzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c54a4ae456c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/favicon.ico

104.21.28.76

200 OK

24 kB

URL GET HTTP/3
paste.fo/favicon.ico
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
24 kB (24296 bytes)
Hash
cf593ad6a070c546ba238d5172b52aa1
9bed079538917ab59999ea26e8becca1cec74af8
d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc; _ga_HKXR34F8P3=GS1.1.1713297721.1.0.1713297722.0.0.0; _ga=GA1.1.510427163.1713297722; cf_clearance=Cirnxne3M6cc4UkE2VzwM0bByRlofijnx0BvcH_wR3M-1713297721-1.0.1.1-lMjREweshrq5Vsj.IqzPOMYkJ_9dp_0pnMTMkxW6c.KV6RWh1PejqWRzXgPmcLbA10Cpea9QMrBXN0kMBXE1.A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:02 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 20
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YOPh4dZCYwUzZ0SkEKNryFDZYKB7ujjSx2rkJkxSQ7UtdgxTFEb%2BdHM86z8G9ibONx%2BZt0wMxD3uRw%2B2HHzvmgIwpztL%2FUzw3fuQb8fDlucnXPNMURFwVz%2BrFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756c54adbb556c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/rum?

104.21.28.76

204 No Content

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/rum?
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1049
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc; _ga_HKXR34F8P3=GS1.1.1713297721.1.0.1713297722.0.0.0; _ga=GA1.1.510427163.1713297722; cf_clearance=Cirnxne3M6cc4UkE2VzwM0bByRlofijnx0BvcH_wR3M-1713297721-1.0.1.1-lMjREweshrq5Vsj.IqzPOMYkJ_9dp_0pnMTMkxW6c.KV6RWh1PejqWRzXgPmcLbA10Cpea9QMrBXN0kMBXE1.A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 16 Apr 2024 20:02:04 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8756c5585f3156c5-OSL
x-frame-options: DENY
x-content-type-options: nosniff

u.paste.fo/api/send

104.21.28.76

204 No Content

0 B

URL OPTIONS HTTP/3
u.paste.fo/api/send
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://paste.fo/
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 16 Apr 2024 20:02:04 GMT
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P2WmvT6LRJTAkOYBYE%2FLXMCWtZSmzgx7hQqxVNzXPmow4bQ7o86bo7bYrpHhOvQAx4Zwmh%2FzdjOMj5lScpcsyfBZGC52gj4nvlSPE6sP1OtCCHJOYItmSaKirytp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c5585f3456c5-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/rum?

104.21.28.76

204 No Content

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/rum?
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 508
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc; _ga_HKXR34F8P3=GS1.1.1713297721.1.0.1713297722.0.0.0; _ga=GA1.1.510427163.1713297722; cf_clearance=Cirnxne3M6cc4UkE2VzwM0bByRlofijnx0BvcH_wR3M-1713297721-1.0.1.1-lMjREweshrq5Vsj.IqzPOMYkJ_9dp_0pnMTMkxW6c.KV6RWh1PejqWRzXgPmcLbA10Cpea9QMrBXN0kMBXE1.A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Tue, 16 Apr 2024 20:02:24 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8756c5d95a3d56c5-OSL
x-frame-options: DENY
x-content-type-options: nosniff

paste.fo/d61eb46d1c22

104.21.28.76

302 Found

15 kB

URL User Request GET HTTP/2
paste.fo/d61eb46d1c22
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
15 kB (15290 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d61eb46d1c22 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 16 Apr 2024 20:02:00 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc; path=/
token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: /unlock/d61eb46d1c22
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WDf%2BbvpMTAh0Op8bwW09D0yQmYErPajos2jUTjmqeO4UmNp1NJ4faeYz5UyxzXXS5SJvCCwo1rvF0LScX5u%2BwD4HnP3LmUYIdezY%2BMGG0cviFu%2FdYrNWdqNpoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c542d8285691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/unlock/d61eb46d1c22

104.21.28.76

200 OK

15 kB

URL User Request GET HTTP/2
paste.fo/unlock/d61eb46d1c22
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1609)
Size
15 kB (15290 bytes)
Hash
502945d7b657a2a443f680f7c205d190
9533fefe8522a10714ef10eaf6b0696ee9103c5a
df9a7366c2b0a2210e3a16af2fe9630c398fc1dca945912e1aa039ab62978fe9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /unlock/d61eb46d1c22 HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:02:00 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQLer1XCyRugaAyY0%2FJ7PINi1BMV4dhSVJgnVUfN8awwCZ3k84ILaFBaMtfFz0oDrt%2BWB7gHSZaquNtgALrUz%2Bc%2FS%2Bx7SKn1o34Y0OtWAEUtUXJWtTIgKRb1CA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c543a9705691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js

104.21.28.76

200 OK

7.8 kB

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7818), with no line terminators
Size
7.8 kB (7818 bytes)
Hash
42f85f7d783f1c9d13e6d0160489a80f
2642ad1bee498e162a3ac4cbabfaf9da3b43756b
73e67566d93b841d1852093b8779d67fe56ae3c01ce6cae880a71e1a473bd30e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9cnkN8FpP2ZUeF5O3smJGd1%2BqKccXH8pKmEmqfz%2FDNw%2FUTCc8zeovvocq%2FyB19UoWE6SSD2Ri0zcWRcRlCQvVg6aTpoVwSBZVSr9k9IbZEbbZ1ZEDYfUHISf4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c549294756c5-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/style.css

104.21.28.76

200 OK

11 kB

URL GET HTTP/3
paste.fo/assets/css/style.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (10693), with no line terminators
Size
11 kB (10693 bytes)
Hash
a9579467f8b95bbcdbd6232105e6a253
df9b19ccebf1eca5fe14169881b132813919345d
22877d598e09dd9f8452f52a500181eae909e3f4aaa4d4c49e0b0b18cfbd60da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/style.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=15702
etag: W/"3d56-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3113
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cuiFziLCf2v02z5y1zGpbWDvNn57lHsHdD6x6jDuMH8QvvgH5HHJVbD2nM8irTkPLwL0p3d%2BgMQucsVe13HJryyaR84zoC8ugp3kz9keBbHyG%2Bcr9MiuULfpzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545abe456c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js

104.21.28.76

200 OK

43 kB

URL GET HTTP/3
paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42951), with no line terminators
Size
43 kB (42951 bytes)
Hash
f15be88a3c9bf40debcc080b125c7e91
4a636976285768dd43278f43d63ba5779f3f493d
8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3113
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17dVzfRWPQBs5NPZlrDmnsZtDCY3pWxelX01bowftZ0CMm8SkrtUN%2Fb%2BK2Wqmni7K7t6adu%2BpJw6iCNamcaYBSmYGXhVTQDNN%2FIkVq4GvzAw6Gcap6tqF4%2BipQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545bbf256c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

u.paste.fo/script.js

104.21.28.76

200 OK

2.4 kB

URL GET HTTP/3
u.paste.fo/script.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2496), with no line terminators
Size
2.4 kB (2423 bytes)
Hash
c7b7184df64285d4548b9eaa32a19509
ef7da84b4e6bd419d7afb62e99ab6461bdc3c8fb
bb0c244f2792bc3cb178f2e98d239be893d11443e142aafcb5c0c059b8483440

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script.js HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
cache-control: public, max-age=14400
last-modified: Fri, 29 Mar 2024 16:49:26 GMT
etag: W/"977-18e8b1dc16f"
vary: Accept-Encoding
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FQTQ1iaUeArKu9N%2F8q8ctHOlVsdBacGclaVSrZ6Sjcc51SlMYn4R45GCE%2FFmRrWtr5wCNTeibrCp%2B8SwB0CzA%2BL1vrzOghf9bcYfS0l10nqnNxlNfZywOgNI3Nhv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545cc1556c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/16582972MC5A4C4614430A4D4E5D1D0A54551C5B091E512F4D1A45402AM11850435551021E571F00515C5200535550070218505B5E.jpg

104.21.28.76

200 OK

3.0 MB

URL GET HTTP/3
paste.fo/16582972MC5A4C4614430A4D4E5D1D0A54551C5B091E512F4D1A45402AM11850435551021E571F00515C5200535550070218505B5E.jpg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
3.0 MB (2966147 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /16582972MC5A4C4614430A4D4E5D1D0A54551C5B091E512F4D1A45402AM11850435551021E571F00515C5200535550070218505B5E.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:02 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: MISS
last-modified: Tue, 16 Apr 2024 20:02:02 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RT45f5bbnj7B2tVdXbF9BykwBd7PxN1jAeofEP1J2qkpz3X56YGV1LIEiDJCbdK1EhgvGMn6dG89BzpXNFjpBwazj42tU5zIqi1Kj%2BpnmqKqslUNWt9TDTJsKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756c548784656c5-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/email.php

104.21.28.76

200 OK

577 B

URL GET HTTP/3
paste.fo/assets/svg/email.php
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (586), with no line terminators
Size
577 B (577 bytes)
Hash
3f774fd678c6e100c4d914d9afc0dc8b
bab6ac432d913ee0d99dae0a7caafcea559222bd
e7f5c890c6acb9078887bbeab309ff5771782edac2444c647126072427cdc336

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/email.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GZswc2ZzqyK050dMRq87bhE%2FXdpNUSyf06DEPk5IY5YfyE0rBU581hux%2BunMurpro4lfN0UuVyoYqPZsqDo4VtAVlBzOTHNj%2BeYWwryG7HONVWDqkRDByyx4PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545cc0d56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.106

200 OK

40 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text
Size
40 kB (40360 bytes)
Hash
fb9a01c247c59daca77d5e373217b0b1
df072c2f05f7e6884df927cf8b4d2144937b8cbe
f6ce0c3fb43d72007637cf61a13dc4c6a0cb1111d2f457dc1386008f83fe13c3

HTTP Headers

GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 20:02:01 GMT
date: Tue, 16 Apr 2024 20:02:01 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/26075BF5MC09111547440A4D49514F0F50524D540A1B2AM1026B16535D631C720B08131D531D060C07.jpg

104.21.28.76

200 OK

2.7 MB

URL GET HTTP/3
paste.fo/26075BF5MC09111547440A4D49514F0F50524D540A1B2AM1026B16535D631C720B08131D531D060C07.jpg
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
2.7 MB (2706563 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /26075BF5MC09111547440A4D49514F0F50524D540A1B2AM1026B16535D631C720B08131D531D060C07.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:03 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: MISS
last-modified: Tue, 16 Apr 2024 20:02:03 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w9KwaKsOfbzqYBp1grqjEIC%2B9aqqf6cWT4so1LJ27N5ikFxfyVG4RcmozBuhk8T%2BBekueMOd2zjdKqHhIoYal%2F9sCOftlqlRwWJqAx9Lqb%2BNQlPiyq6yr1nvQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756c548784156c5-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/assets/img/bg1.gif

104.21.28.76

200 OK

25 kB

URL GET HTTP/3
paste.fo/assets/img/bg1.gif
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (24898 bytes)
Hash
dcab8f9443952c7589be3e4db6072853
824ca8c921eeca604844d3f00d08691631199201
a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3110
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SSAbAd3KHD5nCLlv8e1o9K65KxLqRTp2L95P6RMk%2FWB7SOdJ9T0KmmHDJm8NV2JnQPCcN%2FawhwMPQMFpL7Wg2qyJDSS6HqEAiwqzH67lcysjwSwfmMU4diARcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756c548784956c5-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.28.76

200 OK

1.2 kB

URL GET HTTP/3
paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1271), with no line terminators
Size
1.2 kB (1239 bytes)
Hash
40d981045a7516cdadd00e8dccc9c58d
8b8d9a48c6b9d2fba596034ef5db3dd0f2f781c3
71c7d5fc630ff38080f71945be1e8b0c43140d8c25338056b752495e18739c0c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: application/javascript
last-modified: Mon, 15 Apr 2024 08:31:34 GMT
etag: W/"661ce5e6-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rgou%2BGrQ1ChlX7UzmxpzVGmrWGnWCOcUVRPQmDmT4Kc6uxIMzhYgg0Y6%2B2B1tvWiwRf9QFES9Zq6083snP0rpo5sbTyUyB7YjYgqmm853mtiGTgjSZeHtDcZbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756c545cc0f56c5-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 18 Apr 2024 20:02:01 GMT
cache-control: max-age=172800, public
content-encoding: gzip

static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

104.16.79.73

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19986), with no line terminators
Size
20 kB (19986 bytes)
Hash
dd1d068fdb5fe90b6c05a5b3940e088c
0d96f9df8772633a9df4c81cf323a4ef8998ba59
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

HTTP Headers

GET /beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Mon, 15 Apr 2024 22:09:58 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8756c5462dab5690-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

paste.fo/assets/css/responsive.css

104.21.28.76

200 OK

4.6 kB

URL GET HTTP/3
paste.fo/assets/css/responsive.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4570), with no line terminators
Size
4.6 kB (4570 bytes)
Hash
85e024d58588895496ff6e65f47a0484
ff6cb78df5ee61dffa425ace5283407ee562e4af
fd51897bd68e6bdf326bfb11b3580be32da026ab50c5e494677b202f93822877

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/responsive.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7512
etag: W/"1d58-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3113
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QjW1CLaua6oB%2BAPX9zTLDyBgD9SIV%2Bnq%2FBRP7DqkvRfID%2BRdfLmMSFXF5AB%2FeaztHaL4jNdu3xtIJ%2FqkOZSKMtKi1627CI4GbtSiHi6CWqZuobW%2BXkiPKXtIQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545abeb56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/cio.css

104.21.28.76

200 OK

1.2 kB

URL GET HTTP/3
paste.fo/assets/css/cio.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1152), with no line terminators
Size
1.2 kB (1152 bytes)
Hash
6a91b9352b213689c0432bb87eddb2ae
4a9beb1f3a827dee5a03a246a296fac2f3677165
5721962451086a4c469a6d1b1e4cc133f03c3ea0377916a91b45373463855620

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/cio.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1653
etag: W/"675-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3113
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lj5uBz32ZulQvL8t%2BBFrakzGJrZwXyGUnFSXqS1UgvANYN%2Fj3pEK9AGLK%2B47rkkyZsvGmdhBQGxO7s7hytkxgyhJV1ryZIJlDWvnrt9srhxIJpcVcSGf7n4Vqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545abed56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/user.css

104.21.28.76

200 OK

5.2 kB

URL GET HTTP/3
paste.fo/assets/css/user.css
IP
104.21.28.76:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/unlock/d61eb46d1c22
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5248), with no line terminators
Size
5.2 kB (5216 bytes)
Hash
7690e1f323bfc9cd0658b8355ec967ae
f6556ee7ace5044dcc0a5a8db6a4cc2b76dfcec2
2b878eddd32ef75f04d6923d6bc597d06e0f41d6988ef952edd17dfbacc6b849

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/user.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/unlock/d61eb46d1c22
Cookie: PHPSESSID=rqhvld5tujmu3kqgplmml92vuc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 20:02:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7053
etag: W/"1b8d-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3113
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2FDnQsVlmz3px3Uy9qMv6MmMO8LQbqVJQ2VUGBYVT93NTENPUFy4xgvRtfIZ6xXy%2FNvqmZr1dt1EzOTa2ofSYdMLfabeZ%2BIY3L2qf5L8D%2FMespfJkov2TO6VxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8756c545abe556c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL