Report - paste.fo/e632e022341a

Report Overview

Submitted URL
paste.fo/e632e022341a
IP
172.67.144.225
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-16 21:23:43
Access
public
Website Title
Untitled Paste | paste.fo
Final URL
paste.fo/e632e022341a
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
78

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
newassets.hcaptcha.com	11055	2018-01-12	2021-03-22	2024-04-15	3.5 kB	1.8 MB	104.18.124.91
u.paste.fo	unknown	2022-08-23	2023-05-13	2024-04-15	896 B	4.3 kB	172.67.144.225
js.hcaptcha.com	23463	2018-01-12	2021-07-30	2024-04-16	393 B	388 kB	104.18.124.91
api2.hcaptcha.com	unknown	2018-01-12	2023-05-02	2024-04-15	597 B	1.5 kB	104.18.124.91
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-04-16	482 B	20 kB	104.16.80.73
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-16	2.0 kB	226 kB	104.17.25.14
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-16	415 B	94 kB	142.250.74.168
paste.fo	unknown	2022-08-23	2022-09-02	2024-04-16	18 kB	11 MB	172.67.144.225
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-16	550 B	41 kB	142.250.74.74
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-16	1.6 kB	67 kB	216.58.207.227
api.hcaptcha.com	63834	2018-01-12	2021-07-31	2024-04-15	596 B	1.3 kB	104.18.124.91

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed
2024-04-16	medium	paste.fo	Sinkholed

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317	20 kB	2023-10-13	2024-04-29
Pretty URL static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 06:51:00 Last Seen2024-04-29 05:41:51 Times Seen28476 Hash dd1d068fdb5fe90b6c05a5b3940e088c 0d96f9df8772633a9df4c81cf323a4ef8998ba59 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101 Loading...

	unknown	247 B	2024-04-16	2024-04-16
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:44 Times Seen1 Hash 5d70dfb2c54e5d64be1584d21c57efcf 7de5eaa2b4618692b52b74e3078b6e3730ca98c9 f78f429569ed652a3fc22733e47a620d75c08e7d4d3bbd5f154e8517495b2194 Loading...

	paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js	43 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1358 Hash f15be88a3c9bf40debcc080b125c7e91 4a636976285768dd43278f43d63ba5779f3f493d 8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910 Loading...

	paste.fo/e632e022341a	153 B	2023-03-08	2024-04-29
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:41 Times Seen668 Hash 2bc0082aba5a35e515758023fa651be0 a8db1112fc735be0d64a64e864a52131f7eaf878 75367336210d6cc8328fad7ddbdcf9afaceae3dae97c2a2e6b95a6ae82d8bc1f Loading...

	js.hcaptcha.com/1/api.js	387 kB	2024-04-04	2024-04-29
Pretty URL js.hcaptcha.com/1/api.js IP 104.18.124.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-04 18:06:19 Last Seen2024-04-29 18:55:06 Times Seen1222 Hash 052bf4abb4128ef78b68c418f7d94678 2b6c44a8cc009017a2909c7afd71e371e82b7d27 01908359050da30c842f89d13af0447be961b00b67b46eb61114d1fa48f1bdc9 Loading...

	paste.fo/e632e022341a	220 B	2023-03-08	2024-04-29
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:41 Times Seen540 Hash 3db1e9a5b3900e6e537c9a3c37c3a710 ad5a93d1d63c4147ccea4e92c31e76ac33e48fa2 009775e1b19c7979e577f9eacfb2da159c57074b82eb7985b4fb0e31c28133f2 Loading...

	paste.fo/codemirror/mode/javascript/javascript.js	30 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/javascript/javascript.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1184 Hash b5bf8a874f93ad7109c420727888ad47 8d08219bc1257d5537a649cac713ef426158b9a8 4a0ab339997f3729a8eb6a08fca6574408918d1684eaee21760a438bbea82189 Loading...

	paste.fo/codemirror/mode/css/css.js	33 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/css/css.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1179 Hash cbeb7b6de8ada022149bfa4792e625ce 4f4f5c1bc7dfa002df676fa44ecd6d7294ba4c12 dea0ae84464fd019f70399964e19a94d9c27086aadb937e522e7a7862080132f Loading...

	paste.fo/codemirror/mode/htmlmixed/htmlmixed.js	4.3 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/htmlmixed/htmlmixed.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:41 Times Seen797 Hash 5b166a8ebd19d3f44d17bffea8cea4bc 2d24ccc2d3644c33c7cd3a665258cef67619084a 1a4d93f8e0244d90d6f22ce15075e1aac1186593de3ca438649b4df6f8ae3397 Loading...

	www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3	269 kB	2024-04-16	2024-04-16
Pretty URL www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:45 Times Seen2 Hash e308fb9323fef4a8bc9b8bd8ac42ac15 debffb5cd0cc5a4af8b3c6ea2b3d196ab150af56 ebf63a10094ece81b8dd21a9ec9b3f25a53a03aeb8c1c74c649c06342bd67318 Loading...

	newassets.hcaptcha.com/c/282d0ff/hsw.js	528 kB	2024-04-02	2024-04-17
Pretty URL newassets.hcaptcha.com/c/282d0ff/hsw.js IP 104.18.124.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 21:03:12 Last Seen2024-04-17 22:23:44 Times Seen557 Hash f593c8f46e9cb4a93e13a33ec29e7214 40817a1a4bc1e5418a8cba7ecfcd5d10e5dd6e5c e9299541a3837fefdaa7e596c82626eb26d5774273b13a2590cb4a71845880f5 Loading...

	paste.fo/e632e022341a	733 B	2024-04-16	2024-04-16
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:44 Times Seen1 Hash 477238c8df0a90948a00460f5c90add1 35a157fe433627832dadc20eb88c2d7f3fedf6a3 08a006876ea29d03af455cdce1e5c851e0635f7aa327b19f56ba45509aff1261 Loading...

	paste.fo/codemirror/mode/python/python.js	10 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/python/python.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1178 Hash 0f85fa739faa6c58233a3576fa0bd324 d9abf35ff26170be2399e4432785ac152ddd711d 08c699cbbadb7aafb466ebb10da8b506cd3af41f400279eafcb7ef95b8d02839 Loading...

	paste.fo/e632e022341a	41 B	2024-04-15	2024-04-29
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-15 19:00:59 Last Seen2024-04-29 03:20:41 Times Seen32 Hash fc5ec70728b67fef1beda411a2dd4ac4 e3a31d47dba6df1816efa917e4b81bd617ceae31 2f73cfc279bfbb2dfcc459b03a6e121a1cf25616d027f3aa0c13ff5e0fbe764c Loading...

	paste.fo/e632e022341a	751 B	2024-04-16	2024-04-16
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:44 Times Seen1 Hash 02b11049d37da1e28e050ffa549ef3d6 557e36303278753568dcdb006e2e0438f7dbc528 8f76a83b296b45800b14e37bc77b73241e600cfe4d5e828a93c3b06ce54b2988 Loading...

	paste.fo/codemirror/mode/xml/xml.js	9.6 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/xml/xml.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen745 Hash 3e37a737221f3057bb62d1736573f38b bf16c6b34152dfb151dcdb344ce4045174ffdf03 19d4307c9eb14112572604815e03c05ea17ed64dcb7015838cf755ee585fcb37 Loading...

	paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-29
Pretty URL paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-29 20:44:56 Times Seen55401 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	u.paste.fo/script.js	2.4 kB	2024-02-20	2024-04-29
Pretty URL u.paste.fo/script.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 04:21:10 Last Seen2024-04-29 03:21:41 Times Seen650 Hash 8285978df55a18d7ba03a3106d4b28d2 3c69c6b6715afaca3b655fa3ea18e6c447a0956e 56e70678cbf7e8c157c423bac4d2872f3b384a1784f43b1126ae5e59fd45d144 Loading...

	unknown	48 B	2023-04-11	2024-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:45:29 Last Seen2024-04-29 18:55:06 Times Seen18990 Hash 43d643e449b4ea13394fe737b1d6a447 1c03d56d955fd266d7659379e63d5711bd5382db 4817661f6ac7d2e1691bc3aeb9966e66012891ccda569ff872dc0932010c540d Loading...

	paste.fo/codemirror/mode/shell/shell.js	3.9 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/shell/shell.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:41 Times Seen778 Hash ef6669a00f0ae004bf997e217fb0a09f 7fba87e2f140eea0bfb39b10eb34ffb2471a1e2b a76146be8ce9aee15409c7f15625f1922d554e43cbcd5c9503aa544d9eb598eb Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-29
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-29 20:56:04 Times Seen263279 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	paste.fo/e632e022341a	707 B	2024-04-16	2024-04-16
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:44 Times Seen1 Hash ba66ee9ce1b479d84c4a5b2eaa8cd41a 540295828cfaaa3d8d3ab5b5685d7c3a49430ee5 c898ef9bbabc20afcb8e13bf89fa3202d44a437b2ca0153c3cb31f716b3d3b42 Loading...

	paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-04-16	2024-04-16
Pretty URL paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:45 Times Seen2 Hash ac911f80f41473fe03398e0873e63805 747b5eb275d6972cd873e7c6838af5b72edbbdc8 4b506718af9b5d9a0168ca405ca465913a31fc4366b138c096195baaefbdbbba Loading...

	paste.fo/codemirror/mode/clike/clike.js	28 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/clike/clike.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1181 Hash 2b5341f353f5cb58026ebb1b6f047842 1bdda948cdf3b6c9644d8d07cc74c8aaef330f64 c0e7c4989a015e232a497a9b28e5c0fbb2558066ac52a6339ad59d3d924a0d3e Loading...

	paste.fo/codemirror/mode/sql/sql.js	50 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/sql/sql.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1176 Hash 3cdc1020173551b4420eaf86ba005542 b8d24d2ff67841845091e27077fb018dfd90dfcb 319f94b54817677bb7cb4b39e3c1188b7036b60f6e83d7fe4dffcedda4244713 Loading...

	paste.fo/codemirror/mode/php/php.js	16 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/mode/php/php.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1179 Hash 435c5cc4f876bcb6369acfccba865995 a65908ec04cd4f6907098d22702320c7f88e725e 1ece120c4b6f866fc0f6a32b7a031709a76d3a192025fdef0931a52953f489cd Loading...

	paste.fo/e632e022341a	584 B	2024-04-16	2024-04-16
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:44 Times Seen1 Hash 20af588b6e0732a2d61206d3289b0f37 c9e5a920ebc8e5903f04a4f4ab2ed7218cb59e5c 78ed6a9253d1adf8e0353c709bbf4161ff488579de151d6286279dded7686def Loading...

	paste.fo/codemirror/lib/codemirror.js	262 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/codemirror/lib/codemirror.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:42 Times Seen1182 Hash 9775b8d7cc0bda6b762fcef0f617a5dc 42c642c7a6c070207773fd5ef00310ed4ef8380f c6f3c3f85b438110a153601b764ec02d90a4899c37e7699e9187c01fe5b96c45 Loading...

	paste.fo/e632e022341a	362 B	2023-03-08	2024-04-29
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:41 Times Seen523 Hash cc410e71e4e11ef150fc0b841e53a779 40fe8f68130bf0d500f779f7be6504a90d0b670e b2eeea9c303e9ed86aad00cf3f5224a2bcb03dbec9db3139d1b1c267b27457cf Loading...

	paste.fo/e632e022341a	1.1 kB	2024-04-16	2024-04-16
Pretty URL paste.fo/e632e022341a IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 23:23:44 Last Seen2024-04-16 23:23:44 Times Seen1 Hash f935b64a4dc85e6819c2a47f4f893240 24bed628ba73156e7dd31cdc07b95da6a28fb223 ef06b8fe610338dc85b6e5707d279559e9cbe9d49d2a7637176fc929ba4b9dd2 Loading...

	paste.fo/assets/js/hyperlink.js	1.0 kB	2023-03-08	2024-04-29
Pretty URL paste.fo/assets/js/hyperlink.js IP 172.67.144.225 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:42:02 Last Seen2024-04-29 03:21:41 Times Seen661 Hash 754527075e7f43e5b376a6879d591ad3 019edc8ec844b25f28c0049c56aa09c5cc0a5121 d5ff35dd76c5fa9ebfe3b89012a8dd40e85a89ee50f4f85623d338f0514e15d4 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d41d8cd98f00b204e9800998ecf8427e	0 B	2023-03-07	2024-04-29
Pretty Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-29 21:09:03 Times Seen37189805 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (59)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2828102
expires: Sun, 06 Apr 2025 21:23:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fYbOyMZ8q%2F0nBRwhfz0IVbxxkfl4Y6Mnb9A6REi%2BSCMhkEZqSb2TTwBdexlmOyD6sGF9hS7%2Bf84W%2FAy2%2Bysku%2B682GwWWwqOFQlyddoJEHN3sP7kwfzzduITqmHEyezTA0Dh%2BD4R"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87573c463bb1712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css

104.17.25.14

200 OK

19 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (52276)
Size
19 kB (18752 bytes)
Hash
ded1c367363e8b20bdc6a19b8350a737
8c06d82739d14b094ff6d9036021a252bd1d985d
1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css; charset=utf-8
content-length: 18752
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "6421d693-4940"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 99090
expires: Sun, 06 Apr 2025 21:23:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFjXzVUpLuueG3kQK2hpQ05Md08d13RgGKDvXf0BzglsDT%2Bkzb0pRfegScolkj386tmcKe6M8FLD%2FXxg8JKgdlG%2F6rUiUmMZfrAXuSf36TnHvBkHHJhxx94islwO76cKDFzuhXDS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87573c462bb0712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3

142.250.74.168

200 OK

93 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-HKXR34F8P3
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (3034)
Size
93 kB (93147 bytes)
Hash
e308fb9323fef4a8bc9b8bd8ac42ac15
debffb5cd0cc5a4af8b3c6ea2b3d196ab150af56
ebf63a10094ece81b8dd21a9ec9b3f25a53a03aeb8c1c74c649c06342bd67318

HTTP Headers

GET /gtag/js?id=G-HKXR34F8P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 16 Apr 2024 21:23:15 GMT
expires: Tue, 16 Apr 2024 21:23:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 93147
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/assets/svg/email.php

172.67.144.225

200 OK

2.1 kB

URL GET HTTP/3
paste.fo/assets/svg/email.php
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (576)
Size
2.1 kB (2074 bytes)
Hash
228beb59530af110cfac760f33b0868d
4c6909e4a1939dfccf4e38d430a39855d35bab47
779ff7dada730e034b90d2a74d93fc1fc74f332819bce6d98d81f4d42762e37c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/email.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXVPaL8%2BDZ%2B%2Bywx0z3skc2mpotcxmpbj7v0p486Ndiz1svgk%2FdQAst%2FqF6t8Gec3fyud%2B0Lsm%2Fl3SFeqJb5IVseHmp4%2BccTCYNYTFEPR%2BttP83ZU9%2FL8Eu%2F7Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c463940569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2

104.17.25.14

200 OK

150 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 150124, version 772.256
Size
150 kB (150124 bytes)
Hash
c64278386c2bbb5e293e11b94ca2f6d1
6b99aa650bd12a36caa14e0127435d8f4cd3ba73
7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150124
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-24a6c"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 95979
expires: Sun, 06 Apr 2025 21:23:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S32AZSsc%2BnTnGLg2VEMGd3ffzfgDK5ooaOowa1sDo7Vf6PCo%2BQJGAIOv1AfBkZ4rO6xvqR8rkCc6VHuJ5sZd1D81Enw0HCJ%2BI%2FYavWcSLA5YoqblnnrCNsTu8BQHxUwzgLO6meV1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87573c4a2a21712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2

104.17.25.14

200 OK

25 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 24948, version 772.256
Size
25 kB (24948 bytes)
Hash
61f30b79daf5b31f0d254a31fba66158
fb363d27cfdfe71a243fa2ac3dab2815232b9b7e
8e7e5ea1b15f62ab14dbd41768e8fbcd21cc859a4ea5da812457ee714299fb35

HTTP Headers

GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 24948
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "6421d693-6174"
last-modified: Mon, 27 Mar 2023 17:46:59 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 99569
expires: Sun, 06 Apr 2025 21:23:16 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w664WeIw9Uo4U1r%2Bn3YMRt3amJHz%2FFkY56hmI%2FnRP%2FjrQnmtZdRw7pH8gkQTAJ1AFYwxWH0pkW5R1Do0kE9nJyYcJ4afPWeywC48oIbJCd6fu7jrY8lU3Wd8GFhdNRmF6Xs5eXiR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87573c4a3a3f712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/assets/svg/thumbs-down-regular.svg

172.67.144.225

200 OK

1.3 kB

URL GET HTTP/3
paste.fo/assets/svg/thumbs-down-regular.svg
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1285 bytes)
Hash
474a2e020269034a296989b87f4c7833
5a4f05d10c284d86bd395bd1ee9ea783ce7aeea2
d978602a2ebecea81d86f2664b8919dbeaa3c3904513eec9e940b0e08b8f9c73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-down-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5f1-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pScP8mdQmbOGW32Tp0bPVw730mjvK2frkS3POMkaFjpkJq14IKJpxeW04xtZ9MC%2BfdOJ0Whl0EX8P8kVfixsPFWujsEs7I9VFj8hWJe1FRxCSh0c6iXNjhhkpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c46393c569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/sql/sql.js

172.67.144.225

200 OK

15 kB

URL GET HTTP/3
paste.fo/codemirror/mode/sql/sql.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (43375)
Size
15 kB (14901 bytes)
Hash
3cdc1020173551b4420eaf86ba005542
b8d24d2ff67841845091e27077fb018dfd90dfcb
319f94b54817677bb7cb4b39e3c1188b7036b60f6e83d7fe4dffcedda4244713

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/sql/sql.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=59538
etag: W/"e892-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vRTOzZV9lhHoLMX2BscexyNEvdnFwKED9suCikZfXWF0bfPBhkhZkew6ve7yA6tUd8vNhKex4kkSfcdgkP%2Ftl%2B%2B2kFYBW5c2MPIeI1%2BcbpMBXAHOQjfgWD%2Fj9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c462928569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 17:41:26 GMT
expires: Fri, 11 Apr 2025 17:41:26 GMT
cache-control: public, max-age=31536000
age: 445310
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 17:41:26 GMT
expires: Fri, 11 Apr 2025 17:41:26 GMT
cache-control: public, max-age=31536000
age: 445310
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2

216.58.207.227

200 OK

22 kB

URL GET HTTP/2
fonts.gstatic.com/s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21528, version 1.0
Size
22 kB (21528 bytes)
Hash
6113a25a586aeb6d0d3af5b5b652b973
25619eeae1fe17389310e4d392c427b7711dba44
539bdb4bd9bb71c694451bbf2d5d7c0b2849e3584f0b50be3588a07605d3337f

HTTP Headers

GET /s/sourcecodepro/v23/HI_SiYsKILxRpg3hIP6sJ7fM7PqlPevW.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21528
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 11 Apr 2024 17:41:26 GMT
expires: Fri, 11 Apr 2025 17:41:26 GMT
cache-control: public, max-age=31536000
age: 445310
last-modified: Wed, 13 Sep 2023 23:21:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

paste.fo/codemirror/mode/shell/shell.js

172.67.144.225

200 OK

1.5 kB

URL GET HTTP/3
paste.fo/codemirror/mode/shell/shell.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1184)
Size
1.5 kB (1539 bytes)
Hash
ef6669a00f0ae004bf997e217fb0a09f
7fba87e2f140eea0bfb39b10eb34ffb2471a1e2b
a76146be8ce9aee15409c7f15625f1922d554e43cbcd5c9503aa544d9eb598eb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/shell/shell.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5383
etag: W/"1507-614ce4aba2950-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gfdqI2EjyOTe3bco7GSgtK0nhDqa5yYpE%2Fx5K7d%2Blz1m0HQrlmxmUk8AkOZENYZX%2BBwLjSu9frGTGEgNM59%2BMImrM8W9zx4eF93bWUx1yJdXsNIrWSkH5IelgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46292d569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/img/bg1.gif

172.67.144.225

200 OK

25 kB

URL GET HTTP/3
paste.fo/assets/img/bg1.gif
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
25 kB (24898 bytes)
Hash
dcab8f9443952c7589be3e4db6072853
824ca8c921eeca604844d3f00d08691631199201
a1a2a8e83029575fa6afde2c7b946fd3d98407fccf673c587aac398cd2fc8cef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/bg1.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: image/gif
content-length: 24898
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "6142-614ce4abce86d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 731
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BQrGmmq2e9wOuqXTv1%2FwxUxnQDIvww%2FZU21S7wi4hfX9fe81Wk6Wib1LHluuNAEgbAR5czgCNjvywfcr3yjBw7BGoHswUybrx2YCsZHI7Y61nbo7%2Fzrn%2BuCpxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c49fd97569b-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/assets/img/pepelove3.gif

172.67.144.225

200 OK

13 kB

URL GET HTTP/3
paste.fo/assets/img/pepelove3.gif
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 32 x 32
Size
13 kB (13284 bytes)
Hash
f1a434c811d30b8b6788e405852e4c4e
6b2bbfb235c402d3e639153d01e81ab853cc98ee
82c1399efadd5cf21a02fa0aff28d46651d00b847f1244ae2cee34b07a836243

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/pepelove3.gif HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/assets/css/user.css
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: image/gif
content-length: 13284
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: "33e4-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 560
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OH0NGpzaY0TFaqic%2Fx71JPl7yIeDhcIEijQR%2B0hn%2BMJWg5Y5n2roAIMuzaYuF%2BlRAZS%2BKNBxNcerkBipe8m%2FGd%2BgZpPXiayPvgs19TYHnVQB1uVi1KFUOp0Ipw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c49fd9d569b-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/clike/clike.js

172.67.144.225

200 OK

9.1 kB

URL GET HTTP/3
paste.fo/codemirror/mode/clike/clike.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1704)
Size
9.1 kB (9097 bytes)
Hash
2b5341f353f5cb58026ebb1b6f047842
1bdda948cdf3b6c9644d8d07cc74c8aaef330f64
c0e7c4989a015e232a497a9b28e5c0fbb2558066ac52a6339ad59d3d924a0d3e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/clike/clike.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=37231
etag: W/"916f-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEraGmc3a44TsW6so%2FWpdWKAImoU%2BlheDBGkSQ9jajtENdOdk1seVhqvXeXXWVpQADSxC%2F7JoWcE3Ta7Cc5HnCi00vsplT9LgJG9jSopFbc1PvxZwEqpLlRlUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46292e569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html

104.18.124.91

11 kB

URL
newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
IP
104.18.124.91:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1165)
Size
11 kB (10840 bytes)
Hash
3d1f28caf6c2bab68e6f70fa0952e46b
626164a4b3ef5da55c2d6c2b6f89e271dd622767
e1308539d9ae9c8c04a21cabd5bc4ffba8436c143b32c4fcd6329beb38d25118

HTTP Headers

GET /captcha/v1/b1c589a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 30 Apr 2024 21:23:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4b6f1cb4fa-OSL
content-encoding: br

paste.fo/assets/svg/thumbs-up-regular.svg

172.67.144.225

200 OK

7.1 kB

URL GET HTTP/3
paste.fo/assets/svg/thumbs-up-regular.svg
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
7.1 kB (7059 bytes)
Hash
16edbe83aaa9c8b1f0dae88e622e97cb
49c1e9c26f6db1c4c768e72dfbbf231a0e6fd237
3c1e8bd2dd9e8b3935c601e8bb4fc3f90ee85359acabded24b7f943b9fd1c65b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/thumbs-up-regular.svg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: image/svg+xml
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"5d9-614ce4abcb98d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TKam80W3ou8hoYNg%2BacGA5vwC49E6kr2gMA9z%2BOO%2F3dJRuqhqxvs2lh7KhONhM9ikK3hKw8W9SQdEtdGUGkjdIIbBd65%2F98SO3OioVPay5PTYHYIpYmcqAMRCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c463939569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/rum?

172.67.144.225

204 No Content

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/rum?
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1028
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb; _ga_HKXR34F8P3=GS1.1.1713302596.1.0.1713302596.0.0.0; _ga=GA1.1.185787282.1713302596; cf_clearance=vjqYbmUqxTs.y_SJZWnHAIZN8cCX3PbfV5w7nC4V80o-1713302596-1.0.1.1-X4REgbY7v8YlC_NgE8m8qIxmlLJQJ9UB231vyHMwRE5suE8VapZ34suRR.rRSRYM.eUMLlY6DUtwvF3cSAAGYQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 16 Apr 2024 21:23:16 GMT
access-control-allow-origin: https://paste.fo
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 87573c4efafe569b-OSL
x-frame-options: DENY
x-content-type-options: nosniff

u.paste.fo/api/send

172.67.144.225

200 OK

0 B

URL POST HTTP/3
u.paste.fo/api/send
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /api/send HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://paste.fo/
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Tue, 16 Apr 2024 21:23:17 GMT
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
access-control-allow-origin: *
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
vary: Access-Control-Request-Headers
access-control-allow-headers: content-type
access-control-max-age: 86400
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nX%2F2UzUiaKaXVWkYcutD0b6sTXAVNjSdKit%2BZLVVq1DzQBt8uE9%2B41GOLgi6MoCbkBOZoe3u%2BmP2zwetyJGhXeN%2FSjYTp1KlW60gYcHKjfptfNKbOlB9iPadnBji"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c4efafc569b-OSL
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

172.67.144.225

200 OK

6.8 kB

URL GET HTTP/3
paste.fo/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
6.8 kB (6823 bytes)
Hash
106f5d222cd354e1dc0bbd4be4acffce
66398e16546bca8b9d1dab0708301a13a696eb66
61401d2d122e93ab14927eafa1553135f909c35a1bb7b4ff0803433eb2035fd7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
last-modified: Mon, 15 Apr 2024 08:31:34 GMT
etag: W/"661ce5e6-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2a%2BuWZfFx7l9FdGAjgaW13w8NkgH1aAwVPH1ltIHsB3Hhjatd1y1FBY8u32VZx%2B3I43fkWii%2Bm0gAeg%2B5bL5WnQKmmEPZOfo4h3UAjyAKcDkufMARr6EVKWSCA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c464947569b-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 18 Apr 2024 21:23:15 GMT
cache-control: max-age=172800, public
content-encoding: gzip

paste.fo/A38214F5MC5E411016435C4C1F501D5C5257480057AM4E0761330F7828091A3106131A035E04.jpg

172.67.144.225

200 OK

8.1 MB

URL GET HTTP/3
paste.fo/A38214F5MC5E411016435C4C1F501D5C5257480057AM4E0761330F7828091A3106131A035E04.jpg
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
GIF image data, version 89a, 800 x 200
Size
8.1 MB (8080286 bytes)
Hash
fd71755ac7ac9de86c9ffde245fc7bf7
259451c671d8fd3af0c2109c6c250879ac85eb5a
8189bde865adb58c5234f9e595f190c0eaf5875f4877027c1dbfc5d481adc9b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /A38214F5MC5E411016435C4C1F501D5C5257480057AM4E0761330F7828091A3106131A035E04.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
cf-cache-status: HIT
age: 598
last-modified: Tue, 16 Apr 2024 21:13:18 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ojPRc5WeNqmfRQxEYtX2PAJEdUl9B%2F8X8s0VMVZnJFOTJFndJ8xaz2AH8saK8gRw%2BEsM0NhRyaGCQajOb4nWjhNKep%2FT1j1sermnAf3N%2FnsmJBCI8tar3vryw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c49ed95569b-OSL
alt-svc: h3=":443"; ma=86400

api.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0

104.18.124.91

200 OK

718 B

URL POST HTTP/3
api.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=1srbo0z9uby&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (734), with no line terminators
Size
718 B (718 bytes)
Hash
3cec97b6af623973305e392b42c90056
bce4362b25199e3066797bca8f4d54d557dd73e4
0be94e5ab240755ad905a6e018194dee355dbc564190bcab271dbab767eb7b7a

HTTP Headers

POST /checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4edb8db4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

u.paste.fo/script.js

172.67.144.225

200 OK

2.4 kB

URL GET HTTP/3
u.paste.fo/script.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2496), with no line terminators
Size
2.4 kB (2423 bytes)
Hash
c7b7184df64285d4548b9eaa32a19509
ef7da84b4e6bd419d7afb62e99ab6461bdc3c8fb
bb0c244f2792bc3cb178f2e98d239be893d11443e142aafcb5c0c059b8483440

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script.js HTTP/1.1
Host: u.paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
cache-control: public, max-age=14400
last-modified: Fri, 29 Mar 2024 16:49:26 GMT
etag: W/"977-18e8b1dc16f"
vary: Accept-Encoding
cf-cache-status: EXPIRED
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k2BO3wSsX0hYfL9eYXlRGXbukPiJOb72ce0frn%2BGc7J7FxacTazLgR4JKCVmj%2Bdij28cjuLpx5pSwEJZLpyNMxYQ%2B7ODjAwP5%2FpfXtHRQopCeOKVdY1msGaYY8Wn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46494e569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/lib/codemirror.css

172.67.144.225

200 OK

6.3 kB

URL GET HTTP/3
paste.fo/codemirror/lib/codemirror.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6275), with no line terminators
Size
6.3 kB (6275 bytes)
Hash
2562bc2e52c5852b18e87ec08978ba49
54c7e49460f3235492050057453609fedcc01e09
73d08a4fac48937ec5ce812b154c088351783009eba0c22644ec91ef9a0c0ff2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/lib/codemirror.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8720
etag: W/"2210-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L2pFK%2BUzN60LZj8VNnKScenPDyWlccQsHSjOCzsXLV2GHUPv5MaZMPaF02pfIiKnyHioWeq7a95Nwr457FPDGs0ZRTr2XFVMigqyaGhZvQLFNwo9%2Fx9eWBmw5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46291c569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/CSShcb6538f91a56.css

172.67.144.225

200 OK

175 B

URL GET HTTP/3
paste.fo/CSShcb6538f91a56.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
175 B (175 bytes)
Hash
074976d7b395661c4303a4f8a6a3e7b8
92c39e4427689dcc99fb7bd90d114ebd2e6d2d81
3c5329236a38701def552b9fafc95575b12d203cb53be6b910e0111c3fd7fc51

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /CSShcb6538f91a56.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Tue, 16 Apr 2024 21:23:15 GMT
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xc0mVNQ6g%2ByzOCGHgcblUQ4FpIxPFXO8ccBwaOCv%2BziZCbrYpUvRddeWDiyKo6dqbIdIJo1Kv2x8RSYwqD7XlP5r9tV4%2BWLTYbWEnwYlAhYJlZ7FYUpVzPbkTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c463936569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html

104.18.124.91

200 OK

1.7 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1768), with no line terminators
Size
1.7 kB (1725 bytes)
Hash
825c2f21a9a22bd9911e6686ced37ded
74f703bdafeabb1aad6a04b073d1745298c111dc
0624e04628b8b0d5f77b594b9ef1408296a1774109a47d7c1ac402e1d2636350

HTTP Headers

GET /captcha/v1/b1c589a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 30 Apr 2024 21:23:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4b6f1db4fa-OSL
content-encoding: br

paste.fo/68275484MC5F4742111658491A5A480D5D524C434AMD505F0B4E43360E445168491C520B00.jpg

172.67.144.225

200 OK

2.2 MB

URL GET HTTP/3
paste.fo/68275484MC5F4742111658491A5A480D5D524C434AMD505F0B4E43360E445168491C520B00.jpg
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
2.2 MB (2222157 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /68275484MC5F4742111658491A5A480D5D524C434AMD505F0B4E43360E445168491C520B00.jpg HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: image/gif
cache-control: public, max-age=14400
x-wp-cf-super-cache-cache-control: public, max-age=3600
x-content-type-options: nosniff
cf-cache-status: HIT
age: 650
last-modified: Tue, 16 Apr 2024 21:12:26 GMT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pOEuWh7UWicUO3FIUhAOHjSpwmtiPuXk%2BH%2F8zFb0VAIZS20OBPRNM6AH6xTg%2B8fn7pbX5kLVgMaq8qc1GX4fD80Jcvd0nCOplee4RF11MQsedhdQeO6nKEGc3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c49ed8c569b-OSL
alt-svc: h3=":443"; ma=86400

js.hcaptcha.com/1/api.js

104.18.124.91

200 OK

387 kB

URL GET HTTP/2
js.hcaptcha.com/1/api.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
387 kB (387091 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1/api.js HTTP/1.1
Host: js.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: max-age=300
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 30 Apr 2024 21:23:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
server: cloudflare
cf-ray: 87573c466d86b511-OSL
content-encoding: br
X-Firefox-Spdy: h2

paste.fo/favicon.ico

172.67.144.225

200 OK

15 kB

URL GET HTTP/3
paste.fo/favicon.ico
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
Size
15 kB (15340 bytes)
Hash
cf593ad6a070c546ba238d5172b52aa1
9bed079538917ab59999ea26e8becca1cec74af8
d19e9b6b10d3890ef6cffdc76821fca266f2c0db6c653ffe16b5984a200a4015

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb; _ga_HKXR34F8P3=GS1.1.1713302596.1.0.1713302596.0.0.0; _ga=GA1.1.185787282.1713302596
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: image/vnd.microsoft.icon
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"3bec-614ce4abd368d"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4894
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ILLM4HhxvHisxXvsL6njsGvI9ps4RVweE3Xt2W06UW6PzHS4wT%2Fy0%2F5tAqrzj8CF3APuF%2FCIKOe3zI6%2BXwkM9EnS5o3tsDGRbTXXBveTdhXh6dToHf9mbfIFcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c4c683f569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/87573c43edcfb51d

172.67.144.225

200 OK

0 B

URL POST HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/jsd/r/87573c43edcfb51d
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/87573c43edcfb51d HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12135
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb; _ga_HKXR34F8P3=GS1.1.1713302596.1.0.1713302596.0.0.0; _ga=GA1.1.185787282.1713302596
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: text/plain; charset=UTF-8
priority: u=3,i=?0
set-cookie: cf_clearance=vjqYbmUqxTs.y_SJZWnHAIZN8cCX3PbfV5w7nC4V80o-1713302596-1.0.1.1-X4REgbY7v8YlC_NgE8m8qIxmlLJQJ9UB231vyHMwRE5suE8VapZ34suRR.rRSRYM.eUMLlY6DUtwvF3cSAAGYQ; path=/; expires=Wed, 16-Apr-25 21:23:16 GMT; domain=.paste.fo; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FC8%2F22yU2P4fzNsY%2BHxOgg8TU2ygVX5Qc0yzA9H7YfcYh5mPREj%2BCrllb5SgwSbma2EYcT%2B21En%2FOjL3TpfRVZ%2BgEuSWROirIQtuO1NoKn5J%2B6Z8Wutv4eYZHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c4db9be569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/282d0ff/hsw.js

104.18.124.91

200 OK

528 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/282d0ff/hsw.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0gyfowjxufdi&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
528 kB (527636 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/282d0ff/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:17 GMT
content-type: application/javascript
etag: W/"f593c8f46e9cb4a93e13a33ec29e7214"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 21 May 2024 21:23:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4f4c0db4fa-OSL
content-encoding: br

paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.144.225

302 Found

7.9 kB

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type

Size
7.9 kB (7887 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Tue, 16 Apr 2024 21:23:16 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sfEx3wgNDlNslf5lc7uL%2BbVUy1miBSOoOm0%2FEs0y3amKxtjd0VpJWZ2tDYbvkd0ZJXqnKkaJmdh1iwYSETl2V44novdqmIXvYGSpHnbqc0Eb9X2kKMHdI7ZdOw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c4bdfbe569b-OSL
alt-svc: h3=":443"; ma=86400

api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0

104.18.124.91

200 OK

718 B

URL POST HTTP/3
api2.hcaptcha.com/checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0gyfowjxufdi&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (734), with no line terminators
Size
718 B (718 bytes)
Hash
cff7e0e0015416efba3b82c3e776af68
c2e16b89272ddd6bb3c7353641f42b2f71b32ecb
b4e03695118c38c4de149e0785fdf204894dc4569f5767199202b02fa512d8e7

HTTP Headers

POST /checksiteconfig?v=b1c589a&host=paste.fo&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&sc=1&swa=1&spst=0 HTTP/1.1
Host: api2.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://newassets.hcaptcha.com
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cflb=0H28vk2VKwPbLoawFj9mU2fhedYxxWRCxCRGQ1H4QEh; SameSite=None; Secure; path=/; expires=Tue, 16-Apr-24 21:53:16 GMT; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4edb8fb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/twitter.php

172.67.144.225

200 OK

1.1 kB

URL GET HTTP/3
paste.fo/assets/svg/twitter.php
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1064), with no line terminators
Size
1.1 kB (1055 bytes)
Hash
52ada42cb5438b7b0421018fd75f361e
d5e00f0d91ac0e644fa97b585fa704764276830b
5814970c931c847c4acc7c25ce39b1f9abbed82f7642c2da34a93f895d875746

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/twitter.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B8xuQeg8YngBae1fecAXwaIwk848PWhDbwMh5mL%2Bk1wQCyOuBFcGKAM1%2B0MYmg3MmPBh%2FplSj2I1OyjfNnMxc4BeN1bnSxX5zBrrCqs%2BBssn%2BV2Dnk3ZbI5YHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46393f569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/lib/codemirror.js

172.67.144.225

200 OK

262 kB

URL GET HTTP/3
paste.fo/codemirror/lib/codemirror.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2035)
Size
262 kB (262407 bytes)
Hash
9775b8d7cc0bda6b762fcef0f617a5dc
42c642c7a6c070207773fd5ef00310ed4ef8380f
c6f3c3f85b438110a153601b764ec02d90a4899c37e7699e9187c01fe5b96c45

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/lib/codemirror.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=401347
etag: W/"61fc3-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iywUAdA7AD3XzAXfn7rbTFx6BvMhe9xg2FM8ie2alI2DNX2rjZZJaYJacDdosuy5v%2BqmOBlfut0w7A%2FvhfVnVL7Ew7OJzI0bsg77vueJupuwfohwxN%2BVw%2BiULA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c462923569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/xml/xml.js

172.67.144.225

200 OK

9.6 kB

URL GET HTTP/3
paste.fo/codemirror/mode/xml/xml.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9904), with no line terminators
Size
9.6 kB (9611 bytes)
Hash
3ec07361d74afef5a6157560b789479f
34b9c1956f2ad4cd02ff2155615cda04f17bccfc
05c1e29bd73a327db390a83066b86acc99162f86e2ded090cbb70fd84d94e575

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/xml/xml.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=13353
etag: W/"3429-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j7LfRvYsYRcRN1MweuhboUrOS3XDmjkHVNdFLjypSrye1MZXfBp%2BmpPipUlZhuzwyEjK6mnzz5UmMBMIfxXLA76xSim3KP5%2FB88tTNyKGdO1w0CSGGrdyTjPoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c462924569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/cracked.php

172.67.144.225

200 OK

2.0 kB

URL GET HTTP/3
paste.fo/assets/svg/cracked.php
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG XML document
Size
2.0 kB (2002 bytes)
Hash
bb7524461a809115fc163fc850c1022e
f0eaf03f2e761f9b7bbca5bb8be875a3c425d8bb
35d2e5b9b86dc544bd59f2b6187753d8a135bc7feda64a4600eebf204ddb53c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/cracked.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLI4JTmB8gNp%2FRhm1Ymg1YAQgn34UHTgi506%2FGeIzD1J1mVez0a0iBysKd5qKPJFofhEbeC2RmLEKC3ntV3CIcY7CASP3OiSg8BPJtN%2FKtC%2F3l9H2m%2BZYsSbNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c463937569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/svg/discord.php

172.67.144.225

200 OK

1.6 kB

URL GET HTTP/3
paste.fo/assets/svg/discord.php
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (1567), with no line terminators
Size
1.6 kB (1558 bytes)
Hash
f25e187801ad4549ff6d1f7923827d9e
682ad175492f0c7ca063eb8b29df8e5fb92ab3ce
c4c482f2711284ca3fb68e15af960645b841af8880e7e86ea031ca86470c5e22

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/svg/discord.php HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: image/svg+xml
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P0A6a%2F0ZHA7YhnNDp9QooiBJqEmKfqDGyB%2Fk0z7joTLonC43VnaQXFmSE3AJ7pCzSv9qBHXvt9FhQpiRLLl6oRtcnqkd8q6OW97vQxhyJL%2FXwGV0pkiUhChmCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46393e569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/python/python.js

172.67.144.225

200 OK

10 kB

URL GET HTTP/3
paste.fo/codemirror/mode/python/python.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1008)
Size
10 kB (10050 bytes)
Hash
0f85fa739faa6c58233a3576fa0bd324
d9abf35ff26170be2399e4432785ac152ddd711d
08c699cbbadb7aafb466ebb10da8b506cd3af41f400279eafcb7ef95b8d02839

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/python/python.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14926
etag: W/"3a4e-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B14hgWlEBxGitq89pQcMAJKTEmR5LSYHY02uyyU0LS8H64s4uyQPYrS7jGo%2Fqg%2Fi6Nf6NH8xr3hBnu8kE9UQJGJ57kausXYKCEti%2FdE5LiM%2F3SvA35R6mCl4hA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46292b569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

104.16.80.73

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
JavaScript source, ASCII text, with very long lines (19986), with no line terminators
Size
20 kB (19986 bytes)
Hash
dd1d068fdb5fe90b6c05a5b3940e088c
0d96f9df8772633a9df4c81cf323a4ef8998ba59
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

HTTP Headers

GET /beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://paste.fo
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Mon, 15 Apr 2024 22:09:58 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87573c4688d956bb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html

104.18.124.91

200 OK

1.7 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type
HTML document, ASCII text, with very long lines (1768), with no line terminators
Size
1.7 kB (1725 bytes)
Hash
825c2f21a9a22bd9911e6686ced37ded
74f703bdafeabb1aad6a04b073d1745298c111dc
0624e04628b8b0d5f77b594b9ef1408296a1774109a47d7c1ac402e1d2636350

HTTP Headers

GET /captcha/v1/b1c589a/static/hcaptcha.html HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: text/html
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 30 Apr 2024 21:23:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4b6f1cb4fa-OSL
content-encoding: br

paste.fo/assets/js/hyperlink.js

172.67.144.225

200 OK

1.0 kB

URL GET HTTP/3
paste.fo/assets/js/hyperlink.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1107), with no line terminators
Size
1.0 kB (1046 bytes)
Hash
57f9dc10b415891524d8668c91b97120
8c5e819d656b25748485e8380bb50b24bd2a159d
4904079029f843d33043406564cfb3ccae3570f8a1d97f303ef0fa7e07001e5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/hyperlink.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2060
etag: W/"80c-614ce4abce86d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ns%2BVnfXrWQLxJqRGTqxpQc8t6MZEVFEYamCl%2BftqBzIdM1WeJTCtGJNF%2F5x%2FAFGlGWxBJm4j8GofZGVzpXQF9DBPSAvyEcvOvbWBDtATHwvMVnQRhK9HU5AjlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c463935569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/user.css

172.67.144.225

200 OK

5.2 kB

URL GET HTTP/3
paste.fo/assets/css/user.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5248), with no line terminators
Size
5.2 kB (5216 bytes)
Hash
7690e1f323bfc9cd0658b8355ec967ae
f6556ee7ace5044dcc0a5a8db6a4cc2b76dfcec2
2b878eddd32ef75f04d6923d6bc597d06e0f41d6988ef952edd17dfbacc6b849

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/user.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7053
etag: W/"1b8d-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fiFtlbbuZRIEusDJUNVl9Fk95xz5yCfXDCkjby1FDCGNMcS%2BjfqAMjkGu6Ntqn%2FBR0rk0qo9r3273d%2FAXYbgWDYacy6ytIe%2BlNeWhXDKAXT9iyndGJC2u%2F0x0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c4608fc569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/theme/material-palenight.css

172.67.144.225

200 OK

2.5 kB

URL GET HTTP/3
paste.fo/codemirror/theme/material-palenight.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2481), with no line terminators
Size
2.5 kB (2481 bytes)
Hash
3478d0a15c06b2059f72536e171912ee
774e48edd31323ea84723f8ef3eca1791f10d69e
0500595d586e40f69d933d1835fc02b7e4df3ead14a02cabadf13cec0370ab61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/theme/material-palenight.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2969
etag: W/"b99-614ce4aba19b0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZUsCrOLjKgsuwOCbYJis2sQmR800sJBwEH5MoIVI%2FWYhaD58m4RxPOUhmL9ocUTUvRSdzFJ9niQr5Ep%2FjEexhwfTpVoS5EzPaisLybtItQAa37cVGryGvb%2BJA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c462920569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/e632e022341a

172.67.144.225

200 OK

21 kB

URL User Request GET HTTP/2
paste.fo/e632e022341a
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1494), with CRLF, LF line terminators
Size
21 kB (21327 bytes)
Hash
ec362c59be66fb8aad07589fb88211db
0ecbcc3176877efe781dc1685224691077952e0d
0dbe1afce203920433ea853fa8a030d6a244026442c37fe1d2558bd00340e55f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e632e022341a HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb; path=/
token=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
sscore: 0.32191780821918
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3f3Hk9skaCTK0%2FN%2BBjS2LPKQl9hRPG%2BXxrzUaR4FjKEnkSV39vEL2i6a49vMaIhPQ1uYpe%2F2JJzDjGuxEWVdzhCkVuBe6TgTCY1fasQtyuuhIuLCQsc4pBrXig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c43edcfb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

paste.fo/codemirror/mode/javascript/javascript.js

172.67.144.225

200 OK

30 kB

URL GET HTTP/3
paste.fo/codemirror/mode/javascript/javascript.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1412)
Size
30 kB (29876 bytes)
Hash
b5bf8a874f93ad7109c420727888ad47
8d08219bc1257d5537a649cac713ef426158b9a8
4a0ab339997f3729a8eb6a08fca6574408918d1684eaee21760a438bbea82189

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/javascript/javascript.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=38892
etag: W/"97ec-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m88RF6JFy3LELwDj8%2F5G9rMjphf7TlTfYOBD8w6Y5MKdNQvefgHtMj4VvfMNu6%2FqKlnZYGhKoeGaBrn7s%2FUBIGUCbaumn4uCY%2BLYcMZemBd3XuaV1JhF1UhBcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c462925569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/htmlmixed/htmlmixed.js

172.67.144.225

200 OK

4.3 kB

URL GET HTTP/3
paste.fo/codemirror/mode/htmlmixed/htmlmixed.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4466), with no line terminators
Size
4.3 kB (4315 bytes)
Hash
73c369bccf3c673d012a47bedd8b20f9
ae45e0588f3aabb9a119bd6b02f13cdc104c3280
e45f8bf1878c28fd125fa5dfc9ca4cadf247e70f5e5dbef0011fde8c76549b8f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/htmlmixed/htmlmixed.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=5688
etag: W/"1638-614ce4aba4890-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvYJjD%2FwQ2acMTHOP4EgGzRUeZw0lvPgnlLPSnn1Jk6rY%2F%2FMKBEimalBO8lBtDjEksCFp53vUq7a2qRBXgvq01EGKSwxwa%2BNNoG2U02LZ0%2Fe2INoD%2Bks%2Fm9CJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46292f569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js

104.18.124.91

200 OK

387 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=0gyfowjxufdi&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
387 kB (387091 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /captcha/v1/b1c589a/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 30 Apr 2024 21:23:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4c8887b4fa-OSL
content-encoding: br

paste.fo/assets/css/cio.css

172.67.144.225

200 OK

1.2 kB

URL GET HTTP/3
paste.fo/assets/css/cio.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1152), with no line terminators
Size
1.2 kB (1152 bytes)
Hash
6a91b9352b213689c0432bb87eddb2ae
4a9beb1f3a827dee5a03a246a296fac2f3677165
5721962451086a4c469a6d1b1e4cc133f03c3ea0377916a91b45373463855620

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/cio.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1653
etag: W/"675-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qSOXfiYgsjGs8E73OmJd9TB%2BQk%2Bsa9gvW8msxZfoou7roEOYMGdrWaiyXUW4T%2Bu6FJQ8eDlYExK7IdFJjJ06OvDu8kzV%2BO0I847KEphO4S0Rh8k2ntiNw4XEQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c460902569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/@sweetalert2/theme-dark/dark.css

172.67.144.225

200 OK

24 kB

URL GET HTTP/3
paste.fo/node_modules/@sweetalert2/theme-dark/dark.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (24342), with no line terminators
Size
24 kB (24342 bytes)
Hash
80b002261f8a746e3756d6883342252a
c8282deb8dfdcdf89ca54c6d6e34b23bc2beeb22
6b7dfdcc77e85a9db663a990f749d892c774f63254404cf2a72b312a8136bfd1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/@sweetalert2/theme-dark/dark.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=30018
etag: W/"7542-614ce4ab9ead1-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DThEVKsogLTg1Vi06zcuN7DgsP%2FgCmPNItO4HO2Mie15kABfexPQ9lyUsLAu8asSI9u80HJoNZ9J6157SrvQw%2FZ7ckRPb7nD9374wD9jVX9VJTgoHtt6mPMloQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c461905569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js

172.67.144.225

200 OK

7.9 kB

URL GET HTTP/3
paste.fo/cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7887), with no line terminators
Size
7.9 kB (7887 bytes)
Hash
ac911f80f41473fe03398e0873e63805
747b5eb275d6972cd873e7c6838af5b72edbbdc8
4b506718af9b5d9a0168ca405ca465913a31fc4366b138c096195baaefbdbbba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/bcc5fb0a8815/main.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb; _ga_HKXR34F8P3=GS1.1.1713302596.1.0.1713302596.0.0.0; _ga=GA1.1.185787282.1713302596
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvYXB8Bhnvzx3KOia9X7eN8QUQDL2%2F0jot3xDQSvc0BFrpn4rkyADyHpuWR1sfaeqoplnNRaWxATsg%2BPhhehA9UVy46o5IaTyt4xOJjheGCJBadgnDuxiJ7DTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c4c684e569b-OSL
alt-svc: h3=":443"; ma=86400

newassets.hcaptcha.com/c/282d0ff/hsw.js

104.18.124.91

200 OK

528 kB

URL GET HTTP/3
newassets.hcaptcha.com/c/282d0ff/hsw.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=1srbo0z9uby&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
528 kB (527636 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/282d0ff/hsw.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/javascript
etag: W/"f593c8f46e9cb4a93e13a33ec29e7214"
cache-control: public, max-age=3024000
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 21 May 2024 21:23:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4f1bcdb4fa-OSL
content-encoding: br

newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js

104.18.124.91

200 OK

387 kB

URL GET HTTP/3
newassets.hcaptcha.com/captcha/v1/b1c589a/hcaptcha.js
IP
104.18.124.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html#frame=challenge&id=1srbo0z9uby&host=paste.fo&sentry=true&reportapi=https%3A%2F%2Faccounts.hcaptcha.com&recaptchacompat=true&custom=false&hl=en&tplinks=on&pstissuer=https%3A%2F%2Fpst-issuer.hcaptcha.com&sitekey=9c54b617-bd43-4858-a8c9-83ce00be8180&theme=light&origin=https%3A%2F%2Fpaste.fo&size=invisible
Certificate
IssuerLet's Encrypt
Subjecthcaptcha.com
Fingerprint8F:BD:51:60:5C:FC:EA:F0:74:47:AB:AC:1B:84:1A:7E:3C:68:A7:E5
ValidityFri, 15 Mar 2024 00:09:38 GMT - Thu, 13 Jun 2024 00:09:37 GMT

File type

Size
387 kB (387091 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /captcha/v1/b1c589a/hcaptcha.js HTTP/1.1
Host: newassets.hcaptcha.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://newassets.hcaptcha.com/captcha/v1/b1c589a/static/hcaptcha.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:16 GMT
content-type: application/javascript
etag: W/"5a68efa2b964d5c167fde3b130af8e94"
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=86400
vary: Origin, Accept-Encoding
cf-cache-status: HIT
expires: Tue, 30 Apr 2024 21:23:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87573c4c787fb4fa-OSL
content-encoding: br

paste.fo/assets/css/style.css

172.67.144.225

200 OK

11 kB

URL GET HTTP/3
paste.fo/assets/css/style.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (10693), with no line terminators
Size
11 kB (10693 bytes)
Hash
a9579467f8b95bbcdbd6232105e6a253
df9b19ccebf1eca5fe14169881b132813919345d
22877d598e09dd9f8452f52a500181eae909e3f4aaa4d4c49e0b0b18cfbd60da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/style.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=15702
etag: W/"3d56-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h0jYt4BEm1nXsDyaUohSXjjK32d9DRVTV6xd2J%2FYlDGXJii3U2p5Fg9QFnbeBgvIf2Z7UzVHrjxSqZSEod0Q3%2B1IutBJHWvUHnL5yaBeyZ360%2FW%2B46t7AbwR3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c4608fa569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/php/php.js

172.67.144.225

200 OK

16 kB

URL GET HTTP/3
paste.fo/codemirror/mode/php/php.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (10405)
Size
16 kB (15867 bytes)
Hash
435c5cc4f876bcb6369acfccba865995
a65908ec04cd4f6907098d22702320c7f88e725e
1ece120c4b6f866fc0f6a32b7a031709a76d3a192025fdef0931a52953f489cd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/php/php.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=18339
etag: W/"47a3-614ce4aba5830-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k3%2FFlXM5GCpk1b7odHpN%2BEj2Ntn2Vunv36ENUUS5StE7m5eYlVoovJivRz9bbSA%2Bfz0GTRQ%2FJqwDkpc8MXxYmLOXo7K0iRzR67JZTcyP3go7LWztEhjRJffjKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46292a569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js

172.67.144.225

200 OK

43 kB

URL GET HTTP/3
paste.fo/node_modules/sweetalert2/dist/sweetalert2.min.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (42951), with no line terminators
Size
43 kB (42951 bytes)
Hash
f15be88a3c9bf40debcc080b125c7e91
4a636976285768dd43278f43d63ba5779f3f493d
8c80ad67878fb50120f124f112bf665e7804452332970d3279b571b13a26d910

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /node_modules/sweetalert2/dist/sweetalert2.min.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
etag: W/"a7c7-614ce4ab9fa71-gzip"
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HEf%2F29okyGQID8IP5%2F5av%2BHU1n4GzpSvcc1vwXLDS13E%2FpIndfqq6ADX265Azwx5orgnTN6iwZNwRF2p1mEkM9ZAfqMM16aXPtSG0ufCtkvEiczdWT0pokPtqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c46190e569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/codemirror/mode/css/css.js

172.67.144.225

200 OK

33 kB

URL GET HTTP/3
paste.fo/codemirror/mode/css/css.js
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (19025)
Size
33 kB (33376 bytes)
Hash
cbeb7b6de8ada022149bfa4792e625ce
4f4f5c1bc7dfa002df676fa44ecd6d7294ba4c12
dea0ae84464fd019f70399964e19a94d9c27086aadb937e522e7a7862080132f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /codemirror/mode/css/css.js HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=40492
etag: W/"9e2c-614ce4aba67d0-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pb2qS2mBArxhdjRfcmL4GhqFiighNF40o5yCJqc7Dk2BawezR5qMyEz4WPBNCXVzMb%2FSQ%2BdByUGijTPWebiYMmNFi5GKdnPVR1mxJ0qwJS8RFMzOPavrq3Zlow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c462927569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

paste.fo/assets/css/responsive.css

172.67.144.225

200 OK

4.6 kB

URL GET HTTP/3
paste.fo/assets/css/responsive.css
IP
172.67.144.225:443
ASN
#13335 CLOUDFLARENET

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerCloudflare, Inc.
Subjectpaste.fo
Fingerprint45:4F:E3:CB:01:43:C2:8B:CA:E1:64:B0:D4:A7:73:8A:C0:79:E2:22
ValidityWed, 17 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4570), with no line terminators
Size
4.6 kB (4570 bytes)
Hash
85e024d58588895496ff6e65f47a0484
ff6cb78df5ee61dffa425ace5283407ee562e4af
fd51897bd68e6bdf326bfb11b3580be32da026ab50c5e494677b202f93822877

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/responsive.css HTTP/1.1
Host: paste.fo
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/e632e022341a
Cookie: PHPSESSID=vp4q1vo9tsgpmp130e1hjk6tfb
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 21:23:15 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=7512
etag: W/"1d58-614ce4abcf80d-gzip"
last-modified: Fri, 29 Mar 2024 15:28:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 730
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lij8YevX7KvmiqGMmM2iBk1RfXdMlUBhc2mkDsO6Ph8Ng%2B2zbELA9buypvsdVEEt3Qr98m7O6W50CbMjqzjCEQcvB6vA6GF9pIqp1e3dbB90xpWOt2t5xqwY0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87573c460900569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

142.250.74.74

200 OK

40 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://paste.fo/e632e022341a
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text
Size
40 kB (40360 bytes)
Hash
fb9a01c247c59daca77d5e373217b0b1
df072c2f05f7e6884df927cf8b4d2144937b8cbe
f6ce0c3fb43d72007637cf61a13dc4c6a0cb1111d2f457dc1386008f83fe13c3

HTTP Headers

GET /css2?family=Source+Code+Pro:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://paste.fo/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 21:23:15 GMT
date: Tue, 16 Apr 2024 21:23:15 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL